From dddfea6a63b3e546f386937788e7b0aaeb90c5b1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 10:36:02 +0100
Subject: [PATCH 001/238] API - init Webfinger endpoint for federation with
 ActivityPub (wip)

---
 .gitlab-ci.yml                                |   1 +
 fittrackee/__init__.py                        |   7 +
 fittrackee/config.py                          |   4 +-
 fittrackee/federation/__init__.py             |   0
 fittrackee/federation/federation.py           |  24 +++
 fittrackee/federation/models.py               |  88 +++++++++++
 fittrackee/federation/utils.py                |  44 ++++++
 fittrackee/federation/webfinger.py            |  46 ++++++
 .../23_8842c351a2d8_init_federation.py        |  50 +++++++
 fittrackee/tests/conftest.py                  |   1 +
 fittrackee/tests/federation/__init__.py       |   0
 .../federation/test_federation_federation.py  |  39 +++++
 .../federation/test_federation_models.py      |  71 +++++++++
 .../federation/test_federation_webfinger.py   | 118 +++++++++++++++
 .../tests/fixtures/fixtures_federation.py     |  13 ++
 poetry.lock                                   | 140 ++++++++++++------
 pyproject.toml                                |   1 +
 17 files changed, 599 insertions(+), 48 deletions(-)
 create mode 100644 fittrackee/federation/__init__.py
 create mode 100644 fittrackee/federation/federation.py
 create mode 100644 fittrackee/federation/models.py
 create mode 100644 fittrackee/federation/utils.py
 create mode 100644 fittrackee/federation/webfinger.py
 create mode 100644 fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
 create mode 100644 fittrackee/tests/federation/__init__.py
 create mode 100644 fittrackee/tests/federation/test_federation_federation.py
 create mode 100644 fittrackee/tests/federation/test_federation_models.py
 create mode 100644 fittrackee/tests/federation/test_federation_webfinger.py
 create mode 100644 fittrackee/tests/fixtures/fixtures_federation.py

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 884434da6..1ceca4421 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,6 +10,7 @@ variables:
   EMAIL_URL: smtp://none:none@0.0.0.0:1025
   FLASK_APP: fittrackee/__main__.py
   SENDER_EMAIL: fittrackee@example.com
+  UI_URL: https://0.0.0.0:5000
 
 services:
   - name: postgres:latest
diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index b5f6492f3..c83f3a448 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -86,6 +86,13 @@ def create_app() -> Flask:
     app.register_blueprint(users_blueprint, url_prefix='/api')
     app.register_blueprint(workouts_blueprint, url_prefix='/api')
 
+    # ActivityPub federation
+    from .federation.federation import ap_federation_blueprint  # noqa
+    from .federation.webfinger import ap_webfinger_blueprint  # noqa
+
+    app.register_blueprint(ap_federation_blueprint, url_prefix='/federation')
+    app.register_blueprint(ap_webfinger_blueprint)
+
     if app.debug:
         logging.getLogger('sqlalchemy').setLevel(logging.WARNING)
         logging.getLogger('sqlalchemy').handlers = logging.getLogger(
diff --git a/fittrackee/config.py b/fittrackee/config.py
index 668411b72..c1c7fd66f 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -27,7 +27,7 @@ class BaseConfig:
     PICTURE_ALLOWED_EXTENSIONS = {'jpg', 'png', 'gif'}
     WORKOUT_ALLOWED_EXTENSIONS = {'gpx', 'zip'}
     TEMPLATES_FOLDER = os.path.join(current_app.root_path, 'emails/templates')
-    UI_URL = os.environ.get('UI_URL')
+    UI_URL = os.environ['UI_URL']
     EMAIL_URL = os.environ.get('EMAIL_URL')
     SENDER_EMAIL = os.environ.get('SENDER_EMAIL')
     DRAMATIQ_BROKER = broker
@@ -46,6 +46,8 @@ class BaseConfig:
             os.environ.get('DEFAULT_STATICMAP', 'False') == 'True'
         ),
     }
+    # ActivityPub
+    AP_DOMAIN = UI_URL.replace('https://', '')
 
 
 class DevelopmentConfig(BaseConfig):
diff --git a/fittrackee/federation/__init__.py b/fittrackee/federation/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
new file mode 100644
index 000000000..a6241ded2
--- /dev/null
+++ b/fittrackee/federation/federation.py
@@ -0,0 +1,24 @@
+from flask import Blueprint, current_app
+
+from fittrackee.responses import HttpResponse, UserNotFoundErrorResponse
+
+from .models import Actor
+
+ap_federation_blueprint = Blueprint('ap_federation', __name__)
+
+
+@ap_federation_blueprint.route(
+    '/user/<string:preferred_username>', methods=['GET']
+)
+def get_actor(preferred_username: str) -> HttpResponse:
+    actor = Actor.query.filter_by(
+        preferred_username=preferred_username,
+        domain=current_app.config['AP_DOMAIN'],
+    ).first()
+    if not actor:
+        return UserNotFoundErrorResponse()
+
+    return HttpResponse(
+        response=actor.serialize(),
+        content_type='application/jrd+json; charset=utf-8',
+    )
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
new file mode 100644
index 000000000..170e3984c
--- /dev/null
+++ b/fittrackee/federation/models.py
@@ -0,0 +1,88 @@
+from datetime import datetime
+from typing import Dict, Optional
+
+from flask import current_app
+from sqlalchemy.ext.declarative import DeclarativeMeta
+from sqlalchemy.types import Enum
+
+from fittrackee import db
+from fittrackee.users.models import User
+
+from .utils import ACTOR_TYPES, AP_CTX, generate_keys, get_ap_url
+
+BaseModel: DeclarativeMeta = db.Model
+
+
+class Actor(BaseModel):
+    """ActivityPub Actor"""
+
+    __tablename__ = 'actors'
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    ap_id = db.Column(db.String(255), unique=True, nullable=False)
+    user_id = db.Column(
+        db.Integer, db.ForeignKey('users.id'), unique=True, nullable=False
+    )
+    type = db.Column(
+        Enum(*ACTOR_TYPES, name='actor_types'), server_default='Person'
+    )
+    domain = db.Column(db.String(1000), nullable=False)
+    name = db.Column(db.String(255), nullable=False)
+    preferred_username = db.Column(db.String(255), nullable=False)
+    public_key = db.Column(db.String(5000), nullable=True)
+    private_key = db.Column(db.String(5000), nullable=True)
+    inbox_url = db.Column(db.String(255), nullable=False)
+    outbox_url = db.Column(db.String(255), nullable=False)
+    followers_url = db.Column(db.String(255), nullable=False)
+    following_url = db.Column(db.String(255), nullable=False)
+    shared_inbox_url = db.Column(db.String(255), nullable=False)
+    is_remote = db.Column(db.Boolean, default=False, nullable=False)
+    created_at = db.Column(db.DateTime, nullable=False)
+    manually_approves_followers = db.Column(
+        db.Boolean, default=True, nullable=False
+    )
+    last_fetch_date = db.Column(db.DateTime, nullable=True)
+
+    def __str__(self) -> str:
+        return f'<Actor \'{self.name}\'>'
+
+    def __init__(
+        self,
+        user: User,
+        created_at: Optional[datetime] = datetime.utcnow(),
+        is_remote: Optional[bool] = False,
+    ) -> None:
+        self.ap_id = get_ap_url(user.username, 'user_url')
+        self.created_at = created_at
+        self.domain = f"{current_app.config['AP_DOMAIN']}"
+        self.followers_url = get_ap_url(user.username, 'followers')
+        self.following_url = get_ap_url(user.username, 'following')
+        self.inbox_url = get_ap_url(user.username, 'inbox')
+        self.is_remote = is_remote
+        self.name = user.username
+        self.outbox_url = get_ap_url(user.username, 'outbox')
+        self.preferred_username = user.username
+        self.shared_inbox_url = get_ap_url(user.username, 'shared_inbox')
+        self.user_id = user.id
+
+    def generate_keys(self) -> None:
+        self.public_key, self.private_key = generate_keys()
+
+    def serialize(self) -> Dict:
+        return {
+            '@context': AP_CTX,
+            'id': self.ap_id,
+            'type': self.type,
+            'preferredUsername': self.preferred_username,
+            'name': self.name,
+            'inbox': self.inbox_url,
+            'outbox': self.outbox_url,
+            'followers': self.followers_url,
+            'following': self.following_url,
+            'manuallyApprovesFollowers': self.manually_approves_followers,
+            'publicKey': {
+                'id': f'{self.ap_id}#main-key',
+                'owner': self.ap_id,
+                'publicKeyPem': self.public_key,
+            },
+            'endpoints': {'sharedInbox': self.shared_inbox_url},
+        }
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
new file mode 100644
index 000000000..673302d7d
--- /dev/null
+++ b/fittrackee/federation/utils.py
@@ -0,0 +1,44 @@
+from typing import Tuple
+
+from Crypto.PublicKey import RSA
+from flask import current_app
+
+ACTOR_TYPES = ['Application', 'Group', 'Person']
+
+AP_CTX = [
+    'https://www.w3.org/ns/activitystreams',
+    'https://w3id.org/security/v1',
+]
+
+
+def generate_keys() -> Tuple[str, str]:
+    """
+    Generate a new RSA key pair and return public and private keys as string
+    """
+    key_pair = RSA.generate(2048)
+    private_key = key_pair.exportKey('PEM').decode('utf-8')
+    public_key = key_pair.publickey().exportKey('PEM').decode('utf-8')
+    return public_key, private_key
+
+
+def get_ap_url(username: str, url_type: str) -> str:
+    """
+    Return ActivityPub URLs.
+
+    Supported URL types:
+    - 'user_url'
+    - 'inbox'
+    - 'outbox'
+    - 'following'
+    - 'followers'
+    - 'shared_inbox'
+    """
+    ap_url = f"{current_app.config['AP_DOMAIN']}/federation/"
+    ap_url_user = f'{ap_url}user/{username}'
+    if url_type == 'user_url':
+        return ap_url_user
+    if url_type in ['inbox', 'outbox', 'following', 'followers']:
+        return f'{ap_url_user}/{url_type}'
+    if url_type == 'shared_inbox':
+        return f'{ap_url}inbox'
+    raise Exception('Invalid \'url_type\'.')
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
new file mode 100644
index 000000000..789ba547e
--- /dev/null
+++ b/fittrackee/federation/webfinger.py
@@ -0,0 +1,46 @@
+from flask import Blueprint, current_app, request
+
+from fittrackee.responses import (
+    HttpResponse,
+    InvalidPayloadErrorResponse,
+    UserNotFoundErrorResponse,
+)
+
+from .models import Actor
+
+ap_webfinger_blueprint = Blueprint('ap_webfinger', __name__)
+
+
+@ap_webfinger_blueprint.route('/.well-known/webfinger', methods=['GET'])
+def webfinger() -> HttpResponse:
+    resource = request.args.get('resource')
+    if not resource or not resource.startswith('acct:'):
+        return InvalidPayloadErrorResponse('Missing resource in request args.')
+
+    try:
+        preferred_username, domain = resource.replace('acct:', '').split('@')
+    except ValueError:
+        return InvalidPayloadErrorResponse('Invalid resource.')
+
+    if domain != current_app.config['AP_DOMAIN']:
+        return UserNotFoundErrorResponse()
+
+    actor = Actor.query.filter_by(
+        preferred_username=preferred_username, domain=domain
+    ).first()
+    if not actor:
+        return UserNotFoundErrorResponse()
+
+    response = {
+        'subject': f'acct:{actor.preferred_username}@{actor.domain}',
+        'links': [
+            {
+                'href': actor.ap_id,
+                'rel': 'self',
+                'type': 'application/activity+json',
+            }
+        ],
+    }
+    return HttpResponse(
+        response=response, content_type='application/jrd+json; charset=utf-8'
+    )
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
new file mode 100644
index 000000000..f1a350822
--- /dev/null
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -0,0 +1,50 @@
+"""init federation with ActivityPub Actor
+
+Revision ID: 8842c351a2d8
+Revises: 4e8597c50064
+Create Date: 2021-01-10 16:02:43.811023
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '8842c351a2d8'
+down_revision = 'e30007d681cb'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('actors',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('ap_id', sa.String(length=255), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=False),
+    sa.Column('type', sa.Enum('Application', 'Group', 'Person', name='actor_types'), server_default='Person', nullable=True),
+    sa.Column('domain', sa.String(length=1000), nullable=False),
+    sa.Column('name', sa.String(length=255), nullable=False),
+    sa.Column('preferred_username', sa.String(length=255), nullable=False),
+    sa.Column('public_key', sa.String(length=5000), nullable=True),
+    sa.Column('private_key', sa.String(length=5000), nullable=True),
+    sa.Column('inbox_url', sa.String(length=255), nullable=False),
+    sa.Column('outbox_url', sa.String(length=255), nullable=False),
+    sa.Column('followers_url', sa.String(length=255), nullable=False),
+    sa.Column('following_url', sa.String(length=255), nullable=False),
+    sa.Column('shared_inbox_url', sa.String(length=255), nullable=False),
+    sa.Column('is_remote', sa.Boolean(), nullable=False),
+    sa.Column('created_at', sa.DateTime(), nullable=False),
+    sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
+    sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('ap_id'),
+    sa.UniqueConstraint('user_id')
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    op.drop_table('actors')
+    op.execute('DROP TYPE actor_types')
diff --git a/fittrackee/tests/conftest.py b/fittrackee/tests/conftest.py
index 46b610fd0..98230d445 100644
--- a/fittrackee/tests/conftest.py
+++ b/fittrackee/tests/conftest.py
@@ -7,6 +7,7 @@
 
 pytest_plugins = [
     'fittrackee.tests.fixtures.fixtures_app',
+    'fittrackee.tests.fixtures.fixtures_federation',
     'fittrackee.tests.fixtures.fixtures_workouts',
     'fittrackee.tests.fixtures.fixtures_users',
 ]
diff --git a/fittrackee/tests/federation/__init__.py b/fittrackee/tests/federation/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/federation/test_federation_federation.py b/fittrackee/tests/federation/test_federation_federation.py
new file mode 100644
index 000000000..72a1554d2
--- /dev/null
+++ b/fittrackee/tests/federation/test_federation_federation.py
@@ -0,0 +1,39 @@
+import json
+from uuid import uuid4
+
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+
+
+class TestFederationUser:
+    def test_it_returns_404_if_user_does_not_exist(self, app: Flask) -> None:
+        client = app.test_client()
+        response = client.get(
+            f'/federation/user/{uuid4().hex}',
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    def test_it_returns_json_resource_descriptor_as_content_type(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}',
+        )
+
+        assert response.status_code == 200
+        assert response.content_type == 'application/jrd+json; charset=utf-8'
+
+    def test_it_returns_actor(self, app: Flask, actor_1: Actor) -> None:
+        client = app.test_client()
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}',
+        )
+
+        data = json.loads(response.data.decode())
+        assert data == actor_1.serialize()
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
new file mode 100644
index 000000000..c1ee08e51
--- /dev/null
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -0,0 +1,71 @@
+from uuid import uuid4
+
+import pytest
+from Crypto.Hash import SHA256
+from Crypto.PublicKey import RSA
+from Crypto.Signature import pkcs1_15
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+from fittrackee.federation.utils import AP_CTX, get_ap_url
+
+
+class TestGetApUrl:
+    def test_it_raises_error_if_url_type_is_invalid(self, app: Flask) -> None:
+        with pytest.raises(Exception, match="Invalid 'url_type'."):
+            get_ap_url(username=uuid4().hex, url_type='url')
+
+
+class TestActivityPubActorModel:
+    def test_actor_model(self, app: Flask, actor_1: Actor) -> None:
+        assert '<Actor \'test\'>' == str(actor_1)
+
+        serialized_apactor = actor_1.serialize()
+        ap_url = app.config['AP_DOMAIN']
+        assert serialized_apactor['@context'] == AP_CTX
+        assert serialized_apactor['id'] == actor_1.ap_id
+        assert serialized_apactor['type'] == 'Person'
+        assert (
+            serialized_apactor['preferredUsername']
+            == actor_1.preferred_username
+        )
+        assert serialized_apactor['name'] == actor_1.name
+        assert (
+            serialized_apactor['inbox']
+            == f'{ap_url}/federation/user/{actor_1.name}/inbox'
+        )
+        assert (
+            serialized_apactor['inbox']
+            == f'{ap_url}/federation/user/{actor_1.name}/inbox'
+        )
+        assert (
+            serialized_apactor['outbox']
+            == f'{ap_url}/federation/user/{actor_1.name}/outbox'
+        )
+        assert (
+            serialized_apactor['followers']
+            == f'{ap_url}/federation/user/{actor_1.name}/followers'
+        )
+        assert (
+            serialized_apactor['following']
+            == f'{ap_url}/federation/user/{actor_1.name}/following'
+        )
+        assert serialized_apactor['manuallyApprovesFollowers'] is True
+        assert (
+            serialized_apactor['publicKey']['id']
+            == f'{actor_1.ap_id}#main-key'
+        )
+        assert serialized_apactor['publicKey']['owner'] == actor_1.ap_id
+        assert 'publicKeyPem' in serialized_apactor['publicKey']
+        assert (
+            serialized_apactor['endpoints']['sharedInbox']
+            == f'{ap_url}/federation/inbox'
+        )
+
+    def test_generated_key_is_valid(self, app: Flask, actor_1: Actor) -> None:
+        actor_1.generate_keys()
+
+        signer = pkcs1_15.new(RSA.import_key(actor_1.private_key))
+        hashed_message = SHA256.new('test message'.encode())
+        # it raises ValueError if signature is invalid
+        signer.verify(hashed_message, signer.sign(hashed_message))
diff --git a/fittrackee/tests/federation/test_federation_webfinger.py b/fittrackee/tests/federation/test_federation_webfinger.py
new file mode 100644
index 000000000..e9247092a
--- /dev/null
+++ b/fittrackee/tests/federation/test_federation_webfinger.py
@@ -0,0 +1,118 @@
+import json
+from uuid import uuid4
+
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+
+
+class TestWebfinger:
+    def test_it_returns_400_if_resource_is_missing(self, app: Flask) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Missing resource in request args.' in data['message']
+
+    def test_it_returns_400_if_account_is_missing(self, app: Flask) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger?resource=test@example.com',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Missing resource in request args.' in data['message']
+
+    def test_it_returns_400_if_argument_is_invalid(self, app: Flask) -> None:
+        client = app.test_client()
+        response = client.get(
+            f'/.well-known/webfinger?resource=acct:{uuid4().hex}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Invalid resource.' in data['message']
+
+    def test_it_returns_404_if_user_does_not_exist(self, app: Flask) -> None:
+        domain = app.config['AP_DOMAIN']
+        client = app.test_client()
+        response = client.get(
+            f'/.well-known/webfinger?resource=acct:{uuid4().hex}@{domain}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    def test_it_returns_404_if_domain_is_not_instance_domain(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger?resource=acct:'
+            f'{actor_1.preferred_username}@{uuid4().hex}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    def test_it_returns_json_resource_descriptor_as_content_type(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger?resource=acct:'
+            f'{actor_1.preferred_username}@{actor_1.domain}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        assert response.content_type == 'application/jrd+json; charset=utf-8'
+
+    def test_it_returns_subject_with_user_data(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger?resource=acct:'
+            f'{actor_1.preferred_username}@{actor_1.domain}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert (
+            f'acct:{actor_1.preferred_username}@{actor_1.domain}'
+            in data['subject']
+        )
+
+    def test_it_returns_user_links(self, app: Flask, actor_1: Actor) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger?resource=acct:'
+            f'{actor_1.preferred_username}@{actor_1.domain}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['links'][0] == {
+            'href': actor_1.ap_id,
+            'rel': 'self',
+            'type': 'application/activity+json',
+        }
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
new file mode 100644
index 000000000..e81b63493
--- /dev/null
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -0,0 +1,13 @@
+import pytest
+
+from fittrackee import db
+from fittrackee.federation.models import Actor
+from fittrackee.users.models import User
+
+
+@pytest.fixture()
+def actor_1(user_1: User) -> Actor:
+    actor = Actor(user=user_1)
+    db.session.add(actor)
+    db.session.commit()
+    return actor
diff --git a/poetry.lock b/poetry.lock
index 7385103b4..457112ce8 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -135,7 +135,7 @@ unicode_backport = ["unicodedata2"]
 
 [[package]]
 name = "click"
-version = "8.0.3"
+version = "8.0.4"
 description = "Composable command line interface toolkit"
 category = "main"
 optional = false
@@ -461,11 +461,11 @@ plugins = ["setuptools"]
 
 [[package]]
 name = "itsdangerous"
-version = "2.0.1"
+version = "2.1.0"
 description = "Safely pass data to untrusted environments and back."
 category = "main"
 optional = false
-python-versions = ">=3.6"
+python-versions = ">=3.7"
 
 [[package]]
 name = "jinja2"
@@ -498,11 +498,11 @@ lingua = ["lingua"]
 
 [[package]]
 name = "markupsafe"
-version = "2.0.1"
+version = "2.1.0"
 description = "Safely add untrusted strings to HTML/XML markup."
 category = "main"
 optional = false
-python-versions = ">=3.6"
+python-versions = ">=3.7"
 
 [[package]]
 name = "mccabe"
@@ -578,7 +578,7 @@ python-versions = ">=3.7"
 
 [[package]]
 name = "platformdirs"
-version = "2.5.0"
+version = "2.5.1"
 description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"."
 category = "dev"
 optional = false
@@ -646,6 +646,14 @@ category = "main"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
 
+[[package]]
+name = "pycryptodome"
+version = "3.14.1"
+description = "Cryptographic library for Python"
+category = "main"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+
 [[package]]
 name = "pyflakes"
 version = "2.3.1"
@@ -1350,7 +1358,7 @@ testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-
 [metadata]
 lock-version = "1.1"
 python-versions = "^3.7"
-content-hash = "42616189ff19a6e3c7c397a44a7622d6b97ca263924860f15cf0bc781e36e40d"
+content-hash = "3deeac6cf2fdf242cdae9b9d53f14bdf867057bc339ba35f1074172f8ee38f11"
 
 [metadata.files]
 alabaster = [
@@ -1472,8 +1480,8 @@ charset-normalizer = [
     {file = "charset_normalizer-2.0.12-py3-none-any.whl", hash = "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"},
 ]
 click = [
-    {file = "click-8.0.3-py3-none-any.whl", hash = "sha256:353f466495adaeb40b6b5f592f9f91cb22372351c84caeb068132442a4518ef3"},
-    {file = "click-8.0.3.tar.gz", hash = "sha256:410e932b050f5eed773c4cda94de75971c89cdb3155a72a0831139a79e5ecb5b"},
+    {file = "click-8.0.4-py3-none-any.whl", hash = "sha256:6a7a62563bbfabfda3a38f3023a1db4a35978c0abd76f6c9605ecd6554d6d9b1"},
+    {file = "click-8.0.4.tar.gz", hash = "sha256:8458d7b1287c5fb128c90e23381cf99dcde74beaf6c7ff6384ce84d6fe090adb"},
 ]
 colorama = [
     {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"},
@@ -1678,8 +1686,8 @@ isort = [
     {file = "isort-5.10.1.tar.gz", hash = "sha256:e8443a5e7a020e9d7f97f1d7d9cd17c88bcb3bc7e218bf9cf5095fe550be2951"},
 ]
 itsdangerous = [
-    {file = "itsdangerous-2.0.1-py3-none-any.whl", hash = "sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c"},
-    {file = "itsdangerous-2.0.1.tar.gz", hash = "sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0"},
+    {file = "itsdangerous-2.1.0-py3-none-any.whl", hash = "sha256:29285842166554469a56d427addc0843914172343784cb909695fdbe90a3e129"},
+    {file = "itsdangerous-2.1.0.tar.gz", hash = "sha256:d848fcb8bc7d507c4546b448574e8a44fc4ea2ba84ebf8d783290d53e81992f5"},
 ]
 jinja2 = [
     {file = "Jinja2-3.0.3-py3-none-any.whl", hash = "sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8"},
@@ -1690,40 +1698,46 @@ mako = [
     {file = "Mako-1.1.6.tar.gz", hash = "sha256:4e9e345a41924a954251b95b4b28e14a301145b544901332e658907a7464b6b2"},
 ]
 markupsafe = [
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-win32.whl", hash = "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d"},
-    {file = "MarkupSafe-2.0.1-cp36-cp36m-win_amd64.whl", hash = "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-win32.whl", hash = "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415"},
-    {file = "MarkupSafe-2.0.1-cp37-cp37m-win_amd64.whl", hash = "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-win32.whl", hash = "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64"},
-    {file = "MarkupSafe-2.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-manylinux1_i686.whl", hash = "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-win32.whl", hash = "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74"},
-    {file = "MarkupSafe-2.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8"},
-    {file = "MarkupSafe-2.0.1.tar.gz", hash = "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:3028252424c72b2602a323f70fbf50aa80a5d3aa616ea6add4ba21ae9cc9da4c"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:290b02bab3c9e216da57c1d11d2ba73a9f73a614bbdcc027d299a60cdfabb11a"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6e104c0c2b4cd765b4e83909cde7ec61a1e313f8a75775897db321450e928cce"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:24c3be29abb6b34052fd26fc7a8e0a49b1ee9d282e3665e8ad09a0a68faee5b3"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:204730fd5fe2fe3b1e9ccadb2bd18ba8712b111dcabce185af0b3b5285a7c989"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:d3b64c65328cb4cd252c94f83e66e3d7acf8891e60ebf588d7b493a55a1dbf26"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:96de1932237abe0a13ba68b63e94113678c379dca45afa040a17b6e1ad7ed076"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:75bb36f134883fdbe13d8e63b8675f5f12b80bb6627f7714c7d6c5becf22719f"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-win32.whl", hash = "sha256:4056f752015dfa9828dce3140dbadd543b555afb3252507348c493def166d454"},
+    {file = "MarkupSafe-2.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:d4e702eea4a2903441f2735799d217f4ac1b55f7d8ad96ab7d4e25417cb0827c"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:f0eddfcabd6936558ec020130f932d479930581171368fd728efcfb6ef0dd357"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5ddea4c352a488b5e1069069f2f501006b1a4362cb906bee9a193ef1245a7a61"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:09c86c9643cceb1d87ca08cdc30160d1b7ab49a8a21564868921959bd16441b8"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a0a0abef2ca47b33fb615b491ce31b055ef2430de52c5b3fb19a4042dbc5cadb"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:736895a020e31b428b3382a7887bfea96102c529530299f426bf2e636aacec9e"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:679cbb78914ab212c49c67ba2c7396dc599a8479de51b9a87b174700abd9ea49"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:84ad5e29bf8bab3ad70fd707d3c05524862bddc54dc040982b0dbcff36481de7"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-win32.whl", hash = "sha256:8da5924cb1f9064589767b0f3fc39d03e3d0fb5aa29e0cb21d43106519bd624a"},
+    {file = "MarkupSafe-2.1.0-cp37-cp37m-win_amd64.whl", hash = "sha256:454ffc1cbb75227d15667c09f164a0099159da0c1f3d2636aa648f12675491ad"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:142119fb14a1ef6d758912b25c4e803c3ff66920635c44078666fe7cc3f8f759"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b2a5a856019d2833c56a3dcac1b80fe795c95f401818ea963594b345929dffa7"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1d1fb9b2eec3c9714dd936860850300b51dbaa37404209c8d4cb66547884b7ed"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:62c0285e91414f5c8f621a17b69fc0088394ccdaa961ef469e833dbff64bd5ea"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fc3150f85e2dbcf99e65238c842d1cfe69d3e7649b19864c1cc043213d9cd730"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:f02cf7221d5cd915d7fa58ab64f7ee6dd0f6cddbb48683debf5d04ae9b1c2cc1"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:d5653619b3eb5cbd35bfba3c12d575db2a74d15e0e1c08bf1db788069d410ce8"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:7d2f5d97fcbd004c03df8d8fe2b973fe2b14e7bfeb2cfa012eaa8759ce9a762f"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-win32.whl", hash = "sha256:3cace1837bc84e63b3fd2dfce37f08f8c18aeb81ef5cf6bb9b51f625cb4e6cd8"},
+    {file = "MarkupSafe-2.1.0-cp38-cp38-win_amd64.whl", hash = "sha256:fabbe18087c3d33c5824cb145ffca52eccd053061df1d79d4b66dafa5ad2a5ea"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:023af8c54fe63530545f70dd2a2a7eed18d07a9a77b94e8bf1e2ff7f252db9a3"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d66624f04de4af8bbf1c7f21cc06649c1c69a7f84109179add573ce35e46d448"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c532d5ab79be0199fa2658e24a02fce8542df196e60665dd322409a03db6a52c"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e67ec74fada3841b8c5f4c4f197bea916025cb9aa3fe5abf7d52b655d042f956"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:30c653fde75a6e5eb814d2a0a89378f83d1d3f502ab710904ee585c38888816c"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:961eb86e5be7d0973789f30ebcf6caab60b844203f4396ece27310295a6082c7"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:598b65d74615c021423bd45c2bc5e9b59539c875a9bdb7e5f2a6b92dfcfc268d"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:599941da468f2cf22bf90a84f6e2a65524e87be2fce844f96f2dd9a6c9d1e635"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-win32.whl", hash = "sha256:e6f7f3f41faffaea6596da86ecc2389672fa949bd035251eab26dc6697451d05"},
+    {file = "MarkupSafe-2.1.0-cp39-cp39-win_amd64.whl", hash = "sha256:b8811d48078d1cf2a6863dafb896e68406c5f513048451cd2ded0473133473c7"},
+    {file = "MarkupSafe-2.1.0.tar.gz", hash = "sha256:80beaf63ddfbc64a0452b841d8036ca0611e049650e20afcb882f5d3c266d65f"},
 ]
 mccabe = [
     {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"},
@@ -1805,8 +1819,8 @@ pillow = [
     {file = "Pillow-9.0.1.tar.gz", hash = "sha256:6c8bc8238a7dfdaf7a75f5ec5a663f4173f8c367e5a39f87e720495e1eed75fa"},
 ]
 platformdirs = [
-    {file = "platformdirs-2.5.0-py3-none-any.whl", hash = "sha256:30671902352e97b1eafd74ade8e4a694782bd3471685e78c32d0fdfd3aa7e7bb"},
-    {file = "platformdirs-2.5.0.tar.gz", hash = "sha256:8ec11dfba28ecc0715eb5fb0147a87b1bf325f349f3da9aab2cd6b50b96b692b"},
+    {file = "platformdirs-2.5.1-py3-none-any.whl", hash = "sha256:bcae7cab893c2d310a711b70b24efb93334febe65f8de776ee320b517471e227"},
+    {file = "platformdirs-2.5.1.tar.gz", hash = "sha256:7535e70dfa32e84d4b34996ea99c5e432fa29a708d0f4e394bbcb2a8faa4f16d"},
 ]
 pluggy = [
     {file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"},
@@ -1886,6 +1900,38 @@ pycparser = [
     {file = "pycparser-2.21-py2.py3-none-any.whl", hash = "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9"},
     {file = "pycparser-2.21.tar.gz", hash = "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"},
 ]
+pycryptodome = [
+    {file = "pycryptodome-3.14.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:75a3a364fee153e77ed889c957f6f94ec6d234b82e7195b117180dcc9fc16f96"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:aae395f79fa549fb1f6e3dc85cf277f0351e15a22e6547250056c7f0c990d6a5"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:f403a3e297a59d94121cb3ee4b1cf41f844332940a62d71f9e4a009cc3533493"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:ce7a875694cd6ccd8682017a7c06c6483600f151d8916f2b25cf7a439e600263"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:a36ab51674b014ba03da7f98b675fcb8eabd709a2d8e18219f784aba2db73b72"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-manylinux2014_aarch64.whl", hash = "sha256:50a5346af703330944bea503106cd50c9c2212174cfcb9939db4deb5305a8367"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-win32.whl", hash = "sha256:36e3242c4792e54ed906c53f5d840712793dc68b726ec6baefd8d978c5282d30"},
+    {file = "pycryptodome-3.14.1-cp27-cp27m-win_amd64.whl", hash = "sha256:c880a98376939165b7dc504559f60abe234b99e294523a273847f9e7756f4132"},
+    {file = "pycryptodome-3.14.1-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:dcd65355acba9a1d0fc9b923875da35ed50506e339b35436277703d7ace3e222"},
+    {file = "pycryptodome-3.14.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:766a8e9832128c70012e0c2b263049506cbf334fb21ff7224e2704102b6ef59e"},
+    {file = "pycryptodome-3.14.1-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:2562de213960693b6d657098505fd4493c45f3429304da67efcbeb61f0edfe89"},
+    {file = "pycryptodome-3.14.1-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:d1b7739b68a032ad14c5e51f7e4e1a5f92f3628bba024a2bda1f30c481fc85d8"},
+    {file = "pycryptodome-3.14.1-cp27-cp27mu-manylinux2014_aarch64.whl", hash = "sha256:27e92c1293afcb8d2639baf7eb43f4baada86e4de0f1fb22312bfc989b95dae2"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:f2772af1c3ef8025c85335f8b828d0193fa1e43256621f613280e2c81bfad423"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-manylinux1_i686.whl", hash = "sha256:9ec761a35dbac4a99dcbc5cd557e6e57432ddf3e17af8c3c86b44af9da0189c0"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-manylinux1_x86_64.whl", hash = "sha256:e64738207a02a83590df35f59d708bf1e7ea0d6adce712a777be2967e5f7043c"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-manylinux2010_i686.whl", hash = "sha256:e24d4ec4b029611359566c52f31af45c5aecde7ef90bf8f31620fd44c438efe7"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-manylinux2010_x86_64.whl", hash = "sha256:8b5c28058102e2974b9868d72ae5144128485d466ba8739abd674b77971454cc"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-manylinux2014_aarch64.whl", hash = "sha256:924b6aad5386fb54f2645f22658cb0398b1f25bc1e714a6d1522c75d527deaa5"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-win32.whl", hash = "sha256:53dedbd2a6a0b02924718b520a723e88bcf22e37076191eb9b91b79934fb2192"},
+    {file = "pycryptodome-3.14.1-cp35-abi3-win_amd64.whl", hash = "sha256:ea56a35fd0d13121417d39a83f291017551fa2c62d6daa6b04af6ece7ed30d84"},
+    {file = "pycryptodome-3.14.1-pp27-pypy_73-macosx_10_9_x86_64.whl", hash = "sha256:028dcbf62d128b4335b61c9fbb7dd8c376594db607ef36d5721ee659719935d5"},
+    {file = "pycryptodome-3.14.1-pp27-pypy_73-manylinux1_x86_64.whl", hash = "sha256:69f05aaa90c99ac2f2af72d8d7f185f729721ad7c4be89e9e3d0ab101b0ee875"},
+    {file = "pycryptodome-3.14.1-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:12ef157eb1e01a157ca43eda275fa68f8db0dd2792bc4fe00479ab8f0e6ae075"},
+    {file = "pycryptodome-3.14.1-pp27-pypy_73-win32.whl", hash = "sha256:f572a3ff7b6029dd9b904d6be4e0ce9e309dcb847b03e3ac8698d9d23bb36525"},
+    {file = "pycryptodome-3.14.1-pp36-pypy36_pp73-macosx_10_9_x86_64.whl", hash = "sha256:9924248d6920b59c260adcae3ee231cd5af404ac706ad30aa4cd87051bf09c50"},
+    {file = "pycryptodome-3.14.1-pp36-pypy36_pp73-manylinux1_x86_64.whl", hash = "sha256:e0c04c41e9ade19fbc0eff6aacea40b831bfcb2c91c266137bcdfd0d7b2f33ba"},
+    {file = "pycryptodome-3.14.1-pp36-pypy36_pp73-manylinux2010_x86_64.whl", hash = "sha256:893f32210de74b9f8ac869ed66c97d04e7d351182d6d39ebd3b36d3db8bda65d"},
+    {file = "pycryptodome-3.14.1-pp36-pypy36_pp73-win32.whl", hash = "sha256:7fb90a5000cc9c9ff34b4d99f7f039e9c3477700e309ff234eafca7b7471afc0"},
+    {file = "pycryptodome-3.14.1.tar.gz", hash = "sha256:e04e40a7f8c1669195536a37979dd87da2c32dbdc73d6fe35f0077b0c17c803b"},
+]
 pyflakes = [
     {file = "pyflakes-2.3.1-py2.py3-none-any.whl", hash = "sha256:7893783d01b8a89811dd72d7dfd4d84ff098e5eed95cfa8905b22bbffe52efc3"},
     {file = "pyflakes-2.3.1.tar.gz", hash = "sha256:f5bc8ecabc05bb9d291eb5203d6810b49040f6ff446a756326104746cc00c1db"},
diff --git a/pyproject.toml b/pyproject.toml
index f46df6f64..9f7a0c72a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -40,6 +40,7 @@ shortuuid = "^1.0.8"
 staticmap = "^0.5.4"
 SQLAlchemy = "1.4.31"
 pyOpenSSL = "^22.0"
+pycryptodome = "^3.14.1"
 
 [tool.poetry.dev-dependencies]
 black = "^22.1"

From f7cfa54d2d06cfc24aaf0d5fcc23c37c404f9d3b Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 10:38:52 +0100
Subject: [PATCH 002/238] API - add application config option to enable
 federation w/ ActivityPub

---
 fittrackee/__init__.py                        | 15 ++++-
 fittrackee/application/app_config.py          |  2 +
 fittrackee/application/models.py              |  2 +
 fittrackee/application/utils.py               |  1 +
 fittrackee/federation/federation.py           |  2 +
 fittrackee/federation/utils.py                | 15 ++++-
 fittrackee/federation/webfinger.py            |  2 +
 .../23_8842c351a2d8_init_federation.py        | 57 ++++++++++-------
 .../tests/application/test_app_config_api.py  |  2 +
 .../application/test_app_config_model.py      |  1 +
 .../federation/test_federation_federation.py  | 32 ++++++++--
 .../federation/test_federation_webfinger.py   | 62 ++++++++++++++-----
 fittrackee/tests/fixtures/fixtures_app.py     | 10 +++
 13 files changed, 152 insertions(+), 51 deletions(-)

diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index c83f3a448..af47885fb 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -1,5 +1,6 @@
 import logging
 import os
+import re
 import shutil
 from importlib import import_module, reload
 from typing import Any
@@ -15,6 +16,7 @@
 from flask_dramatiq import Dramatiq
 from flask_migrate import Migrate
 from flask_sqlalchemy import SQLAlchemy
+from sqlalchemy.exc import ProgrammingError
 
 from fittrackee.emails.email import EmailService
 
@@ -66,9 +68,16 @@ def create_app() -> Flask:
     with app.app_context():
         # Note: check if "app_config" table exist to avoid errors when
         # dropping tables on dev environments
-        if db.engine.dialect.has_table(db.engine.connect(), 'app_config'):
-            db_app_config = get_or_init_config()
-            update_app_config_from_database(app, db_app_config)
+        try:
+            if db.engine.dialect.has_table(db.engine.connect(), 'app_config'):
+                db_app_config = get_or_init_config()
+                update_app_config_from_database(app, db_app_config)
+        except ProgrammingError as e:
+            # avoid error on AppConfig migration
+            if re.match(
+                r'psycopg2.errors.UndefinedColumn(.*)app_config.', str(e)
+            ):
+                pass
 
     from .application.app_config import config_blueprint  # noqa
     from .users.auth import auth_blueprint  # noqa
diff --git a/fittrackee/application/app_config.py b/fittrackee/application/app_config.py
index b3c91a846..b11529e16 100644
--- a/fittrackee/application/app_config.py
+++ b/fittrackee/application/app_config.py
@@ -123,6 +123,8 @@ def update_application_config(auth_user: User) -> Union[Dict, HttpResponse]:
 
     try:
         config = AppConfig.query.one()
+        if 'federation_enabled' in config_data:
+            config.federation_enabled = config_data.get('federation_enabled')
         if 'gpx_limit_import' in config_data:
             config.gpx_limit_import = config_data.get('gpx_limit_import')
         if 'max_single_file_size' in config_data:
diff --git a/fittrackee/application/models.py b/fittrackee/application/models.py
index c4d2cea87..0a0a0a51d 100644
--- a/fittrackee/application/models.py
+++ b/fittrackee/application/models.py
@@ -23,6 +23,7 @@ class AppConfig(BaseModel):
         db.Integer, default=1048576, nullable=False
     )
     max_zip_file_size = db.Column(db.Integer, default=10485760, nullable=False)
+    federation_enabled = db.Column(db.Boolean, default=False, nullable=False)
 
     @property
     def is_registration_enabled(self) -> bool:
@@ -43,6 +44,7 @@ def map_attribution(self) -> str:
 
     def serialize(self) -> Dict:
         return {
+            'federation_enabled': self.federation_enabled,
             'gpx_limit_import': self.gpx_limit_import,
             'is_registration_enabled': self.is_registration_enabled,
             'max_single_file_size': self.max_single_file_size,
diff --git a/fittrackee/application/utils.py b/fittrackee/application/utils.py
index eb8183fc2..a03b66712 100644
--- a/fittrackee/application/utils.py
+++ b/fittrackee/application/utils.py
@@ -28,6 +28,7 @@ def get_or_init_config() -> AppConfig:
 def update_app_config_from_database(
     current_app: Flask, db_config: AppConfig
 ) -> None:
+    current_app.config['federation_enabled'] = db_config.federation_enabled
     current_app.config['gpx_limit_import'] = db_config.gpx_limit_import
     current_app.config['max_single_file_size'] = db_config.max_single_file_size
     current_app.config['MAX_CONTENT_LENGTH'] = db_config.max_zip_file_size
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index a6241ded2..87b4756ed 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -3,6 +3,7 @@
 from fittrackee.responses import HttpResponse, UserNotFoundErrorResponse
 
 from .models import Actor
+from .utils import federation_required
 
 ap_federation_blueprint = Blueprint('ap_federation', __name__)
 
@@ -10,6 +11,7 @@
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>', methods=['GET']
 )
+@federation_required
 def get_actor(preferred_username: str) -> HttpResponse:
     actor = Actor.query.filter_by(
         preferred_username=preferred_username,
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 673302d7d..71717c5c1 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,8 +1,11 @@
-from typing import Tuple
+from functools import wraps
+from typing import Any, Callable, Tuple
 
 from Crypto.PublicKey import RSA
 from flask import current_app
 
+from fittrackee.responses import InternalServerErrorResponse
+
 ACTOR_TYPES = ['Application', 'Group', 'Person']
 
 AP_CTX = [
@@ -42,3 +45,13 @@ def get_ap_url(username: str, url_type: str) -> str:
     if url_type == 'shared_inbox':
         return f'{ap_url}inbox'
     raise Exception('Invalid \'url_type\'.')
+
+
+def federation_required(f: Callable) -> Callable:
+    @wraps(f)
+    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
+        if not current_app.config['federation_enabled']:
+            return InternalServerErrorResponse()
+        return f(*args, **kwargs)
+
+    return decorated_function
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index 789ba547e..d66d4b49f 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -7,11 +7,13 @@
 )
 
 from .models import Actor
+from .utils import federation_required
 
 ap_webfinger_blueprint = Blueprint('ap_webfinger', __name__)
 
 
 @ap_webfinger_blueprint.route('/.well-known/webfinger', methods=['GET'])
+@federation_required
 def webfinger() -> HttpResponse:
     resource = request.args.get('resource')
     if not resource or not resource.startswith('acct:'):
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index f1a350822..9dd217e2e 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -17,34 +17,43 @@
 
 
 def upgrade():
-    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column(
+        'app_config',
+        sa.Column(
+            'federation_enabled', sa.Boolean(), nullable=True, default=False
+        ),
+    )
+    op.execute('UPDATE app_config SET federation_enabled = true')
+    op.alter_column('app_config', 'federation_enabled', nullable=False)
+
     op.create_table('actors',
-    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
-    sa.Column('ap_id', sa.String(length=255), nullable=False),
-    sa.Column('user_id', sa.Integer(), nullable=False),
-    sa.Column('type', sa.Enum('Application', 'Group', 'Person', name='actor_types'), server_default='Person', nullable=True),
-    sa.Column('domain', sa.String(length=1000), nullable=False),
-    sa.Column('name', sa.String(length=255), nullable=False),
-    sa.Column('preferred_username', sa.String(length=255), nullable=False),
-    sa.Column('public_key', sa.String(length=5000), nullable=True),
-    sa.Column('private_key', sa.String(length=5000), nullable=True),
-    sa.Column('inbox_url', sa.String(length=255), nullable=False),
-    sa.Column('outbox_url', sa.String(length=255), nullable=False),
-    sa.Column('followers_url', sa.String(length=255), nullable=False),
-    sa.Column('following_url', sa.String(length=255), nullable=False),
-    sa.Column('shared_inbox_url', sa.String(length=255), nullable=False),
-    sa.Column('is_remote', sa.Boolean(), nullable=False),
-    sa.Column('created_at', sa.DateTime(), nullable=False),
-    sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
-    sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
-    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
-    sa.PrimaryKeyConstraint('id'),
-    sa.UniqueConstraint('ap_id'),
-    sa.UniqueConstraint('user_id')
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('ap_id', sa.String(length=255), nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('type', sa.Enum('Application', 'Group', 'Person', name='actor_types'), server_default='Person', nullable=True),
+        sa.Column('domain', sa.String(length=1000), nullable=False),
+        sa.Column('name', sa.String(length=255), nullable=False),
+        sa.Column('preferred_username', sa.String(length=255), nullable=False),
+        sa.Column('public_key', sa.String(length=5000), nullable=True),
+        sa.Column('private_key', sa.String(length=5000), nullable=True),
+        sa.Column('inbox_url', sa.String(length=255), nullable=False),
+        sa.Column('outbox_url', sa.String(length=255), nullable=False),
+        sa.Column('followers_url', sa.String(length=255), nullable=False),
+        sa.Column('following_url', sa.String(length=255), nullable=False),
+        sa.Column('shared_inbox_url', sa.String(length=255), nullable=False),
+        sa.Column('is_remote', sa.Boolean(), nullable=False),
+        sa.Column('created_at', sa.DateTime(), nullable=False),
+        sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
+        sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('ap_id'),
+        sa.UniqueConstraint('user_id')
     )
-    # ### end Alembic commands ###
 
 
 def downgrade():
     op.drop_table('actors')
     op.execute('DROP TYPE actor_types')
+
+    op.drop_column('app_config', 'federation_enabled')
diff --git a/fittrackee/tests/application/test_app_config_api.py b/fittrackee/tests/application/test_app_config_api.py
index c17dac1c3..75dccb2cf 100644
--- a/fittrackee/tests/application/test_app_config_api.py
+++ b/fittrackee/tests/application/test_app_config_api.py
@@ -106,6 +106,7 @@ def test_it_updates_all_config(
             content_type='application/json',
             data=json.dumps(
                 dict(
+                    federation_enabled=True,
                     gpx_limit_import=20,
                     max_single_file_size=10000,
                     max_zip_file_size=25000,
@@ -118,6 +119,7 @@ def test_it_updates_all_config(
         data = json.loads(response.data.decode())
         assert response.status_code == 200
         assert 'success' in data['status']
+        assert data['data']['federation_enabled'] is True
         assert data['data']['gpx_limit_import'] == 20
         assert data['data']['is_registration_enabled'] is True
         assert data['data']['max_single_file_size'] == 10000
diff --git a/fittrackee/tests/application/test_app_config_model.py b/fittrackee/tests/application/test_app_config_model.py
index efc59efad..b713c42e1 100644
--- a/fittrackee/tests/application/test_app_config_model.py
+++ b/fittrackee/tests/application/test_app_config_model.py
@@ -9,6 +9,7 @@ def test_application_config(self, app: Flask) -> None:
         assert 1 == app_config.id
 
         serialized_app_config = app_config.serialize()
+        assert serialized_app_config['federation_enabled'] is False
         assert serialized_app_config['gpx_limit_import'] == 10
         assert serialized_app_config['is_registration_enabled'] is True
         assert serialized_app_config['max_single_file_size'] == 1048576
diff --git a/fittrackee/tests/federation/test_federation_federation.py b/fittrackee/tests/federation/test_federation_federation.py
index 72a1554d2..ddd4a1015 100644
--- a/fittrackee/tests/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/test_federation_federation.py
@@ -7,8 +7,10 @@
 
 
 class TestFederationUser:
-    def test_it_returns_404_if_user_does_not_exist(self, app: Flask) -> None:
-        client = app.test_client()
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
         response = client.get(
             f'/federation/user/{uuid4().hex}',
         )
@@ -19,9 +21,9 @@ def test_it_returns_404_if_user_does_not_exist(self, app: Flask) -> None:
         assert 'user does not exist' in data['message']
 
     def test_it_returns_json_resource_descriptor_as_content_type(
-        self, app: Flask, actor_1: Actor
+        self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        client = app.test_client()
+        client = app_with_federation.test_client()
         response = client.get(
             f'/federation/user/{actor_1.preferred_username}',
         )
@@ -29,11 +31,29 @@ def test_it_returns_json_resource_descriptor_as_content_type(
         assert response.status_code == 200
         assert response.content_type == 'application/jrd+json; charset=utf-8'
 
-    def test_it_returns_actor(self, app: Flask, actor_1: Actor) -> None:
-        client = app.test_client()
+    def test_it_returns_actor(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
         response = client.get(
             f'/federation/user/{actor_1.preferred_username}',
         )
 
         data = json.loads(response.data.decode())
         assert data == actor_1.serialize()
+
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}',
+        )
+
+        assert response.status_code == 500
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, please try again or contact the administrator'
+            in data['message']
+        )
diff --git a/fittrackee/tests/federation/test_federation_webfinger.py b/fittrackee/tests/federation/test_federation_webfinger.py
index e9247092a..7d39d3ad3 100644
--- a/fittrackee/tests/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/test_federation_webfinger.py
@@ -7,8 +7,10 @@
 
 
 class TestWebfinger:
-    def test_it_returns_400_if_resource_is_missing(self, app: Flask) -> None:
-        client = app.test_client()
+    def test_it_returns_400_if_resource_is_missing(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger',
             content_type='application/json',
@@ -19,8 +21,10 @@ def test_it_returns_400_if_resource_is_missing(self, app: Flask) -> None:
         assert 'error' in data['status']
         assert 'Missing resource in request args.' in data['message']
 
-    def test_it_returns_400_if_account_is_missing(self, app: Flask) -> None:
-        client = app.test_client()
+    def test_it_returns_400_if_account_is_missing(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=test@example.com',
             content_type='application/json',
@@ -31,8 +35,10 @@ def test_it_returns_400_if_account_is_missing(self, app: Flask) -> None:
         assert 'error' in data['status']
         assert 'Missing resource in request args.' in data['message']
 
-    def test_it_returns_400_if_argument_is_invalid(self, app: Flask) -> None:
-        client = app.test_client()
+    def test_it_returns_400_if_argument_is_invalid(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
         response = client.get(
             f'/.well-known/webfinger?resource=acct:{uuid4().hex}',
             content_type='application/json',
@@ -43,9 +49,11 @@ def test_it_returns_400_if_argument_is_invalid(self, app: Flask) -> None:
         assert 'error' in data['status']
         assert 'Invalid resource.' in data['message']
 
-    def test_it_returns_404_if_user_does_not_exist(self, app: Flask) -> None:
-        domain = app.config['AP_DOMAIN']
-        client = app.test_client()
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app_with_federation: Flask
+    ) -> None:
+        domain = app_with_federation.config['AP_DOMAIN']
+        client = app_with_federation.test_client()
         response = client.get(
             f'/.well-known/webfinger?resource=acct:{uuid4().hex}@{domain}',
             content_type='application/json',
@@ -57,9 +65,9 @@ def test_it_returns_404_if_user_does_not_exist(self, app: Flask) -> None:
         assert 'user does not exist' in data['message']
 
     def test_it_returns_404_if_domain_is_not_instance_domain(
-        self, app: Flask, actor_1: Actor
+        self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        client = app.test_client()
+        client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
             f'{actor_1.preferred_username}@{uuid4().hex}',
@@ -72,9 +80,9 @@ def test_it_returns_404_if_domain_is_not_instance_domain(
         assert 'user does not exist' in data['message']
 
     def test_it_returns_json_resource_descriptor_as_content_type(
-        self, app: Flask, actor_1: Actor
+        self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        client = app.test_client()
+        client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
             f'{actor_1.preferred_username}@{actor_1.domain}',
@@ -85,9 +93,9 @@ def test_it_returns_json_resource_descriptor_as_content_type(
         assert response.content_type == 'application/jrd+json; charset=utf-8'
 
     def test_it_returns_subject_with_user_data(
-        self, app: Flask, actor_1: Actor
+        self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        client = app.test_client()
+        client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
             f'{actor_1.preferred_username}@{actor_1.domain}',
@@ -101,8 +109,10 @@ def test_it_returns_subject_with_user_data(
             in data['subject']
         )
 
-    def test_it_returns_user_links(self, app: Flask, actor_1: Actor) -> None:
-        client = app.test_client()
+    def test_it_returns_user_links(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
             f'{actor_1.preferred_username}@{actor_1.domain}',
@@ -116,3 +126,21 @@ def test_it_returns_user_links(self, app: Flask, actor_1: Actor) -> None:
             'rel': 'self',
             'type': 'application/activity+json',
         }
+
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/webfinger?resource=acct:'
+            f'{actor_1.preferred_username}@{actor_1.domain}',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 500
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, please try again or contact the administrator'
+            in data['message']
+        )
diff --git a/fittrackee/tests/fixtures/fixtures_app.py b/fittrackee/tests/fixtures/fixtures_app.py
index e4195d5d4..c4a21f9e7 100644
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@@ -14,9 +14,11 @@ def get_app_config(
     max_single_file_size: Optional[Union[int, float]] = None,
     max_zip_file_size: Optional[Union[int, float]] = None,
     max_users: Optional[int] = None,
+    with_federation: Optional[bool] = False,
 ) -> Optional[AppConfig]:
     if with_config:
         config = AppConfig()
+        config.federation_enabled = with_federation
         config.gpx_limit_import = 10 if max_workouts is None else max_workouts
         config.max_single_file_size = (
             (1 if max_single_file_size is None else max_single_file_size)
@@ -41,6 +43,7 @@ def get_app(
     max_single_file_size: Optional[Union[int, float]] = None,
     max_zip_file_size: Optional[Union[int, float]] = None,
     max_users: Optional[int] = None,
+    with_federation: Optional[bool] = False,
 ) -> Generator:
     app = create_app()
     with app.app_context():
@@ -52,6 +55,7 @@ def get_app(
                 max_single_file_size,
                 max_zip_file_size,
                 max_users,
+                with_federation,
             )
             if app_db_config:
                 update_app_config_from_database(app, app_db_config)
@@ -151,9 +155,15 @@ def app_wo_domain() -> Generator:
     yield from get_app(with_config=True)
 
 
+@pytest.fixture
+def app_with_federation() -> Generator:
+    yield from get_app(with_config=True, with_federation=True)
+
+
 @pytest.fixture()
 def app_config() -> AppConfig:
     config = AppConfig()
+    config.federation_enabled = False
     config.gpx_limit_import = 10
     config.max_single_file_size = 1048576
     config.max_zip_file_size = 10485760

From 37382b1a363a3c9e3a9d72020e96ed82a2bf37cd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 10:49:19 +0100
Subject: [PATCH 003/238] API - update error message on disabled federation

---
 fittrackee/federation/utils.py                            | 4 ++--
 fittrackee/responses.py                                   | 8 +++++++-
 fittrackee/tests/federation/test_federation_federation.py | 4 ++--
 fittrackee/tests/federation/test_federation_webfinger.py  | 4 ++--
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 71717c5c1..1de407edb 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -4,7 +4,7 @@
 from Crypto.PublicKey import RSA
 from flask import current_app
 
-from fittrackee.responses import InternalServerErrorResponse
+from fittrackee.responses import DisabledFederationErrorResponse
 
 ACTOR_TYPES = ['Application', 'Group', 'Person']
 
@@ -51,7 +51,7 @@ def federation_required(f: Callable) -> Callable:
     @wraps(f)
     def decorated_function(*args: Any, **kwargs: Any) -> Callable:
         if not current_app.config['federation_enabled']:
-            return InternalServerErrorResponse()
+            return DisabledFederationErrorResponse()
         return f(*args, **kwargs)
 
     return decorated_function
diff --git a/fittrackee/responses.py b/fittrackee/responses.py
index 165b8ca0a..bf0e8f1c6 100644
--- a/fittrackee/responses.py
+++ b/fittrackee/responses.py
@@ -124,7 +124,7 @@ def __init__(
 class InternalServerErrorResponse(GenericErrorResponse):
     def __init__(
         self, message: Optional[str] = None, status: Optional[str] = None
-    ):
+    ) -> None:
         message = (
             'error, please try again or contact the administrator'
             if message is None
@@ -133,6 +133,12 @@ def __init__(
         super().__init__(status_code=500, message=message, status=status)
 
 
+class DisabledFederationErrorResponse(ForbiddenErrorResponse):
+    def __init__(self) -> None:
+        message = 'error, federation is disabled for this instance'
+        super().__init__(message=message)
+
+
 def handle_error_and_return_response(
     error: Exception,
     message: Optional[str] = None,
diff --git a/fittrackee/tests/federation/test_federation_federation.py b/fittrackee/tests/federation/test_federation_federation.py
index ddd4a1015..f86986f93 100644
--- a/fittrackee/tests/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/test_federation_federation.py
@@ -50,10 +50,10 @@ def test_it_returns_error_if_federation_is_disabled(
             f'/federation/user/{actor_1.preferred_username}',
         )
 
-        assert response.status_code == 500
+        assert response.status_code == 403
         data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert (
-            'error, please try again or contact the administrator'
+            'error, federation is disabled for this instance'
             in data['message']
         )
diff --git a/fittrackee/tests/federation/test_federation_webfinger.py b/fittrackee/tests/federation/test_federation_webfinger.py
index 7d39d3ad3..f1d1126dc 100644
--- a/fittrackee/tests/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/test_federation_webfinger.py
@@ -137,10 +137,10 @@ def test_it_returns_error_if_federation_is_disabled(
             content_type='application/json',
         )
 
-        assert response.status_code == 500
+        assert response.status_code == 403
         data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert (
-            'error, please try again or contact the administrator'
+            'error, federation is disabled for this instance'
             in data['message']
         )

From 6201c853423485bced901582157da21ace17d6d5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:07:14 +0100
Subject: [PATCH 004/238] API - init nodeinfo endpoints for federation with
 ActivityPub (wip)

---
 fittrackee/__init__.py                        |  4 +-
 fittrackee/config.py                          |  3 +
 fittrackee/federation/nodeinfo.py             | 50 +++++++++++
 fittrackee/federation/webfinger.py            |  2 +-
 fittrackee/tests/application/test_config.py   | 17 ++++
 .../federation/test_federation_nodeinfo.py    | 88 +++++++++++++++++++
 6 files changed, 162 insertions(+), 2 deletions(-)
 create mode 100644 fittrackee/federation/nodeinfo.py
 create mode 100644 fittrackee/tests/federation/test_federation_nodeinfo.py

diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index af47885fb..1ad9cea60 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -97,10 +97,12 @@ def create_app() -> Flask:
 
     # ActivityPub federation
     from .federation.federation import ap_federation_blueprint  # noqa
+    from .federation.nodeinfo import ap_nodeinfo_blueprint  # noqa
     from .federation.webfinger import ap_webfinger_blueprint  # noqa
 
     app.register_blueprint(ap_federation_blueprint, url_prefix='/federation')
-    app.register_blueprint(ap_webfinger_blueprint)
+    app.register_blueprint(ap_nodeinfo_blueprint)
+    app.register_blueprint(ap_webfinger_blueprint, url_prefix='/.well-known')
 
     if app.debug:
         logging.getLogger('sqlalchemy').setLevel(logging.WARNING)
diff --git a/fittrackee/config.py b/fittrackee/config.py
index c1c7fd66f..ccc9d9137 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -5,6 +5,8 @@
 from flask import current_app
 from sqlalchemy.pool import NullPool
 
+from fittrackee import VERSION
+
 if os.getenv('APP_SETTINGS') == 'fittrackee.config.TestingConfig':
     broker = StubBroker
 else:
@@ -46,6 +48,7 @@ class BaseConfig:
             os.environ.get('DEFAULT_STATICMAP', 'False') == 'True'
         ),
     }
+    VERSION = VERSION
     # ActivityPub
     AP_DOMAIN = UI_URL.replace('https://', '')
 
diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
new file mode 100644
index 000000000..6ed69392e
--- /dev/null
+++ b/fittrackee/federation/nodeinfo.py
@@ -0,0 +1,50 @@
+from flask import Blueprint, current_app
+
+from fittrackee.responses import HttpResponse
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Workout
+
+from .utils import federation_required
+
+ap_nodeinfo_blueprint = Blueprint('ap_nodeinfo', __name__)
+
+
+@ap_nodeinfo_blueprint.route('/.well-known/nodeinfo', methods=['GET'])
+@federation_required
+def get_nodeinfo_url() -> HttpResponse:
+    nodeinfo_url = f'https://{current_app.config["AP_DOMAIN"]}/nodeinfo/2.0'
+    response = {
+        'links': [
+            {
+                'rel': 'http://nodeinfo.diaspora.software/ns/schema/2.0',
+                'href': nodeinfo_url,
+            }
+        ]
+    }
+    return HttpResponse(
+        response=response, content_type='application/json; charset=utf-8'
+    )
+
+
+@ap_nodeinfo_blueprint.route('/nodeinfo/2.0', methods=['GET'])
+@federation_required
+def get_nodeinfo() -> HttpResponse:
+    # TODO : add 'activeHalfyear' and 'activeMonth' for users
+    workouts_count = Workout.query.filter().count()
+    users_count = User.query.filter().count()
+    response = {
+        'version': '2.0',
+        'software': {
+            'name': 'fittrackee',
+            'version': current_app.config['VERSION'],
+        },
+        'protocols': ['activitypub'],
+        'usage': {
+            'users': {'total': users_count},
+            'localWorkouts': workouts_count,
+        },
+        'openRegistrations': current_app.config['is_registration_enabled'],
+    }
+    return HttpResponse(
+        response=response, content_type='application/json; charset=utf-8'
+    )
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index d66d4b49f..0998c836d 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -12,7 +12,7 @@
 ap_webfinger_blueprint = Blueprint('ap_webfinger', __name__)
 
 
-@ap_webfinger_blueprint.route('/.well-known/webfinger', methods=['GET'])
+@ap_webfinger_blueprint.route('/webfinger', methods=['GET'])
 @federation_required
 def webfinger() -> HttpResponse:
     resource = request.args.get('resource')
diff --git a/fittrackee/tests/application/test_config.py b/fittrackee/tests/application/test_config.py
index 7e43967d4..341bff75a 100644
--- a/fittrackee/tests/application/test_config.py
+++ b/fittrackee/tests/application/test_config.py
@@ -2,6 +2,8 @@
 
 from flask import Flask
 
+from fittrackee import VERSION
+
 
 class TestDevelopmentConfig:
     def test_debug_is_enabled(self, app: Flask) -> None:
@@ -23,6 +25,11 @@ def test_sqlalchemy_is_configured_to_use_dev_database(
             'DATABASE_URL'
         )
 
+    def test_it_returns_application_version(self, app: Flask) -> None:
+        app.config.from_object('fittrackee.config.DevelopmentConfig')
+
+        assert app.config['VERSION'] == VERSION
+
 
 class TestTestingConfig:
     def test_debug_is_enabled(self, app: Flask) -> None:
@@ -51,6 +58,11 @@ def test_it_does_not_preserve_context_on_exception(
 
         assert not app.config['PRESERVE_CONTEXT_ON_EXCEPTION']
 
+    def test_it_returns_application_version(self, app: Flask) -> None:
+        app.config.from_object('fittrackee.config.TestingConfig')
+
+        assert app.config['VERSION'] == VERSION
+
 
 class TestProductionConfig:
     def test_debug_is_disabled(self, app: Flask) -> None:
@@ -78,3 +90,8 @@ def test_it_does_not_preserve_context_on_exception(
         app.config.from_object('fittrackee.config.ProductionConfig')
 
         assert not app.config['PRESERVE_CONTEXT_ON_EXCEPTION']
+
+    def test_it_returns_application_version(self, app: Flask) -> None:
+        app.config.from_object('fittrackee.config.ProductionConfig')
+
+        assert app.config['VERSION'] == VERSION
diff --git a/fittrackee/tests/federation/test_federation_nodeinfo.py b/fittrackee/tests/federation/test_federation_nodeinfo.py
new file mode 100644
index 000000000..94021af2a
--- /dev/null
+++ b/fittrackee/tests/federation/test_federation_nodeinfo.py
@@ -0,0 +1,88 @@
+import json
+
+from flask import Flask
+
+from fittrackee import VERSION
+from fittrackee.federation.models import Actor
+
+
+class TestWellKnowNodeInfo:
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/.well-known/nodeinfo',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, federation is disabled for this instance'
+            in data['message']
+        )
+
+    def test_it_returns_instance_nodeinfo_url_if_federation_is_enabled(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+        response = client.get(
+            '/.well-known/nodeinfo',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        nodeinfo_url = (
+            f'https://{app_with_federation.config["AP_DOMAIN"]}/nodeinfo/2.0'
+        )
+        assert data == {
+            'links': [
+                {
+                    'rel': 'http://nodeinfo.diaspora.software/ns/schema/2.0',
+                    'href': nodeinfo_url,
+                }
+            ]
+        }
+
+
+class TestNodeInfo:
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask, actor_1: Actor
+    ) -> None:
+        client = app.test_client()
+        response = client.get(
+            '/nodeinfo/2.0',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, federation is disabled for this instance'
+            in data['message']
+        )
+
+    def test_it_returns_instance_nodeinfo_if_federation_is_enabled(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        client = app_with_federation.test_client()
+        response = client.get(
+            '/nodeinfo/2.0',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            'version': '2.0',
+            'software': {'name': 'fittrackee', 'version': VERSION},
+            'protocols': ['activitypub'],
+            'usage': {'users': {'total': 1}, 'localWorkouts': 0},
+            'openRegistrations': True,
+        }

From 093141a6eabf5015af3db3f993e58d3888a54289 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:24:18 +0100
Subject: [PATCH 005/238] API - move instances domains in dedicated table

---
 fittrackee/federation/decorators.py           | 28 ++++++
 fittrackee/federation/federation.py           | 10 +--
 fittrackee/federation/models.py               | 50 +++++++++--
 fittrackee/federation/nodeinfo.py             |  9 +-
 fittrackee/federation/utils.py                | 15 +---
 fittrackee/federation/webfinger.py            | 10 +--
 .../23_8842c351a2d8_init_federation.py        | 17 +++-
 .../federation/test_federation_federation.py  |  4 +-
 .../federation/test_federation_models.py      | 89 ++++++++++++++-----
 .../federation/test_federation_nodeinfo.py    | 20 ++++-
 .../federation/test_federation_webfinger.py   | 12 +--
 fittrackee/tests/fixtures/fixtures_app.py     | 10 ++-
 .../tests/fixtures/fixtures_federation.py     | 19 +++-
 13 files changed, 221 insertions(+), 72 deletions(-)
 create mode 100644 fittrackee/federation/decorators.py

diff --git a/fittrackee/federation/decorators.py b/fittrackee/federation/decorators.py
new file mode 100644
index 000000000..ca2a3ca91
--- /dev/null
+++ b/fittrackee/federation/decorators.py
@@ -0,0 +1,28 @@
+from functools import wraps
+from typing import Any, Callable
+
+from flask import current_app
+
+from fittrackee import appLog
+from fittrackee.responses import (
+    DisabledFederationErrorResponse,
+    InternalServerErrorResponse,
+)
+
+from .models import Domain
+
+
+def federation_required(f: Callable) -> Callable:
+    @wraps(f)
+    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
+        if not current_app.config['federation_enabled']:
+            return DisabledFederationErrorResponse()
+        app_domain = Domain.query.filter_by(
+            name=current_app.config['AP_DOMAIN']
+        ).first()
+        if not app_domain:
+            appLog.error('Local domain does not exist.')
+            return InternalServerErrorResponse()
+        return f(app_domain, *args, **kwargs)
+
+    return decorated_function
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 87b4756ed..4de1de76b 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -1,9 +1,9 @@
-from flask import Blueprint, current_app
+from flask import Blueprint
 
 from fittrackee.responses import HttpResponse, UserNotFoundErrorResponse
 
-from .models import Actor
-from .utils import federation_required
+from .decorators import federation_required
+from .models import Actor, Domain
 
 ap_federation_blueprint = Blueprint('ap_federation', __name__)
 
@@ -12,10 +12,10 @@
     '/user/<string:preferred_username>', methods=['GET']
 )
 @federation_required
-def get_actor(preferred_username: str) -> HttpResponse:
+def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
     actor = Actor.query.filter_by(
         preferred_username=preferred_username,
-        domain=current_app.config['AP_DOMAIN'],
+        domain_id=app_domain.id,
     ).first()
     if not actor:
         return UserNotFoundErrorResponse()
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 170e3984c..b6ec9638a 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -13,6 +13,40 @@
 BaseModel: DeclarativeMeta = db.Model
 
 
+class Domain(BaseModel):
+    """ActivityPub Domain"""
+
+    __tablename__ = 'domains'
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    name = db.Column(db.String(1000), unique=True, nullable=False)
+    created_at = db.Column(db.DateTime, nullable=False)
+    is_allowed = db.Column(db.Boolean, default=True, nullable=False)
+
+    actors = db.relationship('Actor', back_populates='domain')
+
+    def __str__(self) -> str:
+        return f'<Domain \'{self.name}\'>'
+
+    def __init__(
+        self, name: str, created_at: Optional[datetime] = datetime.utcnow()
+    ) -> None:
+        self.name = name
+        self.created_at = created_at
+
+    @property
+    def is_remote(self) -> bool:
+        return self.name != current_app.config['AP_DOMAIN']
+
+    def serialize(self) -> Dict:
+        return {
+            'id': self.id,
+            'name': self.name,
+            'created_at': self.created_at,
+            'is_remote': self.is_remote,
+            'is_allowed': self.is_allowed,
+        }
+
+
 class Actor(BaseModel):
     """ActivityPub Actor"""
 
@@ -22,10 +56,12 @@ class Actor(BaseModel):
     user_id = db.Column(
         db.Integer, db.ForeignKey('users.id'), unique=True, nullable=False
     )
+    domain_id = db.Column(
+        db.Integer, db.ForeignKey('domains.id'), nullable=False
+    )
     type = db.Column(
         Enum(*ACTOR_TYPES, name='actor_types'), server_default='Person'
     )
-    domain = db.Column(db.String(1000), nullable=False)
     name = db.Column(db.String(255), nullable=False)
     preferred_username = db.Column(db.String(255), nullable=False)
     public_key = db.Column(db.String(5000), nullable=True)
@@ -35,29 +71,29 @@ class Actor(BaseModel):
     followers_url = db.Column(db.String(255), nullable=False)
     following_url = db.Column(db.String(255), nullable=False)
     shared_inbox_url = db.Column(db.String(255), nullable=False)
-    is_remote = db.Column(db.Boolean, default=False, nullable=False)
     created_at = db.Column(db.DateTime, nullable=False)
     manually_approves_followers = db.Column(
         db.Boolean, default=True, nullable=False
     )
     last_fetch_date = db.Column(db.DateTime, nullable=True)
 
+    domain = db.relationship('Domain', back_populates='actors')
+
     def __str__(self) -> str:
         return f'<Actor \'{self.name}\'>'
 
     def __init__(
         self,
         user: User,
+        domain_id: int,
         created_at: Optional[datetime] = datetime.utcnow(),
-        is_remote: Optional[bool] = False,
     ) -> None:
         self.ap_id = get_ap_url(user.username, 'user_url')
         self.created_at = created_at
-        self.domain = f"{current_app.config['AP_DOMAIN']}"
+        self.domain_id = domain_id
         self.followers_url = get_ap_url(user.username, 'followers')
         self.following_url = get_ap_url(user.username, 'following')
         self.inbox_url = get_ap_url(user.username, 'inbox')
-        self.is_remote = is_remote
         self.name = user.username
         self.outbox_url = get_ap_url(user.username, 'outbox')
         self.preferred_username = user.username
@@ -67,6 +103,10 @@ def __init__(
     def generate_keys(self) -> None:
         self.public_key, self.private_key = generate_keys()
 
+    @property
+    def is_remote(self) -> bool:
+        return self.domain.is_remote
+
     def serialize(self) -> Dict:
         return {
             '@context': AP_CTX,
diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
index 6ed69392e..90c075017 100644
--- a/fittrackee/federation/nodeinfo.py
+++ b/fittrackee/federation/nodeinfo.py
@@ -4,15 +4,16 @@
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Workout
 
-from .utils import federation_required
+from .decorators import federation_required
+from .models import Domain
 
 ap_nodeinfo_blueprint = Blueprint('ap_nodeinfo', __name__)
 
 
 @ap_nodeinfo_blueprint.route('/.well-known/nodeinfo', methods=['GET'])
 @federation_required
-def get_nodeinfo_url() -> HttpResponse:
-    nodeinfo_url = f'https://{current_app.config["AP_DOMAIN"]}/nodeinfo/2.0'
+def get_nodeinfo_url(app_domain: Domain) -> HttpResponse:
+    nodeinfo_url = f'https://{app_domain.name}/nodeinfo/2.0'
     response = {
         'links': [
             {
@@ -28,7 +29,7 @@ def get_nodeinfo_url() -> HttpResponse:
 
 @ap_nodeinfo_blueprint.route('/nodeinfo/2.0', methods=['GET'])
 @federation_required
-def get_nodeinfo() -> HttpResponse:
+def get_nodeinfo(app_domain: Domain) -> HttpResponse:
     # TODO : add 'activeHalfyear' and 'activeMonth' for users
     workouts_count = Workout.query.filter().count()
     users_count = User.query.filter().count()
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 1de407edb..673302d7d 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,11 +1,8 @@
-from functools import wraps
-from typing import Any, Callable, Tuple
+from typing import Tuple
 
 from Crypto.PublicKey import RSA
 from flask import current_app
 
-from fittrackee.responses import DisabledFederationErrorResponse
-
 ACTOR_TYPES = ['Application', 'Group', 'Person']
 
 AP_CTX = [
@@ -45,13 +42,3 @@ def get_ap_url(username: str, url_type: str) -> str:
     if url_type == 'shared_inbox':
         return f'{ap_url}inbox'
     raise Exception('Invalid \'url_type\'.')
-
-
-def federation_required(f: Callable) -> Callable:
-    @wraps(f)
-    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
-        if not current_app.config['federation_enabled']:
-            return DisabledFederationErrorResponse()
-        return f(*args, **kwargs)
-
-    return decorated_function
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index 0998c836d..0a48d0a27 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -6,15 +6,15 @@
     UserNotFoundErrorResponse,
 )
 
-from .models import Actor
-from .utils import federation_required
+from .decorators import federation_required
+from .models import Actor, Domain
 
 ap_webfinger_blueprint = Blueprint('ap_webfinger', __name__)
 
 
 @ap_webfinger_blueprint.route('/webfinger', methods=['GET'])
 @federation_required
-def webfinger() -> HttpResponse:
+def webfinger(app_domain: Domain) -> HttpResponse:
     resource = request.args.get('resource')
     if not resource or not resource.startswith('acct:'):
         return InvalidPayloadErrorResponse('Missing resource in request args.')
@@ -28,13 +28,13 @@ def webfinger() -> HttpResponse:
         return UserNotFoundErrorResponse()
 
     actor = Actor.query.filter_by(
-        preferred_username=preferred_username, domain=domain
+        preferred_username=preferred_username, domain_id=app_domain.id
     ).first()
     if not actor:
         return UserNotFoundErrorResponse()
 
     response = {
-        'subject': f'acct:{actor.preferred_username}@{actor.domain}',
+        'subject': f'acct:{actor.preferred_username}@{actor.domain.name}',
         'links': [
             {
                 'href': actor.ap_id,
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 9dd217e2e..6740e54ed 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -23,15 +23,24 @@ def upgrade():
             'federation_enabled', sa.Boolean(), nullable=True, default=False
         ),
     )
-    op.execute('UPDATE app_config SET federation_enabled = true')
+    op.execute('UPDATE app_config SET federation_enabled = false')
     op.alter_column('app_config', 'federation_enabled', nullable=False)
 
+    op.create_table('domains',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('name', sa.String(length=1000), nullable=False),
+        sa.Column('created_at', sa.DateTime(), nullable=False),
+        sa.Column('is_allowed', sa.Boolean(), nullable=False),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('name'),
+    )
+
     op.create_table('actors',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('ap_id', sa.String(length=255), nullable=False),
         sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('domain_id', sa.Integer(), nullable=False),
         sa.Column('type', sa.Enum('Application', 'Group', 'Person', name='actor_types'), server_default='Person', nullable=True),
-        sa.Column('domain', sa.String(length=1000), nullable=False),
         sa.Column('name', sa.String(length=255), nullable=False),
         sa.Column('preferred_username', sa.String(length=255), nullable=False),
         sa.Column('public_key', sa.String(length=5000), nullable=True),
@@ -41,11 +50,11 @@ def upgrade():
         sa.Column('followers_url', sa.String(length=255), nullable=False),
         sa.Column('following_url', sa.String(length=255), nullable=False),
         sa.Column('shared_inbox_url', sa.String(length=255), nullable=False),
-        sa.Column('is_remote', sa.Boolean(), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
         sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
         sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
         sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+        sa.ForeignKeyConstraint(['domain_id'], ['domains.id'], ),
         sa.PrimaryKeyConstraint('id'),
         sa.UniqueConstraint('ap_id'),
         sa.UniqueConstraint('user_id')
@@ -56,4 +65,6 @@ def downgrade():
     op.drop_table('actors')
     op.execute('DROP TYPE actor_types')
 
+    op.drop_table('domains')
+
     op.drop_column('app_config', 'federation_enabled')
diff --git a/fittrackee/tests/federation/test_federation_federation.py b/fittrackee/tests/federation/test_federation_federation.py
index f86986f93..6b840af3d 100644
--- a/fittrackee/tests/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/test_federation_federation.py
@@ -43,11 +43,11 @@ def test_it_returns_actor(
         assert data == actor_1.serialize()
 
     def test_it_returns_error_if_federation_is_disabled(
-        self, app: Flask, actor_1: Actor
+        self, app: Flask, app_actor: Actor
     ) -> None:
         client = app.test_client()
         response = client.get(
-            f'/federation/user/{actor_1.preferred_username}',
+            f'/federation/user/{app_actor.preferred_username}',
         )
 
         assert response.status_code == 403
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
index c1ee08e51..f3d39b91a 100644
--- a/fittrackee/tests/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -6,7 +6,7 @@
 from Crypto.Signature import pkcs1_15
 from flask import Flask
 
-from fittrackee.federation.models import Actor
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils import AP_CTX, get_ap_url
 
 
@@ -16,53 +16,98 @@ def test_it_raises_error_if_url_type_is_invalid(self, app: Flask) -> None:
             get_ap_url(username=uuid4().hex, url_type='url')
 
 
+class TestActivityPubDomainModel:
+    def test_it_returns_string_representation(
+        self, app_with_federation: Flask
+    ) -> None:
+        local_domain = Domain.query.filter_by(
+            name=app_with_federation.config['AP_DOMAIN']
+        ).first()
+        assert f"<Domain '{app_with_federation.config['AP_DOMAIN']}'>" == str(
+            local_domain
+        )
+
+    def test_app_domain_is_local(self, app_with_federation: Flask) -> None:
+        local_domain = Domain.query.filter_by(
+            name=app_with_federation.config['AP_DOMAIN']
+        ).first()
+        assert not local_domain.is_remote
+
+    def test_it_returns_serialized_object(
+        self, app_with_federation: Flask
+    ) -> None:
+        local_domain = Domain.query.filter_by(
+            name=app_with_federation.config['AP_DOMAIN']
+        ).first()
+        serialized_domain = local_domain.serialize()
+
+        assert serialized_domain['id']
+        assert 'created_at' in serialized_domain
+        assert (
+            serialized_domain['name']
+            == app_with_federation.config['AP_DOMAIN']
+        )
+        assert serialized_domain['is_allowed']
+        assert not serialized_domain['is_remote']
+
+
 class TestActivityPubActorModel:
-    def test_actor_model(self, app: Flask, actor_1: Actor) -> None:
+    def test_it_returns_string_representation(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
         assert '<Actor \'test\'>' == str(actor_1)
 
-        serialized_apactor = actor_1.serialize()
-        ap_url = app.config['AP_DOMAIN']
-        assert serialized_apactor['@context'] == AP_CTX
-        assert serialized_apactor['id'] == actor_1.ap_id
-        assert serialized_apactor['type'] == 'Person'
+    def test_actor_is_local_is_local(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        assert not actor_1.is_remote
+
+    def test_it_returns_serialized_object(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        serialized_actor = actor_1.serialize()
+        ap_url = app_with_federation.config['AP_DOMAIN']
+        assert serialized_actor['@context'] == AP_CTX
+        assert serialized_actor['id'] == actor_1.ap_id
+        assert serialized_actor['type'] == 'Person'
         assert (
-            serialized_apactor['preferredUsername']
-            == actor_1.preferred_username
+            serialized_actor['preferredUsername'] == actor_1.preferred_username
         )
-        assert serialized_apactor['name'] == actor_1.name
+        assert serialized_actor['name'] == actor_1.name
         assert (
-            serialized_apactor['inbox']
+            serialized_actor['inbox']
             == f'{ap_url}/federation/user/{actor_1.name}/inbox'
         )
         assert (
-            serialized_apactor['inbox']
+            serialized_actor['inbox']
             == f'{ap_url}/federation/user/{actor_1.name}/inbox'
         )
         assert (
-            serialized_apactor['outbox']
+            serialized_actor['outbox']
             == f'{ap_url}/federation/user/{actor_1.name}/outbox'
         )
         assert (
-            serialized_apactor['followers']
+            serialized_actor['followers']
             == f'{ap_url}/federation/user/{actor_1.name}/followers'
         )
         assert (
-            serialized_apactor['following']
+            serialized_actor['following']
             == f'{ap_url}/federation/user/{actor_1.name}/following'
         )
-        assert serialized_apactor['manuallyApprovesFollowers'] is True
+        assert serialized_actor['manuallyApprovesFollowers'] is True
         assert (
-            serialized_apactor['publicKey']['id']
-            == f'{actor_1.ap_id}#main-key'
+            serialized_actor['publicKey']['id'] == f'{actor_1.ap_id}#main-key'
         )
-        assert serialized_apactor['publicKey']['owner'] == actor_1.ap_id
-        assert 'publicKeyPem' in serialized_apactor['publicKey']
+        assert serialized_actor['publicKey']['owner'] == actor_1.ap_id
+        assert 'publicKeyPem' in serialized_actor['publicKey']
         assert (
-            serialized_apactor['endpoints']['sharedInbox']
+            serialized_actor['endpoints']['sharedInbox']
             == f'{ap_url}/federation/inbox'
         )
 
-    def test_generated_key_is_valid(self, app: Flask, actor_1: Actor) -> None:
+    def test_generated_key_is_valid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
         actor_1.generate_keys()
 
         signer = pkcs1_15.new(RSA.import_key(actor_1.private_key))
diff --git a/fittrackee/tests/federation/test_federation_nodeinfo.py b/fittrackee/tests/federation/test_federation_nodeinfo.py
index 94021af2a..aeb48f845 100644
--- a/fittrackee/tests/federation/test_federation_nodeinfo.py
+++ b/fittrackee/tests/federation/test_federation_nodeinfo.py
@@ -8,7 +8,7 @@
 
 class TestWellKnowNodeInfo:
     def test_it_returns_error_if_federation_is_disabled(
-        self, app: Flask, actor_1: Actor
+        self, app: Flask
     ) -> None:
         client = app.test_client()
         response = client.get(
@@ -47,10 +47,26 @@ def test_it_returns_instance_nodeinfo_url_if_federation_is_enabled(
             ]
         }
 
+    def test_it_returns_error_if_domain_does_not_exist(
+        self, app_wo_domain: Flask
+    ) -> None:
+        client = app_wo_domain.test_client()
+        response = client.get(
+            '/.well-known/nodeinfo',
+            content_type='application/json',
+        )
+        assert response.status_code == 500
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, please try again or contact the administrator'
+            in data['message']
+        )
+
 
 class TestNodeInfo:
     def test_it_returns_error_if_federation_is_disabled(
-        self, app: Flask, actor_1: Actor
+        self, app: Flask
     ) -> None:
         client = app.test_client()
         response = client.get(
diff --git a/fittrackee/tests/federation/test_federation_webfinger.py b/fittrackee/tests/federation/test_federation_webfinger.py
index f1d1126dc..e9914dfa5 100644
--- a/fittrackee/tests/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/test_federation_webfinger.py
@@ -85,7 +85,7 @@ def test_it_returns_json_resource_descriptor_as_content_type(
         client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain}',
+            f'{actor_1.preferred_username}@{actor_1.domain.name}',
             content_type='application/json',
         )
 
@@ -98,14 +98,14 @@ def test_it_returns_subject_with_user_data(
         client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain}',
+            f'{actor_1.preferred_username}@{actor_1.domain.name}',
             content_type='application/json',
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert (
-            f'acct:{actor_1.preferred_username}@{actor_1.domain}'
+            f'acct:{actor_1.preferred_username}@{actor_1.domain.name}'
             in data['subject']
         )
 
@@ -115,7 +115,7 @@ def test_it_returns_user_links(
         client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain}',
+            f'{actor_1.preferred_username}@{actor_1.domain.name}',
             content_type='application/json',
         )
 
@@ -128,12 +128,12 @@ def test_it_returns_user_links(
         }
 
     def test_it_returns_error_if_federation_is_disabled(
-        self, app: Flask, actor_1: Actor
+        self, app: Flask, app_actor: Actor
     ) -> None:
         client = app.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain}',
+            f'{app_actor.preferred_username}@{app_actor.domain.name}',
             content_type='application/json',
         )
 
diff --git a/fittrackee/tests/fixtures/fixtures_app.py b/fittrackee/tests/fixtures/fixtures_app.py
index c4a21f9e7..405eede25 100644
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@@ -6,6 +6,7 @@
 from fittrackee import create_app, db
 from fittrackee.application.models import AppConfig
 from fittrackee.application.utils import update_app_config_from_database
+from fittrackee.federation.models import Domain
 
 
 def get_app_config(
@@ -44,6 +45,7 @@ def get_app(
     max_zip_file_size: Optional[Union[int, float]] = None,
     max_users: Optional[int] = None,
     with_federation: Optional[bool] = False,
+    with_domain: Optional[bool] = True,
 ) -> Generator:
     app = create_app()
     with app.app_context():
@@ -59,6 +61,10 @@ def get_app(
             )
             if app_db_config:
                 update_app_config_from_database(app, app_db_config)
+                if with_domain:
+                    domain = Domain(name=app.config['AP_DOMAIN'])
+                    db.session.add(domain)
+                    db.session.commit()
             yield app
         except Exception as e:
             print(f'Error with app configuration: {e}')
@@ -152,7 +158,9 @@ def app_wo_email_auth(monkeypatch: pytest.MonkeyPatch) -> Generator:
 
 @pytest.fixture
 def app_wo_domain() -> Generator:
-    yield from get_app(with_config=True)
+    yield from get_app(
+        with_config=True, with_federation=True, with_domain=False
+    )
 
 
 @pytest.fixture
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index e81b63493..94fa3e582 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -1,13 +1,26 @@
 import pytest
+from flask import Flask
 
 from fittrackee import db
-from fittrackee.federation.models import Actor
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import User
 
 
 @pytest.fixture()
-def actor_1(user_1: User) -> Actor:
-    actor = Actor(user=user_1)
+def actor_1(user_1: User, app_with_federation: Flask) -> Actor:
+    domain = Domain.query.filter_by(
+        name=app_with_federation.config['AP_DOMAIN']
+    ).first()
+    actor = Actor(user=user_1, domain_id=domain.id)
+    db.session.add(actor)
+    db.session.commit()
+    return actor
+
+
+@pytest.fixture()
+def app_actor(user_1: User, app: Flask) -> Actor:
+    domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).first()
+    actor = Actor(user=user_1, domain_id=domain.id)
     db.session.add(actor)
     db.session.commit()
     return actor

From 93c05c57cf83b9c15c56c664eaa8e122d63c0220 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:27:10 +0100
Subject: [PATCH 006/238] API - move BaseModel declaration

---
 fittrackee/__init__.py           | 2 ++
 fittrackee/application/models.py | 5 +----
 fittrackee/federation/models.py  | 5 +----
 fittrackee/users/models.py       | 5 +----
 fittrackee/workouts/models.py    | 4 +---
 5 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index 1ad9cea60..eec1be648 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -17,11 +17,13 @@
 from flask_migrate import Migrate
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy.exc import ProgrammingError
+from sqlalchemy.ext.declarative import DeclarativeMeta
 
 from fittrackee.emails.email import EmailService
 
 VERSION = __version__ = '0.5.7'
 db = SQLAlchemy()
+BaseModel: DeclarativeMeta = db.Model
 bcrypt = Bcrypt()
 migrate = Migrate()
 email_service = EmailService()
diff --git a/fittrackee/application/models.py b/fittrackee/application/models.py
index 0a0a0a51d..b97fda882 100644
--- a/fittrackee/application/models.py
+++ b/fittrackee/application/models.py
@@ -4,15 +4,12 @@
 from sqlalchemy import exc
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
-from sqlalchemy.ext.declarative import DeclarativeMeta
 from sqlalchemy.orm.mapper import Mapper
 from sqlalchemy.orm.session import Session
 
-from fittrackee import VERSION, db
+from fittrackee import VERSION, BaseModel, db
 from fittrackee.users.models import User
 
-BaseModel: DeclarativeMeta = db.Model
-
 
 class AppConfig(BaseModel):
     __tablename__ = 'app_config'
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index b6ec9638a..f7dc46441 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -2,16 +2,13 @@
 from typing import Dict, Optional
 
 from flask import current_app
-from sqlalchemy.ext.declarative import DeclarativeMeta
 from sqlalchemy.types import Enum
 
-from fittrackee import db
+from fittrackee import BaseModel, db
 from fittrackee.users.models import User
 
 from .utils import ACTOR_TYPES, AP_CTX, generate_keys, get_ap_url
 
-BaseModel: DeclarativeMeta = db.Model
-
 
 class Domain(BaseModel):
     """ActivityPub Domain"""
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index e1599dab0..e86cacba8 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -4,17 +4,14 @@
 import jwt
 from flask import current_app
 from sqlalchemy import func
-from sqlalchemy.ext.declarative import DeclarativeMeta
 from sqlalchemy.ext.hybrid import hybrid_property
 from sqlalchemy.sql.expression import select
 
-from fittrackee import bcrypt, db
+from fittrackee import BaseModel, bcrypt, db
 from fittrackee.workouts.models import Workout
 
 from .utils.token import decode_user_token, get_user_token
 
-BaseModel: DeclarativeMeta = db.Model
-
 
 class User(BaseModel):
     __tablename__ = 'users'
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index ac5e2273f..fd19c6d2f 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -6,19 +6,17 @@
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
-from sqlalchemy.ext.declarative import DeclarativeMeta
 from sqlalchemy.ext.hybrid import hybrid_property
 from sqlalchemy.orm.mapper import Mapper
 from sqlalchemy.orm.session import Session, object_session
 from sqlalchemy.types import JSON, Enum
 
-from fittrackee import db
+from fittrackee import BaseModel, db
 from fittrackee.files import get_absolute_file_path
 
 from .utils.convert import convert_in_duration, convert_value_to_integer
 from .utils.short_id import encode_uuid
 
-BaseModel: DeclarativeMeta = db.Model
 record_types = [
     'AS',  # 'Best Average Speed'
     'FD',  # 'Farthest Distance'

From e888f276b380dd13a086be67aab92f3308ecd016 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:36:41 +0100
Subject: [PATCH 007/238] API - update relationship between User and Actor
 (wip)

---
 fittrackee/federation/models.py               | 24 ++++++++-----------
 .../23_8842c351a2d8_init_federation.py        | 11 ++++++---
 .../tests/fixtures/fixtures_federation.py     |  7 +++---
 fittrackee/users/models.py                    |  5 ++++
 4 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index f7dc46441..f3c00f4c0 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -5,7 +5,6 @@
 from sqlalchemy.types import Enum
 
 from fittrackee import BaseModel, db
-from fittrackee.users.models import User
 
 from .utils import ACTOR_TYPES, AP_CTX, generate_keys, get_ap_url
 
@@ -50,9 +49,6 @@ class Actor(BaseModel):
     __tablename__ = 'actors'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
     ap_id = db.Column(db.String(255), unique=True, nullable=False)
-    user_id = db.Column(
-        db.Integer, db.ForeignKey('users.id'), unique=True, nullable=False
-    )
     domain_id = db.Column(
         db.Integer, db.ForeignKey('domains.id'), nullable=False
     )
@@ -75,27 +71,27 @@ class Actor(BaseModel):
     last_fetch_date = db.Column(db.DateTime, nullable=True)
 
     domain = db.relationship('Domain', back_populates='actors')
+    user = db.relationship('User', uselist=False, back_populates='actor')
 
     def __str__(self) -> str:
         return f'<Actor \'{self.name}\'>'
 
     def __init__(
         self,
-        user: User,
+        username: str,
         domain_id: int,
         created_at: Optional[datetime] = datetime.utcnow(),
     ) -> None:
-        self.ap_id = get_ap_url(user.username, 'user_url')
+        self.ap_id = get_ap_url(username, 'user_url')
         self.created_at = created_at
         self.domain_id = domain_id
-        self.followers_url = get_ap_url(user.username, 'followers')
-        self.following_url = get_ap_url(user.username, 'following')
-        self.inbox_url = get_ap_url(user.username, 'inbox')
-        self.name = user.username
-        self.outbox_url = get_ap_url(user.username, 'outbox')
-        self.preferred_username = user.username
-        self.shared_inbox_url = get_ap_url(user.username, 'shared_inbox')
-        self.user_id = user.id
+        self.followers_url = get_ap_url(username, 'followers')
+        self.following_url = get_ap_url(username, 'following')
+        self.inbox_url = get_ap_url(username, 'inbox')
+        self.name = username
+        self.outbox_url = get_ap_url(username, 'outbox')
+        self.preferred_username = username
+        self.shared_inbox_url = get_ap_url(username, 'shared_inbox')
 
     def generate_keys(self) -> None:
         self.public_key, self.private_key = generate_keys()
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 6740e54ed..697230d10 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -38,7 +38,6 @@ def upgrade():
     op.create_table('actors',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('ap_id', sa.String(length=255), nullable=False),
-        sa.Column('user_id', sa.Integer(), nullable=False),
         sa.Column('domain_id', sa.Integer(), nullable=False),
         sa.Column('type', sa.Enum('Application', 'Group', 'Person', name='actor_types'), server_default='Person', nullable=True),
         sa.Column('name', sa.String(length=255), nullable=False),
@@ -53,15 +52,21 @@ def upgrade():
         sa.Column('created_at', sa.DateTime(), nullable=False),
         sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
         sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
-        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
         sa.ForeignKeyConstraint(['domain_id'], ['domains.id'], ),
         sa.PrimaryKeyConstraint('id'),
         sa.UniqueConstraint('ap_id'),
-        sa.UniqueConstraint('user_id')
     )
 
+    op.add_column('users', sa.Column('actor_id', sa.Integer(), nullable=True))
+    op.create_unique_constraint('users_actor_id_key', 'users', ['actor_id'])
+    op.create_foreign_key('users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id'])
+
 
 def downgrade():
+    op.drop_constraint('users_actor_id_fkey', 'users', type_='foreignkey')
+    op.drop_constraint('users_actor_id_key', 'users', type_='unique')
+    op.drop_column('users', 'actor_id')
+
     op.drop_table('actors')
     op.execute('DROP TYPE actor_types')
 
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 94fa3e582..ffd769c79 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -11,16 +11,17 @@ def actor_1(user_1: User, app_with_federation: Flask) -> Actor:
     domain = Domain.query.filter_by(
         name=app_with_federation.config['AP_DOMAIN']
     ).first()
-    actor = Actor(user=user_1, domain_id=domain.id)
+    actor = Actor(username=user_1.username, domain_id=domain.id)
     db.session.add(actor)
+    user_1.actor_id = actor.id
     db.session.commit()
     return actor
 
 
 @pytest.fixture()
-def app_actor(user_1: User, app: Flask) -> Actor:
+def app_actor(app: Flask) -> Actor:
     domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).first()
-    actor = Actor(user=user_1, domain_id=domain.id)
+    actor = Actor(username='test', domain_id=domain.id)
     db.session.add(actor)
     db.session.commit()
     return actor
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index e86cacba8..da55a9218 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -8,6 +8,7 @@
 from sqlalchemy.sql.expression import select
 
 from fittrackee import BaseModel, bcrypt, db
+from fittrackee.federation.models import Actor
 from fittrackee.workouts.models import Workout
 
 from .utils.token import decode_user_token, get_user_token
@@ -16,6 +17,9 @@
 class User(BaseModel):
     __tablename__ = 'users'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    actor_id = db.Column(
+        db.Integer, db.ForeignKey('actors.id'), unique=True, nullable=True
+    )
     username = db.Column(db.String(20), unique=True, nullable=False)
     email = db.Column(db.String(120), unique=True, nullable=False)
     password = db.Column(db.String(255), nullable=False)
@@ -42,6 +46,7 @@ class User(BaseModel):
     )
     language = db.Column(db.String(50), nullable=True)
     imperial_units = db.Column(db.Boolean, default=False, nullable=False)
+    actor = db.relationship(Actor, back_populates='user')
 
     def __repr__(self) -> str:
         return f'<User {self.username!r}>'

From fb4fbf3f0911c9ae597298c0a57b1e4709b38fbd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:42:27 +0100
Subject: [PATCH 008/238] API - init follow requests between actors (wip)

---
 fittrackee/federation/exceptions.py           |  6 ++
 fittrackee/federation/models.py               | 77 +++++++++++++++
 .../23_8842c351a2d8_init_federation.py        | 13 +++
 .../federation/test_federation_models.py      | 97 ++++++++++++++++++-
 .../tests/fixtures/fixtures_federation.py     | 50 +++++++++-
 5 files changed, 241 insertions(+), 2 deletions(-)
 create mode 100644 fittrackee/federation/exceptions.py

diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
new file mode 100644
index 000000000..8cce59def
--- /dev/null
+++ b/fittrackee/federation/exceptions.py
@@ -0,0 +1,6 @@
+class FollowRequestAlreadyProcessedError(Exception):
+    ...
+
+
+class NotExistingFollowRequestError(Exception):
+    ...
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index f3c00f4c0..cfdeb2f10 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -6,6 +6,10 @@
 
 from fittrackee import BaseModel, db
 
+from .exceptions import (
+    FollowRequestAlreadyProcessedError,
+    NotExistingFollowRequestError,
+)
 from .utils import ACTOR_TYPES, AP_CTX, generate_keys, get_ap_url
 
 
@@ -43,6 +47,27 @@ def serialize(self) -> Dict:
         }
 
 
+class FollowRequest(BaseModel):
+    """Follow request between two actors"""
+
+    __tablename__ = 'follow_requests'
+    follower_actor_id = db.Column(
+        db.Integer,
+        db.ForeignKey('actors.id'),
+        primary_key=True,
+    )
+    followed_actor_id = db.Column(
+        db.Integer,
+        db.ForeignKey('actors.id'),
+        primary_key=True,
+    )
+    is_approved = db.Column(db.Boolean, default=False, nullable=False)
+    created_at = db.Column(
+        db.DateTime, nullable=False, default=datetime.utcnow
+    )
+    updated_at = db.Column(db.DateTime, nullable=True)
+
+
 class Actor(BaseModel):
     """ActivityPub Actor"""
 
@@ -73,6 +98,19 @@ class Actor(BaseModel):
     domain = db.relationship('Domain', back_populates='actors')
     user = db.relationship('User', uselist=False, back_populates='actor')
 
+    received_follow_requests = db.relationship(
+        FollowRequest,
+        backref='to_actor',
+        primaryjoin=id == FollowRequest.followed_actor_id,
+        lazy='dynamic',
+    )
+    sent_follow_requests = db.relationship(
+        FollowRequest,
+        backref='from_actor',
+        primaryjoin=id == FollowRequest.follower_actor_id,
+        lazy='dynamic',
+    )
+
     def __str__(self) -> str:
         return f'<Actor \'{self.name}\'>'
 
@@ -100,6 +138,45 @@ def generate_keys(self) -> None:
     def is_remote(self) -> bool:
         return self.domain.is_remote
 
+    @property
+    def pending_follow_requests(self) -> FollowRequest:
+        return self.received_follow_requests.filter_by(updated_at=None).all()
+
+    def send_follow_request_to(self, target: 'Actor') -> FollowRequest:
+        follow_request = FollowRequest(
+            follower_actor_id=self.id, followed_actor_id=target.id
+        )
+        db.session.add(follow_request)
+        db.session.commit()
+        return follow_request
+
+    def _processes_follow_request_from(
+        self, actor: 'Actor', approved: bool
+    ) -> FollowRequest:
+        follow_request = FollowRequest.query.filter_by(
+            follower_actor_id=actor.id, followed_actor_id=self.id
+        ).first()
+        if not follow_request:
+            raise NotExistingFollowRequestError()
+        if follow_request.updated_at is not None:
+            raise FollowRequestAlreadyProcessedError()
+        follow_request.is_approved = approved
+        follow_request.updated_at = datetime.now()
+        db.session.commit()
+        return follow_request
+
+    def approves_follow_request_from(self, actor: 'Actor') -> FollowRequest:
+        follow_request = self._processes_follow_request_from(
+            actor=actor, approved=True
+        )
+        return follow_request
+
+    def refuses_follow_request_from(self, actor: 'Actor') -> FollowRequest:
+        follow_request = self._processes_follow_request_from(
+            actor=actor, approved=False
+        )
+        return follow_request
+
     def serialize(self) -> Dict:
         return {
             '@context': AP_CTX,
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 697230d10..018fe544e 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -61,8 +61,21 @@ def upgrade():
     op.create_unique_constraint('users_actor_id_key', 'users', ['actor_id'])
     op.create_foreign_key('users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id'])
 
+    op.create_table('follow_requests',
+        sa.Column('follower_actor_id', sa.Integer(), nullable=False),
+        sa.Column('followed_actor_id', sa.Integer(), nullable=False),
+        sa.Column('is_approved', sa.Boolean(), nullable=False),
+        sa.Column('created_at', sa.DateTime(), nullable=False),
+        sa.Column('updated_at', sa.DateTime(), nullable=True),
+        sa.ForeignKeyConstraint(['followed_actor_id'], ['actors.id'], ),
+        sa.ForeignKeyConstraint(['follower_actor_id'], ['actors.id'], ),
+        sa.PrimaryKeyConstraint('follower_actor_id', 'followed_actor_id')
+    )
+
 
 def downgrade():
+    op.drop_table('follow_requests')
+
     op.drop_constraint('users_actor_id_fkey', 'users', type_='foreignkey')
     op.drop_constraint('users_actor_id_key', 'users', type_='unique')
     op.drop_column('users', 'actor_id')
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
index f3d39b91a..379ec39d5 100644
--- a/fittrackee/tests/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -1,3 +1,4 @@
+from datetime import datetime
 from uuid import uuid4
 
 import pytest
@@ -6,7 +7,11 @@
 from Crypto.Signature import pkcs1_15
 from flask import Flask
 
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.exceptions import (
+    FollowRequestAlreadyProcessedError,
+    NotExistingFollowRequestError,
+)
+from fittrackee.federation.models import Actor, Domain, FollowRequest
 from fittrackee.federation.utils import AP_CTX, get_ap_url
 
 
@@ -114,3 +119,93 @@ def test_generated_key_is_valid(
         hashed_message = SHA256.new('test message'.encode())
         # it raises ValueError if signature is invalid
         signer.verify(hashed_message, signer.sign(hashed_message))
+
+
+class TestActivityPubActorFollowingModel:
+    def test_actor_2_sends_follow_requests_to_actor_1(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+    ) -> None:
+        follow_request = actor_2.send_follow_request_to(actor_1)
+
+        assert follow_request in actor_2.sent_follow_requests.all()
+
+    def test_actor_1_receives_follow_requests_from_actor_2(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+    ) -> None:
+        follow_request = actor_2.send_follow_request_to(actor_1)
+
+        assert follow_request in actor_1.received_follow_requests.all()
+
+    def test_actor_has_pending_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        follow_request_from_actor_2_to_actor_1: FollowRequest,
+    ) -> None:
+        assert (
+            follow_request_from_actor_2_to_actor_1
+            in actor_1.pending_follow_requests
+        )
+
+    def test_actor_has_no_pending_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        follow_request_from_actor_2_to_actor_1: FollowRequest,
+    ) -> None:
+        follow_request_from_actor_2_to_actor_1.updated_at = datetime.now()
+        assert actor_1.pending_follow_requests == []
+
+    def test_actor_approves_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_actor_2_to_actor_1: FollowRequest,
+        follow_request_from_actor_3_to_actor_1: FollowRequest,
+    ) -> None:
+        follow_request = actor_1.approves_follow_request_from(actor_2)
+
+        assert follow_request.is_approved
+        assert actor_1.pending_follow_requests == [
+            follow_request_from_actor_3_to_actor_1
+        ]
+
+    def test_actor_refuses_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_actor_2_to_actor_1: FollowRequest,
+    ) -> None:
+        follow_request = actor_1.refuses_follow_request_from(actor_2)
+
+        assert not follow_request.is_approved
+        assert actor_1.pending_follow_requests == []
+
+    def test_it_raises_error_if_follow_request_does_not_exists(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+    ) -> None:
+        with pytest.raises(NotExistingFollowRequestError):
+            actor_1.approves_follow_request_from(actor_2)
+
+    def test_it_raises_error_if_actor_approves_follow_request_already_processed(  # noqa
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_actor_2_to_actor_1: FollowRequest,
+    ) -> None:
+        follow_request_from_actor_2_to_actor_1.updated_at = datetime.now()
+
+        with pytest.raises(FollowRequestAlreadyProcessedError):
+            actor_1.approves_follow_request_from(actor_2)
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index ffd769c79..7faa4a791 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -2,7 +2,7 @@
 from flask import Flask
 
 from fittrackee import db
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.models import Actor, Domain, FollowRequest
 from fittrackee.users.models import User
 
 
@@ -25,3 +25,51 @@ def app_actor(app: Flask) -> Actor:
     db.session.add(actor)
     db.session.commit()
     return actor
+
+
+@pytest.fixture()
+def actor_2(user_2: User, app_with_federation: Flask) -> Actor:
+    domain = Domain.query.filter_by(
+        name=app_with_federation.config['AP_DOMAIN']
+    ).first()
+    actor = Actor(username=user_2.username, domain_id=domain.id)
+    db.session.add(actor)
+    user_2.actor_id = actor.id
+    db.session.commit()
+    return actor
+
+
+@pytest.fixture()
+def actor_3(user_3: User, app_with_federation: Flask) -> Actor:
+    domain = Domain.query.filter_by(
+        name=app_with_federation.config['AP_DOMAIN']
+    ).first()
+    actor = Actor(username=user_3.username, domain_id=domain.id)
+    db.session.add(actor)
+    user_3.actor_id = actor.id
+    db.session.commit()
+    return actor
+
+
+@pytest.fixture()
+def follow_request_from_actor_2_to_actor_1(
+    actor_1: Actor, actor_2: Actor
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        followed_actor_id=actor_1.id, follower_actor_id=actor_2.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_actor_3_to_actor_1(
+    actor_1: Actor, actor_3: Actor
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        followed_actor_id=actor_1.id, follower_actor_id=actor_3.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request

From 9257b68857a3a111d29a4d425638d0567be6a886 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:45:18 +0100
Subject: [PATCH 009/238] API - Actor model update + refactor

---
 fittrackee/federation/constants.py            |  4 +++
 fittrackee/federation/enums.py                |  7 ++++
 fittrackee/federation/models.py               | 21 ++++++++---
 fittrackee/federation/utils.py                |  7 ----
 .../23_8842c351a2d8_init_federation.py        |  4 +--
 .../federation/test_federation_models.py      | 36 ++++++++++++-------
 fittrackee/tests/fixtures/fixtures_app.py     | 10 +++---
 .../tests/fixtures/fixtures_federation.py     | 21 ++++++-----
 8 files changed, 70 insertions(+), 40 deletions(-)
 create mode 100644 fittrackee/federation/constants.py
 create mode 100644 fittrackee/federation/enums.py

diff --git a/fittrackee/federation/constants.py b/fittrackee/federation/constants.py
new file mode 100644
index 000000000..bf8b15e43
--- /dev/null
+++ b/fittrackee/federation/constants.py
@@ -0,0 +1,4 @@
+AP_CTX = [
+    'https://www.w3.org/ns/activitystreams',
+    'https://w3id.org/security/v1',
+]
diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
new file mode 100644
index 000000000..eeb531ec8
--- /dev/null
+++ b/fittrackee/federation/enums.py
@@ -0,0 +1,7 @@
+from enum import Enum
+
+
+class ActorType(Enum):
+    APPLICATION = 'Application'
+    GROUP = 'Group'
+    PERSON = 'Person'
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index cfdeb2f10..cf449c719 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -6,11 +6,13 @@
 
 from fittrackee import BaseModel, db
 
+from .constants import AP_CTX
+from .enums import ActorType
 from .exceptions import (
     FollowRequestAlreadyProcessedError,
     NotExistingFollowRequestError,
 )
-from .utils import ACTOR_TYPES, AP_CTX, generate_keys, get_ap_url
+from .utils import generate_keys, get_ap_url
 
 
 class Domain(BaseModel):
@@ -72,15 +74,19 @@ class Actor(BaseModel):
     """ActivityPub Actor"""
 
     __tablename__ = 'actors'
+    __table_args__ = (
+        db.UniqueConstraint(
+            'domain_id', 'preferred_username', name='domain_username_unique'
+        ),
+    )
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
     ap_id = db.Column(db.String(255), unique=True, nullable=False)
     domain_id = db.Column(
         db.Integer, db.ForeignKey('domains.id'), nullable=False
     )
     type = db.Column(
-        Enum(*ACTOR_TYPES, name='actor_types'), server_default='Person'
+        Enum(ActorType, name='actor_types'), server_default='PERSON'
     )
-    name = db.Column(db.String(255), nullable=False)
     preferred_username = db.Column(db.String(255), nullable=False)
     public_key = db.Column(db.String(5000), nullable=True)
     private_key = db.Column(db.String(5000), nullable=True)
@@ -126,7 +132,6 @@ def __init__(
         self.followers_url = get_ap_url(username, 'followers')
         self.following_url = get_ap_url(username, 'following')
         self.inbox_url = get_ap_url(username, 'inbox')
-        self.name = username
         self.outbox_url = get_ap_url(username, 'outbox')
         self.preferred_username = username
         self.shared_inbox_url = get_ap_url(username, 'shared_inbox')
@@ -138,6 +143,12 @@ def generate_keys(self) -> None:
     def is_remote(self) -> bool:
         return self.domain.is_remote
 
+    @property
+    def name(self) -> Optional[str]:
+        if self.type == ActorType.PERSON and self.user:
+            return self.user.username
+        return None
+
     @property
     def pending_follow_requests(self) -> FollowRequest:
         return self.received_follow_requests.filter_by(updated_at=None).all()
@@ -181,7 +192,7 @@ def serialize(self) -> Dict:
         return {
             '@context': AP_CTX,
             'id': self.ap_id,
-            'type': self.type,
+            'type': self.type.value,
             'preferredUsername': self.preferred_username,
             'name': self.name,
             'inbox': self.inbox_url,
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 673302d7d..3d23cbddf 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -3,13 +3,6 @@
 from Crypto.PublicKey import RSA
 from flask import current_app
 
-ACTOR_TYPES = ['Application', 'Group', 'Person']
-
-AP_CTX = [
-    'https://www.w3.org/ns/activitystreams',
-    'https://w3id.org/security/v1',
-]
-
 
 def generate_keys() -> Tuple[str, str]:
     """
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 018fe544e..5f3a11c6b 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -39,8 +39,7 @@ def upgrade():
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('ap_id', sa.String(length=255), nullable=False),
         sa.Column('domain_id', sa.Integer(), nullable=False),
-        sa.Column('type', sa.Enum('Application', 'Group', 'Person', name='actor_types'), server_default='Person', nullable=True),
-        sa.Column('name', sa.String(length=255), nullable=False),
+        sa.Column('type', sa.Enum('APPLICATION', 'GROUP', 'PERSON', name='actor_types'), server_default='PERSON', nullable=True),
         sa.Column('preferred_username', sa.String(length=255), nullable=False),
         sa.Column('public_key', sa.String(length=5000), nullable=True),
         sa.Column('private_key', sa.String(length=5000), nullable=True),
@@ -55,6 +54,7 @@ def upgrade():
         sa.ForeignKeyConstraint(['domain_id'], ['domains.id'], ),
         sa.PrimaryKeyConstraint('id'),
         sa.UniqueConstraint('ap_id'),
+        sa.UniqueConstraint('domain_id', 'preferred_username', name='domain_username_unique'),
     )
 
     op.add_column('users', sa.Column('actor_id', sa.Integer(), nullable=True))
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
index 379ec39d5..71f007436 100644
--- a/fittrackee/tests/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -7,12 +7,13 @@
 from Crypto.Signature import pkcs1_15
 from flask import Flask
 
+from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.exceptions import (
     FollowRequestAlreadyProcessedError,
     NotExistingFollowRequestError,
 )
 from fittrackee.federation.models import Actor, Domain, FollowRequest
-from fittrackee.federation.utils import AP_CTX, get_ap_url
+from fittrackee.federation.utils import get_ap_url
 
 
 class TestGetApUrl:
@@ -56,7 +57,7 @@ def test_it_returns_serialized_object(
         assert not serialized_domain['is_remote']
 
 
-class TestActivityPubActorModel:
+class TestActivityPubPersonActorModel:
     def test_it_returns_string_representation(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
@@ -78,26 +79,26 @@ def test_it_returns_serialized_object(
         assert (
             serialized_actor['preferredUsername'] == actor_1.preferred_username
         )
-        assert serialized_actor['name'] == actor_1.name
+        assert serialized_actor['name'] == actor_1.user.username
         assert (
             serialized_actor['inbox']
-            == f'{ap_url}/federation/user/{actor_1.name}/inbox'
+            == f'{ap_url}/federation/user/{actor_1.preferred_username}/inbox'
         )
         assert (
             serialized_actor['inbox']
-            == f'{ap_url}/federation/user/{actor_1.name}/inbox'
+            == f'{ap_url}/federation/user/{actor_1.preferred_username}/inbox'
         )
         assert (
             serialized_actor['outbox']
-            == f'{ap_url}/federation/user/{actor_1.name}/outbox'
+            == f'{ap_url}/federation/user/{actor_1.preferred_username}/outbox'
         )
-        assert (
-            serialized_actor['followers']
-            == f'{ap_url}/federation/user/{actor_1.name}/followers'
+        assert serialized_actor['followers'] == (
+            f'{ap_url}/federation/user/'
+            f'{actor_1.preferred_username}/followers'
         )
-        assert (
-            serialized_actor['following']
-            == f'{ap_url}/federation/user/{actor_1.name}/following'
+        assert serialized_actor['following'] == (
+            f'{ap_url}/federation/user/'
+            f'{actor_1.preferred_username}/following'
         )
         assert serialized_actor['manuallyApprovesFollowers'] is True
         assert (
@@ -209,3 +210,14 @@ def test_it_raises_error_if_actor_approves_follow_request_already_processed(  #
 
         with pytest.raises(FollowRequestAlreadyProcessedError):
             actor_1.approves_follow_request_from(actor_2)
+
+
+class TestActivityPubActorModel:
+    def test_it_returns_actor_empty_name(
+        self, app_with_federation: Flask
+    ) -> None:
+        domain = Domain.query.filter_by(
+            name=app_with_federation.config['AP_DOMAIN']
+        ).first()
+        actor = Actor(username=uuid4().hex, domain_id=domain.id)
+        assert actor.name is None
diff --git a/fittrackee/tests/fixtures/fixtures_app.py b/fittrackee/tests/fixtures/fixtures_app.py
index 405eede25..2429955d7 100644
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@@ -156,6 +156,11 @@ def app_wo_email_auth(monkeypatch: pytest.MonkeyPatch) -> Generator:
     yield from get_app(with_config=True)
 
 
+@pytest.fixture
+def app_with_federation() -> Generator:
+    yield from get_app(with_config=True, with_federation=True)
+
+
 @pytest.fixture
 def app_wo_domain() -> Generator:
     yield from get_app(
@@ -163,11 +168,6 @@ def app_wo_domain() -> Generator:
     )
 
 
-@pytest.fixture
-def app_with_federation() -> Generator:
-    yield from get_app(with_config=True, with_federation=True)
-
-
 @pytest.fixture()
 def app_config() -> AppConfig:
     config = AppConfig()
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 7faa4a791..d80713957 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -7,22 +7,23 @@
 
 
 @pytest.fixture()
-def actor_1(user_1: User, app_with_federation: Flask) -> Actor:
-    domain = Domain.query.filter_by(
-        name=app_with_federation.config['AP_DOMAIN']
-    ).first()
-    actor = Actor(username=user_1.username, domain_id=domain.id)
+def app_actor(app: Flask) -> Actor:
+    domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).first()
+    actor = Actor(username='test', domain_id=domain.id)
     db.session.add(actor)
-    user_1.actor_id = actor.id
     db.session.commit()
     return actor
 
 
 @pytest.fixture()
-def app_actor(app: Flask) -> Actor:
-    domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).first()
-    actor = Actor(username='test', domain_id=domain.id)
+def actor_1(user_1: User, app_with_federation: Flask) -> Actor:
+    domain = Domain.query.filter_by(
+        name=app_with_federation.config['AP_DOMAIN']
+    ).first()
+    actor = Actor(username=user_1.username, domain_id=domain.id)
     db.session.add(actor)
+    db.session.flush()
+    user_1.actor_id = actor.id
     db.session.commit()
     return actor
 
@@ -34,6 +35,7 @@ def actor_2(user_2: User, app_with_federation: Flask) -> Actor:
     ).first()
     actor = Actor(username=user_2.username, domain_id=domain.id)
     db.session.add(actor)
+    db.session.flush()
     user_2.actor_id = actor.id
     db.session.commit()
     return actor
@@ -47,6 +49,7 @@ def actor_3(user_3: User, app_with_federation: Flask) -> Actor:
     actor = Actor(username=user_3.username, domain_id=domain.id)
     db.session.add(actor)
     user_3.actor_id = actor.id
+    db.session.flush()
     db.session.commit()
     return actor
 

From 909072f18e82e56071fd9fc8a3f1aca91282b7a4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 3 Feb 2021 17:42:21 +0100
Subject: [PATCH 010/238] API - rename ActivityPub id column

---
 fittrackee/federation/models.py                        | 10 +++++-----
 fittrackee/federation/webfinger.py                     |  2 +-
 .../versions/23_8842c351a2d8_init_federation.py        |  4 ++--
 fittrackee/tests/federation/test_federation_models.py  |  7 ++++---
 .../tests/federation/test_federation_webfinger.py      |  2 +-
 5 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index cf449c719..0f716ba2b 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -80,7 +80,7 @@ class Actor(BaseModel):
         ),
     )
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
-    ap_id = db.Column(db.String(255), unique=True, nullable=False)
+    activitypub_id = db.Column(db.String(255), unique=True, nullable=False)
     domain_id = db.Column(
         db.Integer, db.ForeignKey('domains.id'), nullable=False
     )
@@ -126,7 +126,7 @@ def __init__(
         domain_id: int,
         created_at: Optional[datetime] = datetime.utcnow(),
     ) -> None:
-        self.ap_id = get_ap_url(username, 'user_url')
+        self.activitypub_id = get_ap_url(username, 'user_url')
         self.created_at = created_at
         self.domain_id = domain_id
         self.followers_url = get_ap_url(username, 'followers')
@@ -191,7 +191,7 @@ def refuses_follow_request_from(self, actor: 'Actor') -> FollowRequest:
     def serialize(self) -> Dict:
         return {
             '@context': AP_CTX,
-            'id': self.ap_id,
+            'id': self.activitypub_id,
             'type': self.type.value,
             'preferredUsername': self.preferred_username,
             'name': self.name,
@@ -201,8 +201,8 @@ def serialize(self) -> Dict:
             'following': self.following_url,
             'manuallyApprovesFollowers': self.manually_approves_followers,
             'publicKey': {
-                'id': f'{self.ap_id}#main-key',
-                'owner': self.ap_id,
+                'id': f'{self.activitypub_id}#main-key',
+                'owner': self.activitypub_id,
                 'publicKeyPem': self.public_key,
             },
             'endpoints': {'sharedInbox': self.shared_inbox_url},
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index 0a48d0a27..99789ae3e 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -37,7 +37,7 @@ def webfinger(app_domain: Domain) -> HttpResponse:
         'subject': f'acct:{actor.preferred_username}@{actor.domain.name}',
         'links': [
             {
-                'href': actor.ap_id,
+                'href': actor.activitypub_id,
                 'rel': 'self',
                 'type': 'application/activity+json',
             }
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 5f3a11c6b..0566eb6f6 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -37,7 +37,7 @@ def upgrade():
 
     op.create_table('actors',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
-        sa.Column('ap_id', sa.String(length=255), nullable=False),
+        sa.Column('activitypub_id', sa.String(length=255), nullable=False),
         sa.Column('domain_id', sa.Integer(), nullable=False),
         sa.Column('type', sa.Enum('APPLICATION', 'GROUP', 'PERSON', name='actor_types'), server_default='PERSON', nullable=True),
         sa.Column('preferred_username', sa.String(length=255), nullable=False),
@@ -53,7 +53,7 @@ def upgrade():
         sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
         sa.ForeignKeyConstraint(['domain_id'], ['domains.id'], ),
         sa.PrimaryKeyConstraint('id'),
-        sa.UniqueConstraint('ap_id'),
+        sa.UniqueConstraint('activitypub_id'),
         sa.UniqueConstraint('domain_id', 'preferred_username', name='domain_username_unique'),
     )
 
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
index 71f007436..2c45b9b40 100644
--- a/fittrackee/tests/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -74,7 +74,7 @@ def test_it_returns_serialized_object(
         serialized_actor = actor_1.serialize()
         ap_url = app_with_federation.config['AP_DOMAIN']
         assert serialized_actor['@context'] == AP_CTX
-        assert serialized_actor['id'] == actor_1.ap_id
+        assert serialized_actor['id'] == actor_1.activitypub_id
         assert serialized_actor['type'] == 'Person'
         assert (
             serialized_actor['preferredUsername'] == actor_1.preferred_username
@@ -102,9 +102,10 @@ def test_it_returns_serialized_object(
         )
         assert serialized_actor['manuallyApprovesFollowers'] is True
         assert (
-            serialized_actor['publicKey']['id'] == f'{actor_1.ap_id}#main-key'
+            serialized_actor['publicKey']['id']
+            == f'{actor_1.activitypub_id}#main-key'
         )
-        assert serialized_actor['publicKey']['owner'] == actor_1.ap_id
+        assert serialized_actor['publicKey']['owner'] == actor_1.activitypub_id
         assert 'publicKeyPem' in serialized_actor['publicKey']
         assert (
             serialized_actor['endpoints']['sharedInbox']
diff --git a/fittrackee/tests/federation/test_federation_webfinger.py b/fittrackee/tests/federation/test_federation_webfinger.py
index e9914dfa5..b897ad7b1 100644
--- a/fittrackee/tests/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/test_federation_webfinger.py
@@ -122,7 +122,7 @@ def test_it_returns_user_links(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['links'][0] == {
-            'href': actor_1.ap_id,
+            'href': actor_1.activitypub_id,
             'rel': 'self',
             'type': 'application/activity+json',
         }

From 39c3ce6e79931f4ee38f42d5be9ba8e720a0fdc0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 11:53:01 +0100
Subject: [PATCH 011/238] API - add remote user

---
 fittrackee/federation/models.py               | 23 +++++---
 .../federation/test_federation_models.py      | 54 ++++++++++++++++++-
 .../tests/fixtures/fixtures_federation.py     | 43 +++++++++++++++
 fittrackee/tests/utils.py                     |  4 ++
 4 files changed, 116 insertions(+), 8 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 0f716ba2b..291f6d8b4 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -125,16 +125,27 @@ def __init__(
         username: str,
         domain_id: int,
         created_at: Optional[datetime] = datetime.utcnow(),
+        remote_user_data: Optional[Dict] = None,
     ) -> None:
-        self.activitypub_id = get_ap_url(username, 'user_url')
         self.created_at = created_at
         self.domain_id = domain_id
-        self.followers_url = get_ap_url(username, 'followers')
-        self.following_url = get_ap_url(username, 'following')
-        self.inbox_url = get_ap_url(username, 'inbox')
-        self.outbox_url = get_ap_url(username, 'outbox')
         self.preferred_username = username
-        self.shared_inbox_url = get_ap_url(username, 'shared_inbox')
+        if remote_user_data:
+            self.activitypub_id = remote_user_data['id']
+            self.followers_url = remote_user_data['followers']
+            self.following_url = remote_user_data['following']
+            self.inbox_url = remote_user_data['inbox']
+            self.outbox_url = remote_user_data['outbox']
+            self.shared_inbox_url = remote_user_data.get('endpoints', {}).get(
+                'sharedInbox'
+            )
+        else:
+            self.activitypub_id = get_ap_url(username, 'user_url')
+            self.followers_url = get_ap_url(username, 'followers')
+            self.following_url = get_ap_url(username, 'following')
+            self.inbox_url = get_ap_url(username, 'inbox')
+            self.outbox_url = get_ap_url(username, 'outbox')
+            self.shared_inbox_url = get_ap_url(username, 'shared_inbox')
 
     def generate_keys(self) -> None:
         self.public_key, self.private_key = generate_keys()
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
index 2c45b9b40..fb573d9b8 100644
--- a/fittrackee/tests/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -39,6 +39,11 @@ def test_app_domain_is_local(self, app_with_federation: Flask) -> None:
         ).first()
         assert not local_domain.is_remote
 
+    def test_domain_is_remote(
+        self, app_with_federation: Flask, remote_domain: Domain
+    ) -> None:
+        assert remote_domain.is_remote
+
     def test_it_returns_serialized_object(
         self, app_with_federation: Flask
     ) -> None:
@@ -57,13 +62,13 @@ def test_it_returns_serialized_object(
         assert not serialized_domain['is_remote']
 
 
-class TestActivityPubPersonActorModel:
+class TestActivityPubLocalPersonActorModel:
     def test_it_returns_string_representation(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         assert '<Actor \'test\'>' == str(actor_1)
 
-    def test_actor_is_local_is_local(
+    def test_actor_is_local(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         assert not actor_1.is_remote
@@ -123,6 +128,51 @@ def test_generated_key_is_valid(
         signer.verify(hashed_message, signer.sign(hashed_message))
 
 
+class TestActivityPubRemotePersonActorModel:
+    def test_actor_is_remote(
+        self, app_with_federation: Flask, remote_actor: Actor
+    ) -> None:
+        assert remote_actor.is_remote
+
+    def test_it_returns_serialized_object(
+        self,
+        app_with_federation: Flask,
+        remote_actor: Actor,
+        remote_domain: Domain,
+    ) -> None:
+        serialized_actor = remote_actor.serialize()
+        ap_url = remote_domain.name
+        user_url = (
+            f'{remote_domain.name}/users/{remote_actor.preferred_username}'
+        )
+        assert serialized_actor['@context'] == AP_CTX
+        assert serialized_actor['id'] == remote_actor.activitypub_id
+        assert serialized_actor['type'] == 'Person'
+        assert (
+            serialized_actor['preferredUsername']
+            == remote_actor.preferred_username
+        )
+        assert serialized_actor['name'] == remote_actor.user.username
+        assert serialized_actor['inbox'] == f'{user_url}/inbox'
+        assert serialized_actor['inbox'] == f'{user_url}/inbox'
+        assert serialized_actor['outbox'] == f'{user_url}/outbox'
+        assert serialized_actor['followers'] == f'{user_url}/followers'
+        assert serialized_actor['following'] == f'{user_url}/following'
+        assert serialized_actor['manuallyApprovesFollowers'] is True
+        assert (
+            serialized_actor['publicKey']['id']
+            == f'{remote_actor.activitypub_id}#main-key'
+        )
+        assert (
+            serialized_actor['publicKey']['owner']
+            == remote_actor.activitypub_id
+        )
+        assert 'publicKeyPem' in serialized_actor['publicKey']
+        assert (
+            serialized_actor['endpoints']['sharedInbox'] == f'{ap_url}/inbox'
+        )
+
+
 class TestActivityPubActorFollowingModel:
     def test_actor_2_sends_follow_requests_to_actor_1(
         self,
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index d80713957..d198ba347 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -5,6 +5,8 @@
 from fittrackee.federation.models import Actor, Domain, FollowRequest
 from fittrackee.users.models import User
 
+from ..utils import random_domain
+
 
 @pytest.fixture()
 def app_actor(app: Flask) -> Actor:
@@ -76,3 +78,44 @@ def follow_request_from_actor_3_to_actor_1(
     db.session.add(follow_request)
     db.session.commit()
     return follow_request
+
+
+@pytest.fixture()
+def remote_domain(app_with_federation: Flask) -> Domain:
+    remote_domain = Domain(name=random_domain())
+    db.session.add(remote_domain)
+    db.session.commit()
+    return remote_domain
+
+
+@pytest.fixture()
+def remote_actor(
+    user_2: User, app_with_federation: Flask, remote_domain: Domain
+) -> Actor:
+    user_name = user_2.username.capitalize()
+    user_url = f'{remote_domain.name}/users/{user_2.username}'
+    actor = Actor(
+        username=user_2.username,
+        domain_id=remote_domain.id,
+        remote_user_data={
+            '@context': [
+                'https://www.w3.org/ns/activitystreams',
+                'https://w3id.org/security/v1',
+            ],
+            'id': user_url,
+            'type': 'Person',
+            'following': f'{user_url}/following',
+            'followers': f'{user_url}/followers',
+            'inbox': f'{user_url}/inbox',
+            'outbox': f'{user_url}/outbox',
+            'name': user_name,
+            'preferredUsername': user_2.username,
+            'endpoints': {'sharedInbox': f'{remote_domain.name}/inbox'},
+        },
+    )
+    db.session.add(actor)
+    db.session.flush()
+    user_2.name = user_name
+    user_2.actor_id = actor.id
+    db.session.commit()
+    return actor
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index ac0989f09..1948e37ff 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -10,3 +10,7 @@ def random_string(length: Optional[int] = None) -> str:
         random.choice(string.ascii_letters + string.digits)
         for _ in range(length)
     )
+
+
+def random_domain() -> str:
+    return f'https://{random_string()}.social'

From 05d10153d9d887e02b760c276d3159b1577083fb Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 3 Feb 2021 20:17:28 +0100
Subject: [PATCH 012/238] API - init domain and actors creation in migration

---
 .../23_8842c351a2d8_init_federation.py        | 51 +++++++++++++++++--
 1 file changed, 48 insertions(+), 3 deletions(-)

diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 0566eb6f6..fe72a5ce3 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -5,8 +5,13 @@
 Create Date: 2021-01-10 16:02:43.811023
 
 """
-from alembic import op
+import os
+from datetime import datetime
+
 import sqlalchemy as sa
+from alembic import op
+
+from fittrackee.federation.utils import get_ap_url
 
 
 # revision identifiers, used by Alembic.
@@ -26,7 +31,7 @@ def upgrade():
     op.execute('UPDATE app_config SET federation_enabled = false')
     op.alter_column('app_config', 'federation_enabled', nullable=False)
 
-    op.create_table('domains',
+    domain_table = op.create_table('domains',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('name', sa.String(length=1000), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
@@ -35,7 +40,14 @@ def upgrade():
         sa.UniqueConstraint('name'),
     )
 
-    op.create_table('actors',
+    domain = os.environ['UI_URL']
+    created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
+    op.execute(
+        "INSERT INTO domains (name, created_at, is_allowed)"
+        f"VALUES ('{domain}', '{created_at}'::timestamp, True)"
+    )
+
+    actors_table = op.create_table('actors',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('activitypub_id', sa.String(length=255), nullable=False),
         sa.Column('domain_id', sa.Integer(), nullable=False),
@@ -61,6 +73,39 @@ def upgrade():
     op.create_unique_constraint('users_actor_id_key', 'users', ['actor_id'])
     op.create_foreign_key('users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id'])
 
+    # create local actors
+    user_helper = sa.Table(
+        'users',
+        sa.MetaData(),
+        sa.Column('id', sa.Integer(), nullable=False),
+        sa.Column('username', sa.String(length=20), nullable=False),
+    )
+    connection = op.get_bind()
+    domain = connection.execute(domain_table.select()).fetchone()
+    for user in connection.execute(user_helper.select()):
+        created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
+        op.execute(
+            "INSERT INTO actors ("
+            "activitypub_id, domain_id, preferred_username, followers_url, "
+            "following_url, inbox_url, outbox_url, shared_inbox_url, "
+            "created_at, manually_approves_followers) "
+            "VALUES ("
+            f"'{get_ap_url(user.username, 'user_url')}', "
+            f"{domain.id}, '{user.username}', "
+            f"'{get_ap_url(user.username, 'followers')}', "
+            f"'{get_ap_url(user.username, 'following')}', "
+            f"'{get_ap_url(user.username, 'inbox')}', "
+            f"'{get_ap_url(user.username, 'outbox')}', "
+            f"'{get_ap_url(user.username, 'shared_inbox')}', "
+            f"'{created_at}'::timestamp, {True}) RETURNING id"
+        )
+        actor = connection.execute(actors_table.select().where(
+            actors_table.c.preferred_username == user.username)).fetchone()
+        op.execute(
+            f'UPDATE users SET actor_id = {actor.id} WHERE users.id = {user.id}'
+        )
+
+
     op.create_table('follow_requests',
         sa.Column('follower_actor_id', sa.Integer(), nullable=False),
         sa.Column('followed_actor_id', sa.Integer(), nullable=False),

From 2c8f806e9e78faa071948e2e53ac36130847c64a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 3 Feb 2021 20:33:16 +0100
Subject: [PATCH 013/238] API - migration lint fix

---
 .../23_8842c351a2d8_init_federation.py        | 49 ++++++++++++++-----
 1 file changed, 36 insertions(+), 13 deletions(-)

diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index fe72a5ce3..498c4af7c 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -31,7 +31,8 @@ def upgrade():
     op.execute('UPDATE app_config SET federation_enabled = false')
     op.alter_column('app_config', 'federation_enabled', nullable=False)
 
-    domain_table = op.create_table('domains',
+    domain_table = op.create_table(
+        'domains',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('name', sa.String(length=1000), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
@@ -47,11 +48,17 @@ def upgrade():
         f"VALUES ('{domain}', '{created_at}'::timestamp, True)"
     )
 
-    actors_table = op.create_table('actors',
+    actors_table = op.create_table(
+        'actors',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
         sa.Column('activitypub_id', sa.String(length=255), nullable=False),
         sa.Column('domain_id', sa.Integer(), nullable=False),
-        sa.Column('type', sa.Enum('APPLICATION', 'GROUP', 'PERSON', name='actor_types'), server_default='PERSON', nullable=True),
+        sa.Column(
+            'type',
+            sa.Enum('APPLICATION', 'GROUP', 'PERSON', name='actor_types'),
+            server_default='PERSON',
+            nullable=True,
+        ),
         sa.Column('preferred_username', sa.String(length=255), nullable=False),
         sa.Column('public_key', sa.String(length=5000), nullable=True),
         sa.Column('private_key', sa.String(length=5000), nullable=True),
@@ -63,15 +70,22 @@ def upgrade():
         sa.Column('created_at', sa.DateTime(), nullable=False),
         sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
         sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
-        sa.ForeignKeyConstraint(['domain_id'], ['domains.id'], ),
+        sa.ForeignKeyConstraint(
+            ['domain_id'],
+            ['domains.id'],
+        ),
         sa.PrimaryKeyConstraint('id'),
         sa.UniqueConstraint('activitypub_id'),
-        sa.UniqueConstraint('domain_id', 'preferred_username', name='domain_username_unique'),
+        sa.UniqueConstraint(
+            'domain_id', 'preferred_username', name='domain_username_unique'
+        ),
     )
 
     op.add_column('users', sa.Column('actor_id', sa.Integer(), nullable=True))
     op.create_unique_constraint('users_actor_id_key', 'users', ['actor_id'])
-    op.create_foreign_key('users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id'])
+    op.create_foreign_key(
+        'users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id']
+    )
 
     # create local actors
     user_helper = sa.Table(
@@ -99,22 +113,31 @@ def upgrade():
             f"'{get_ap_url(user.username, 'shared_inbox')}', "
             f"'{created_at}'::timestamp, {True}) RETURNING id"
         )
-        actor = connection.execute(actors_table.select().where(
-            actors_table.c.preferred_username == user.username)).fetchone()
+        actor = connection.execute(
+            actors_table.select().where(
+                actors_table.c.preferred_username == user.username
+            )
+        ).fetchone()
         op.execute(
             f'UPDATE users SET actor_id = {actor.id} WHERE users.id = {user.id}'
         )
 
-
-    op.create_table('follow_requests',
+    op.create_table(
+        'follow_requests',
         sa.Column('follower_actor_id', sa.Integer(), nullable=False),
         sa.Column('followed_actor_id', sa.Integer(), nullable=False),
         sa.Column('is_approved', sa.Boolean(), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
         sa.Column('updated_at', sa.DateTime(), nullable=True),
-        sa.ForeignKeyConstraint(['followed_actor_id'], ['actors.id'], ),
-        sa.ForeignKeyConstraint(['follower_actor_id'], ['actors.id'], ),
-        sa.PrimaryKeyConstraint('follower_actor_id', 'followed_actor_id')
+        sa.ForeignKeyConstraint(
+            ['followed_actor_id'],
+            ['actors.id'],
+        ),
+        sa.ForeignKeyConstraint(
+            ['follower_actor_id'],
+            ['actors.id'],
+        ),
+        sa.PrimaryKeyConstraint('follower_actor_id', 'followed_actor_id'),
     )
 
 

From d577c3b73b97d32a4b14ab4610375011972b1407 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 12:00:44 +0100
Subject: [PATCH 014/238] API - move follow request in user since federation
 can be disabled (wip)

---
 fittrackee/federation/exceptions.py           |  6 --
 fittrackee/federation/models.py               | 77 ---------------
 .../23_8842c351a2d8_init_federation.py        | 14 +--
 .../federation/test_federation_models.py      | 97 +-----------------
 .../tests/fixtures/fixtures_federation.py     | 26 +----
 fittrackee/tests/fixtures/fixtures_users.py   | 26 ++++-
 fittrackee/tests/users/test_users_model.py    | 99 ++++++++++++++++++-
 fittrackee/users/exceptions.py                |  8 ++
 fittrackee/users/models.py                    | 80 +++++++++++++++
 9 files changed, 220 insertions(+), 213 deletions(-)
 delete mode 100644 fittrackee/federation/exceptions.py

diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
deleted file mode 100644
index 8cce59def..000000000
--- a/fittrackee/federation/exceptions.py
+++ /dev/null
@@ -1,6 +0,0 @@
-class FollowRequestAlreadyProcessedError(Exception):
-    ...
-
-
-class NotExistingFollowRequestError(Exception):
-    ...
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 291f6d8b4..fd858f9cd 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -8,10 +8,6 @@
 
 from .constants import AP_CTX
 from .enums import ActorType
-from .exceptions import (
-    FollowRequestAlreadyProcessedError,
-    NotExistingFollowRequestError,
-)
 from .utils import generate_keys, get_ap_url
 
 
@@ -49,27 +45,6 @@ def serialize(self) -> Dict:
         }
 
 
-class FollowRequest(BaseModel):
-    """Follow request between two actors"""
-
-    __tablename__ = 'follow_requests'
-    follower_actor_id = db.Column(
-        db.Integer,
-        db.ForeignKey('actors.id'),
-        primary_key=True,
-    )
-    followed_actor_id = db.Column(
-        db.Integer,
-        db.ForeignKey('actors.id'),
-        primary_key=True,
-    )
-    is_approved = db.Column(db.Boolean, default=False, nullable=False)
-    created_at = db.Column(
-        db.DateTime, nullable=False, default=datetime.utcnow
-    )
-    updated_at = db.Column(db.DateTime, nullable=True)
-
-
 class Actor(BaseModel):
     """ActivityPub Actor"""
 
@@ -104,19 +79,6 @@ class Actor(BaseModel):
     domain = db.relationship('Domain', back_populates='actors')
     user = db.relationship('User', uselist=False, back_populates='actor')
 
-    received_follow_requests = db.relationship(
-        FollowRequest,
-        backref='to_actor',
-        primaryjoin=id == FollowRequest.followed_actor_id,
-        lazy='dynamic',
-    )
-    sent_follow_requests = db.relationship(
-        FollowRequest,
-        backref='from_actor',
-        primaryjoin=id == FollowRequest.follower_actor_id,
-        lazy='dynamic',
-    )
-
     def __str__(self) -> str:
         return f'<Actor \'{self.name}\'>'
 
@@ -160,45 +122,6 @@ def name(self) -> Optional[str]:
             return self.user.username
         return None
 
-    @property
-    def pending_follow_requests(self) -> FollowRequest:
-        return self.received_follow_requests.filter_by(updated_at=None).all()
-
-    def send_follow_request_to(self, target: 'Actor') -> FollowRequest:
-        follow_request = FollowRequest(
-            follower_actor_id=self.id, followed_actor_id=target.id
-        )
-        db.session.add(follow_request)
-        db.session.commit()
-        return follow_request
-
-    def _processes_follow_request_from(
-        self, actor: 'Actor', approved: bool
-    ) -> FollowRequest:
-        follow_request = FollowRequest.query.filter_by(
-            follower_actor_id=actor.id, followed_actor_id=self.id
-        ).first()
-        if not follow_request:
-            raise NotExistingFollowRequestError()
-        if follow_request.updated_at is not None:
-            raise FollowRequestAlreadyProcessedError()
-        follow_request.is_approved = approved
-        follow_request.updated_at = datetime.now()
-        db.session.commit()
-        return follow_request
-
-    def approves_follow_request_from(self, actor: 'Actor') -> FollowRequest:
-        follow_request = self._processes_follow_request_from(
-            actor=actor, approved=True
-        )
-        return follow_request
-
-    def refuses_follow_request_from(self, actor: 'Actor') -> FollowRequest:
-        follow_request = self._processes_follow_request_from(
-            actor=actor, approved=False
-        )
-        return follow_request
-
     def serialize(self) -> Dict:
         return {
             '@context': AP_CTX,
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 498c4af7c..e254f1256 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -124,20 +124,20 @@ def upgrade():
 
     op.create_table(
         'follow_requests',
-        sa.Column('follower_actor_id', sa.Integer(), nullable=False),
-        sa.Column('followed_actor_id', sa.Integer(), nullable=False),
+        sa.Column('follower_user_id', sa.Integer(), nullable=False),
+        sa.Column('followed_user_id', sa.Integer(), nullable=False),
         sa.Column('is_approved', sa.Boolean(), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
         sa.Column('updated_at', sa.DateTime(), nullable=True),
         sa.ForeignKeyConstraint(
-            ['followed_actor_id'],
-            ['actors.id'],
+            ['followed_user_id'],
+            ['users.id'],
         ),
         sa.ForeignKeyConstraint(
-            ['follower_actor_id'],
-            ['actors.id'],
+            ['follower_user_id'],
+            ['users.id'],
         ),
-        sa.PrimaryKeyConstraint('follower_actor_id', 'followed_actor_id'),
+        sa.PrimaryKeyConstraint('follower_user_id', 'followed_user_id'),
     )
 
 
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/test_federation_models.py
index fb573d9b8..23da42bd2 100644
--- a/fittrackee/tests/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/test_federation_models.py
@@ -1,4 +1,3 @@
-from datetime import datetime
 from uuid import uuid4
 
 import pytest
@@ -8,11 +7,7 @@
 from flask import Flask
 
 from fittrackee.federation.constants import AP_CTX
-from fittrackee.federation.exceptions import (
-    FollowRequestAlreadyProcessedError,
-    NotExistingFollowRequestError,
-)
-from fittrackee.federation.models import Actor, Domain, FollowRequest
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils import get_ap_url
 
 
@@ -173,96 +168,6 @@ def test_it_returns_serialized_object(
         )
 
 
-class TestActivityPubActorFollowingModel:
-    def test_actor_2_sends_follow_requests_to_actor_1(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-    ) -> None:
-        follow_request = actor_2.send_follow_request_to(actor_1)
-
-        assert follow_request in actor_2.sent_follow_requests.all()
-
-    def test_actor_1_receives_follow_requests_from_actor_2(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-    ) -> None:
-        follow_request = actor_2.send_follow_request_to(actor_1)
-
-        assert follow_request in actor_1.received_follow_requests.all()
-
-    def test_actor_has_pending_follow_request(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        follow_request_from_actor_2_to_actor_1: FollowRequest,
-    ) -> None:
-        assert (
-            follow_request_from_actor_2_to_actor_1
-            in actor_1.pending_follow_requests
-        )
-
-    def test_actor_has_no_pending_follow_request(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        follow_request_from_actor_2_to_actor_1: FollowRequest,
-    ) -> None:
-        follow_request_from_actor_2_to_actor_1.updated_at = datetime.now()
-        assert actor_1.pending_follow_requests == []
-
-    def test_actor_approves_follow_request(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_actor_2_to_actor_1: FollowRequest,
-        follow_request_from_actor_3_to_actor_1: FollowRequest,
-    ) -> None:
-        follow_request = actor_1.approves_follow_request_from(actor_2)
-
-        assert follow_request.is_approved
-        assert actor_1.pending_follow_requests == [
-            follow_request_from_actor_3_to_actor_1
-        ]
-
-    def test_actor_refuses_follow_request(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_actor_2_to_actor_1: FollowRequest,
-    ) -> None:
-        follow_request = actor_1.refuses_follow_request_from(actor_2)
-
-        assert not follow_request.is_approved
-        assert actor_1.pending_follow_requests == []
-
-    def test_it_raises_error_if_follow_request_does_not_exists(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-    ) -> None:
-        with pytest.raises(NotExistingFollowRequestError):
-            actor_1.approves_follow_request_from(actor_2)
-
-    def test_it_raises_error_if_actor_approves_follow_request_already_processed(  # noqa
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_actor_2_to_actor_1: FollowRequest,
-    ) -> None:
-        follow_request_from_actor_2_to_actor_1.updated_at = datetime.now()
-
-        with pytest.raises(FollowRequestAlreadyProcessedError):
-            actor_1.approves_follow_request_from(actor_2)
-
-
 class TestActivityPubActorModel:
     def test_it_returns_actor_empty_name(
         self, app_with_federation: Flask
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index d198ba347..c2dccd064 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -2,7 +2,7 @@
 from flask import Flask
 
 from fittrackee import db
-from fittrackee.federation.models import Actor, Domain, FollowRequest
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import User
 
 from ..utils import random_domain
@@ -56,30 +56,6 @@ def actor_3(user_3: User, app_with_federation: Flask) -> Actor:
     return actor
 
 
-@pytest.fixture()
-def follow_request_from_actor_2_to_actor_1(
-    actor_1: Actor, actor_2: Actor
-) -> FollowRequest:
-    follow_request = FollowRequest(
-        followed_actor_id=actor_1.id, follower_actor_id=actor_2.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
-
-
-@pytest.fixture()
-def follow_request_from_actor_3_to_actor_1(
-    actor_1: Actor, actor_3: Actor
-) -> FollowRequest:
-    follow_request = FollowRequest(
-        followed_actor_id=actor_1.id, follower_actor_id=actor_3.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
-
-
 @pytest.fixture()
 def remote_domain(app_with_federation: Flask) -> Domain:
     remote_domain = Domain(name=random_domain())
diff --git a/fittrackee/tests/fixtures/fixtures_users.py b/fittrackee/tests/fixtures/fixtures_users.py
index d1f7ce15b..6e238a8fe 100644
--- a/fittrackee/tests/fixtures/fixtures_users.py
+++ b/fittrackee/tests/fixtures/fixtures_users.py
@@ -3,7 +3,7 @@
 import pytest
 
 from fittrackee import db
-from fittrackee.users.models import User, UserSportPreference
+from fittrackee.users.models import FollowRequest, User, UserSportPreference
 from fittrackee.workouts.models import Sport
 
 
@@ -110,3 +110,27 @@ def user_admin_sport_1_preference(
     db.session.add(user_sport)
     db.session.commit()
     return user_sport
+
+
+@pytest.fixture()
+def follow_request_from_user_2_to_user_1(
+    user_1: User, user_2: User
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        followed_user_id=user_1.id, follower_user_id=user_2.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_user_3_to_user_1(
+    user_1: User, user_3: User
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        followed_user_id=user_1.id, follower_user_id=user_3.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 129c7866b..0aaf6de67 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -1,6 +1,13 @@
+from datetime import datetime
+
+import pytest
 from flask import Flask
 
-from fittrackee.users.models import User, UserSportPreference
+from fittrackee.users.exceptions import (
+    FollowRequestAlreadyProcessedError,
+    NotExistingFollowRequestError,
+)
+from fittrackee.users.models import FollowRequest, User, UserSportPreference
 from fittrackee.workouts.models import Sport, Workout
 
 
@@ -76,3 +83,93 @@ def test_user_model(
         assert serialized_user_sport['color'] is None
         assert serialized_user_sport['is_active']
         assert serialized_user_sport['stopped_speed_threshold'] == 1
+
+
+class TestUserFollowingModel:
+    def test_user_2_sends_follow_requests_to_user_1(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        follow_request = user_2.send_follow_request_to(user_1)
+
+        assert follow_request in user_2.sent_follow_requests.all()
+
+    def test_user_1_receives_follow_requests_from_user_2(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        follow_request = user_2.send_follow_request_to(user_1)
+
+        assert follow_request in user_1.received_follow_requests.all()
+
+    def test_user_has_pending_follow_request(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        assert (
+            follow_request_from_user_2_to_user_1
+            in user_1.pending_follow_requests
+        )
+
+    def test_user_has_no_pending_follow_request(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.updated_at = datetime.now()
+        assert user_1.pending_follow_requests == []
+
+    def test_user_approves_follow_request(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request = user_1.approves_follow_request_from(user_2)
+
+        assert follow_request.is_approved
+        assert user_1.pending_follow_requests == [
+            follow_request_from_user_3_to_user_1
+        ]
+
+    def test_user_refuses_follow_request(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request = user_1.refuses_follow_request_from(user_2)
+
+        assert not follow_request.is_approved
+        assert user_1.pending_follow_requests == []
+
+    def test_it_raises_error_if_follow_request_does_not_exists(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        with pytest.raises(NotExistingFollowRequestError):
+            user_1.approves_follow_request_from(user_2)
+
+    def test_it_raises_error_if_user_approves_follow_request_already_processed(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.updated_at = datetime.now()
+
+        with pytest.raises(FollowRequestAlreadyProcessedError):
+            user_1.approves_follow_request_from(user_2)
diff --git a/fittrackee/users/exceptions.py b/fittrackee/users/exceptions.py
index 08d045376..9e1b542dd 100644
--- a/fittrackee/users/exceptions.py
+++ b/fittrackee/users/exceptions.py
@@ -1,2 +1,10 @@
+class FollowRequestAlreadyProcessedError(Exception):
+    ...
+
+
+class NotExistingFollowRequestError(Exception):
+    ...
+
+
 class UserNotFoundException(Exception):
     ...
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index da55a9218..7c2b203c9 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -11,9 +11,38 @@
 from fittrackee.federation.models import Actor
 from fittrackee.workouts.models import Workout
 
+from .exceptions import (
+    FollowRequestAlreadyProcessedError,
+    NotExistingFollowRequestError,
+)
 from .utils.token import decode_user_token, get_user_token
 
 
+class FollowRequest(BaseModel):
+    """Follow request between two users"""
+
+    __tablename__ = 'follow_requests'
+    follower_user_id = db.Column(
+        db.Integer,
+        db.ForeignKey('users.id'),
+        primary_key=True,
+    )
+    followed_user_id = db.Column(
+        db.Integer,
+        db.ForeignKey('users.id'),
+        primary_key=True,
+    )
+    is_approved = db.Column(db.Boolean, default=False, nullable=False)
+    created_at = db.Column(
+        db.DateTime, nullable=False, default=datetime.utcnow
+    )
+    updated_at = db.Column(db.DateTime, nullable=True)
+
+    def __init__(self, follower_user_id: int, followed_user_id: int):
+        self.follower_user_id = follower_user_id
+        self.followed_user_id = followed_user_id
+
+
 class User(BaseModel):
     __tablename__ = 'users'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
@@ -47,6 +76,18 @@ class User(BaseModel):
     language = db.Column(db.String(50), nullable=True)
     imperial_units = db.Column(db.Boolean, default=False, nullable=False)
     actor = db.relationship(Actor, back_populates='user')
+    received_follow_requests = db.relationship(
+        FollowRequest,
+        backref='to_user',
+        primaryjoin=id == FollowRequest.followed_user_id,
+        lazy='dynamic',
+    )
+    sent_follow_requests = db.relationship(
+        FollowRequest,
+        backref='from_user',
+        primaryjoin=id == FollowRequest.follower_user_id,
+        lazy='dynamic',
+    )
 
     def __repr__(self) -> str:
         return f'<User {self.username!r}>'
@@ -109,6 +150,45 @@ def workouts_count(self) -> int:
             .label('workouts_count')
         )
 
+    @property
+    def pending_follow_requests(self) -> FollowRequest:
+        return self.received_follow_requests.filter_by(updated_at=None).all()
+
+    def send_follow_request_to(self, target: 'User') -> FollowRequest:
+        follow_request = FollowRequest(
+            follower_user_id=self.id, followed_user_id=target.id
+        )
+        db.session.add(follow_request)
+        db.session.commit()
+        return follow_request
+
+    def _processes_follow_request_from(
+        self, user: 'User', approved: bool
+    ) -> FollowRequest:
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=user.id, followed_user_id=self.id
+        ).first()
+        if not follow_request:
+            raise NotExistingFollowRequestError()
+        if follow_request.updated_at is not None:
+            raise FollowRequestAlreadyProcessedError()
+        follow_request.is_approved = approved
+        follow_request.updated_at = datetime.now()
+        db.session.commit()
+        return follow_request
+
+    def approves_follow_request_from(self, user: 'User') -> FollowRequest:
+        follow_request = self._processes_follow_request_from(
+            user=user, approved=True
+        )
+        return follow_request
+
+    def refuses_follow_request_from(self, user: 'User') -> FollowRequest:
+        follow_request = self._processes_follow_request_from(
+            user=user, approved=False
+        )
+        return follow_request
+
     def serialize(self) -> Dict:
         sports = []
         total = (0, '0:00:00')

From 63cbcae93a5f2dda0ae2a36e5465f17acc8520b8 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 12:10:59 +0100
Subject: [PATCH 015/238] API - get pending follow requests

---
 fittrackee/__init__.py                        |   2 +
 .../tests/fixtures/fixtures_federation.py     |   2 +-
 fittrackee/tests/fixtures/fixtures_users.py   |  12 +
 .../users/test_users_follow_request_api.py    | 265 ++++++++++++++++++
 fittrackee/users/follow_requests.py           |  51 ++++
 fittrackee/users/models.py                    |  10 +
 6 files changed, 341 insertions(+), 1 deletion(-)
 create mode 100644 fittrackee/tests/users/test_users_follow_request_api.py
 create mode 100644 fittrackee/users/follow_requests.py

diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index eec1be648..c02687169 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -83,6 +83,7 @@ def create_app() -> Flask:
 
     from .application.app_config import config_blueprint  # noqa
     from .users.auth import auth_blueprint  # noqa
+    from .users.follow_requests import follow_requests_blueprint  # noqa
     from .users.users import users_blueprint  # noqa
     from .workouts.records import records_blueprint  # noqa
     from .workouts.sports import sports_blueprint  # noqa
@@ -96,6 +97,7 @@ def create_app() -> Flask:
     app.register_blueprint(stats_blueprint, url_prefix='/api')
     app.register_blueprint(users_blueprint, url_prefix='/api')
     app.register_blueprint(workouts_blueprint, url_prefix='/api')
+    app.register_blueprint(follow_requests_blueprint, url_prefix='/api')
 
     # ActivityPub federation
     from .federation.federation import ap_federation_blueprint  # noqa
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index c2dccd064..82d20a4ef 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -50,8 +50,8 @@ def actor_3(user_3: User, app_with_federation: Flask) -> Actor:
     ).first()
     actor = Actor(username=user_3.username, domain_id=domain.id)
     db.session.add(actor)
-    user_3.actor_id = actor.id
     db.session.flush()
+    user_3.actor_id = actor.id
     db.session.commit()
     return actor
 
diff --git a/fittrackee/tests/fixtures/fixtures_users.py b/fittrackee/tests/fixtures/fixtures_users.py
index 6e238a8fe..c867576d9 100644
--- a/fittrackee/tests/fixtures/fixtures_users.py
+++ b/fittrackee/tests/fixtures/fixtures_users.py
@@ -134,3 +134,15 @@ def follow_request_from_user_3_to_user_1(
     db.session.add(follow_request)
     db.session.commit()
     return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_user_3_to_user_2(
+    user_2: User, user_3: User
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        followed_user_id=user_2.id, follower_user_id=user_3.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
new file mode 100644
index 000000000..0e01691a5
--- /dev/null
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -0,0 +1,265 @@
+import json
+from datetime import datetime
+from unittest.mock import patch
+
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+from fittrackee.users.models import FollowRequest, User
+
+from ..api_test_case import ApiTestCaseMixin
+
+
+class TestGetFollowRequestWithoutFederation(ApiTestCaseMixin):
+    def test_it_returns_empty_list_if_no_follow_request(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['follow_requests'] == []
+
+    def test_it_returns_current_user_pending_follow_requests(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['username'] == 'sam'
+        assert '@context' not in data['data']['follow_requests'][0]
+
+
+class TestGetFollowRequestWithFederation(ApiTestCaseMixin):
+    def test_it_returns_empty_list_if_no_follow_request(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['follow_requests'] == []
+
+    def test_it_returns_current_user_follow_requests_with_actors(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_3_to_user_1.updated_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['name'] == 'toto'
+        assert '@context' in data['data']['follow_requests'][0]
+
+
+class TestGetFollowRequestPagination(ApiTestCaseMixin):
+    def test_it_returns_pagination(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 2
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 2,
+        }
+
+    @patch('fittrackee.users.follow_requests.FOLLOW_REQUESTS_PER_PAGE', 1)
+    def test_it_returns_second_page(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests?page=2',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['username'] == 'sam'
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 2,
+        }
+
+    @patch('fittrackee.users.follow_requests.MAX_FOLLOW_REQUESTS_PER_PAGE', 1)
+    def test_it_returns_max_follow_request_per_page(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests?per_page=10',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['username'] == 'toto'
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 2,
+        }
+
+    def test_it_returns_follow_requests_with_descending_order(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests?order=desc',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 2
+        assert data['data']['follow_requests'][0]['username'] == 'sam'
+        assert data['data']['follow_requests'][1]['username'] == 'toto'
+
+    def test_it_returns_one_request_per_page(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests?per_page=1',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['username'] == 'toto'
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 2,
+        }
+
+    def test_it_returns_second_page_with_one_request_per_page_with_descending_order(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.get(
+            '/api/follow_requests?page=2&per_page=1&order=desc',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['username'] == 'toto'
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 2,
+        }
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
new file mode 100644
index 000000000..9ffef1ef8
--- /dev/null
+++ b/fittrackee/users/follow_requests.py
@@ -0,0 +1,51 @@
+from typing import Dict
+
+from flask import Blueprint, current_app, request
+
+from .decorators import authenticate
+from .models import FollowRequest, User
+
+follow_requests_blueprint = Blueprint('follow_requests', __name__)
+
+FOLLOW_REQUESTS_PER_PAGE = 10
+MAX_FOLLOW_REQUESTS_PER_PAGE = 50
+
+
+@follow_requests_blueprint.route('/follow_requests', methods=['GET'])
+@authenticate
+def get_users(auth_user: User) -> Dict:
+    params = request.args.copy()
+    page = int(params.get('page', 1))
+    per_page = int(params.get('per_page', FOLLOW_REQUESTS_PER_PAGE))
+    order = params.get('order', 'asc')
+    if per_page > MAX_FOLLOW_REQUESTS_PER_PAGE:
+        per_page = MAX_FOLLOW_REQUESTS_PER_PAGE
+    follow_requests_pagination = (
+        FollowRequest.query.filter_by(
+            followed_user_id=auth_user.id,
+            updated_at=None,
+        )
+        .order_by(
+            FollowRequest.created_at.asc() if order == 'asc' else True,
+            FollowRequest.created_at.desc() if order == 'desc' else True,
+        )
+        .paginate(page, per_page, False)
+    )
+    follow_requests = follow_requests_pagination.items
+    federation_enabled = current_app.config['federation_enabled']
+    return {
+        'status': 'success',
+        'data': {
+            'follow_requests': [
+                follow_request.serialize(federation_enabled)['from_user']
+                for follow_request in follow_requests
+            ]
+        },
+        'pagination': {
+            'has_next': follow_requests_pagination.has_next,
+            'has_prev': follow_requests_pagination.has_prev,
+            'page': follow_requests_pagination.page,
+            'pages': follow_requests_pagination.pages,
+            'total': follow_requests_pagination.total,
+        },
+    }
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 7c2b203c9..524d07676 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -42,6 +42,16 @@ def __init__(self, follower_user_id: int, followed_user_id: int):
         self.follower_user_id = follower_user_id
         self.followed_user_id = followed_user_id
 
+    def serialize(self, federation_enabled: bool) -> Dict:
+        return {
+            'from_user': self.from_user.actor.serialize()
+            if federation_enabled
+            else self.from_user.serialize(),
+            'to_user': self.to_user.actor.serialize()
+            if federation_enabled
+            else self.to_user.serialize(),
+        }
+
 
 class User(BaseModel):
     __tablename__ = 'users'

From d759186ad11ef9b6c46d1a5612cfb2f18a4177c5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 12:21:58 +0100
Subject: [PATCH 016/238] API - init follow route (wip)

---
 fittrackee/tests/fixtures/fixtures_users.py   | 12 ++++
 .../tests/users/test_users_follow_api.py      | 68 +++++++++++++++++++
 fittrackee/tests/utils.py                     | 15 +++-
 fittrackee/users/follow_requests.py           |  2 +-
 fittrackee/users/models.py                    |  3 +
 fittrackee/users/users.py                     | 27 +++++++-
 6 files changed, 122 insertions(+), 5 deletions(-)
 create mode 100644 fittrackee/tests/users/test_users_follow_api.py

diff --git a/fittrackee/tests/fixtures/fixtures_users.py b/fittrackee/tests/fixtures/fixtures_users.py
index c867576d9..88e83e011 100644
--- a/fittrackee/tests/fixtures/fixtures_users.py
+++ b/fittrackee/tests/fixtures/fixtures_users.py
@@ -112,6 +112,18 @@ def user_admin_sport_1_preference(
     return user_sport
 
 
+@pytest.fixture()
+def follow_request_from_user_1_to_user_2(
+    user_1: User, user_2: User
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=user_1.id, followed_user_id=user_2.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
 @pytest.fixture()
 def follow_request_from_user_2_to_user_1(
     user_1: User, user_2: User
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
new file mode 100644
index 000000000..fdd9167c1
--- /dev/null
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -0,0 +1,68 @@
+import json
+from datetime import datetime
+
+from flask import Flask
+
+from fittrackee.users.models import FollowRequest, User
+
+from ..api_test_case import ApiTestCaseMixin
+from ..utils import random_string
+
+
+class TestGetFollowRequestWithoutFederation(ApiTestCaseMixin):
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.post(
+            f'/api/users/{random_string()}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_raises_error_if_target_user_has_already_rejected_request(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = False
+        follow_request_from_user_1_to_user_2.updated_at = datetime.now()
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.post(
+            f'/api/users/{user_2.username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'error'
+        assert data['message'] == 'you do not have permissions'
+
+    def test_it_creates_follow_request(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.post(
+            f'/api/users/{user_2.username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{user_2.username}' is sent."
+        )
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 1948e37ff..460dc91b2 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -3,14 +3,23 @@
 from typing import Optional
 
 
-def random_string(length: Optional[int] = None) -> str:
+def random_string(
+    length: Optional[int] = None,
+    prefix: Optional[str] = None,
+    suffix: Optional[str] = None,
+) -> str:
     if length is None:
         length = 10
-    return ''.join(
+    random_str = ''.join(
         random.choice(string.ascii_letters + string.digits)
         for _ in range(length)
     )
+    return (
+        f'{"" if prefix is None else prefix}'
+        f'{random_str}'
+        f'{"" if suffix is None else suffix}'
+    )
 
 
 def random_domain() -> str:
-    return f'https://{random_string()}.social'
+    return random_string(prefix='https://', suffix='.social')
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index 9ffef1ef8..642c3ad84 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -13,7 +13,7 @@
 
 @follow_requests_blueprint.route('/follow_requests', methods=['GET'])
 @authenticate
-def get_users(auth_user: User) -> Dict:
+def get_follow_requests(auth_user: User) -> Dict:
     params = request.args.copy()
     page = int(params.get('page', 1))
     per_page = int(params.get('per_page', FOLLOW_REQUESTS_PER_PAGE))
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 524d07676..cb1451238 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -42,6 +42,9 @@ def __init__(self, follower_user_id: int, followed_user_id: int):
         self.follower_user_id = follower_user_id
         self.followed_user_id = followed_user_id
 
+    def is_rejected(self) -> bool:
+        return not self.is_approved and self.updated_at is not None
+
     def serialize(self, federation_enabled: bool) -> Dict:
         return {
             'from_user': self.from_user.actor.serialize()
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index b321c866d..12957a523 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -20,7 +20,7 @@
 
 from .decorators import authenticate, authenticate_as_admin
 from .exceptions import UserNotFoundException
-from .models import User, UserSportPreference
+from .models import FollowRequest, User, UserSportPreference
 from .utils.admin import set_admin_rights
 
 users_blueprint = Blueprint('users', __name__)
@@ -597,3 +597,28 @@ def delete_user(
         OSError,
     ) as e:
         return handle_error_and_return_response(e, db=db)
+
+
+@users_blueprint.route('/users/<user_name>/follow', methods=['POST'])
+@authenticate
+def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
+    successful_response_dict = {
+        'status': 'success',
+        'message': f"Follow request to user '{user_name}' is sent.",
+    }
+    target_user = User.query.filter_by(username=user_name).first()
+    if target_user:
+        existing_follow_request = FollowRequest.query.filter_by(
+            follower_user_id=auth_user.id, followed_user_id=target_user.id
+        ).first()
+        if existing_follow_request:
+            if existing_follow_request.is_rejected():
+                return ForbiddenErrorResponse()
+            else:
+                return successful_response_dict
+
+        auth_user = User.query.filter_by(id=auth_user.id).first()
+        auth_user.send_follow_request_to(target_user)
+        return successful_response_dict
+
+    return UserNotFoundErrorResponse()

From 49626f8c7a90161c6b4ffb3e8f07f4f7b67070de Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 13 Jun 2021 15:03:42 +0200
Subject: [PATCH 017/238] API - minor refactor

(move all federation-related tests in federation directory)
---
 .../tests/federation/federation/__init__.py   |  0
 .../test_federation_federation.py             |  0
 .../test_federation_models.py                 |  0
 .../test_federation_nodeinfo.py               |  0
 .../test_federation_webfinger.py              |  0
 fittrackee/tests/federation/users/__init__.py |  0
 .../users/test_users_follow_request_api.py    | 57 +++++++++++++++++++
 .../users/test_users_follow_request_api.py    | 49 ----------------
 fittrackee/tests/users/test_users_model.py    | 10 ++--
 9 files changed, 62 insertions(+), 54 deletions(-)
 create mode 100644 fittrackee/tests/federation/federation/__init__.py
 rename fittrackee/tests/federation/{ => federation}/test_federation_federation.py (100%)
 rename fittrackee/tests/federation/{ => federation}/test_federation_models.py (100%)
 rename fittrackee/tests/federation/{ => federation}/test_federation_nodeinfo.py (100%)
 rename fittrackee/tests/federation/{ => federation}/test_federation_webfinger.py (100%)
 create mode 100644 fittrackee/tests/federation/users/__init__.py
 create mode 100644 fittrackee/tests/federation/users/test_users_follow_request_api.py

diff --git a/fittrackee/tests/federation/federation/__init__.py b/fittrackee/tests/federation/federation/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
similarity index 100%
rename from fittrackee/tests/federation/test_federation_federation.py
rename to fittrackee/tests/federation/federation/test_federation_federation.py
diff --git a/fittrackee/tests/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
similarity index 100%
rename from fittrackee/tests/federation/test_federation_models.py
rename to fittrackee/tests/federation/federation/test_federation_models.py
diff --git a/fittrackee/tests/federation/test_federation_nodeinfo.py b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
similarity index 100%
rename from fittrackee/tests/federation/test_federation_nodeinfo.py
rename to fittrackee/tests/federation/federation/test_federation_nodeinfo.py
diff --git a/fittrackee/tests/federation/test_federation_webfinger.py b/fittrackee/tests/federation/federation/test_federation_webfinger.py
similarity index 100%
rename from fittrackee/tests/federation/test_federation_webfinger.py
rename to fittrackee/tests/federation/federation/test_federation_webfinger.py
diff --git a/fittrackee/tests/federation/users/__init__.py b/fittrackee/tests/federation/users/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
new file mode 100644
index 000000000..f9d896fba
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -0,0 +1,57 @@
+import json
+from datetime import datetime
+
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+from fittrackee.users.models import FollowRequest
+
+from ...api_test_case import ApiTestCaseMixin
+
+
+class TestGetFollowRequestWithFederation(ApiTestCaseMixin):
+    def test_it_returns_empty_list_if_no_follow_request(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['follow_requests'] == []
+
+    def test_it_returns_current_user_follow_requests_with_actors(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_3_to_user_1.updated_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.get(
+            '/api/follow_requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['follow_requests']) == 1
+        assert data['data']['follow_requests'][0]['name'] == 'toto'
+        assert '@context' in data['data']['follow_requests'][0]
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
index 0e01691a5..23ed21981 100644
--- a/fittrackee/tests/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -4,7 +4,6 @@
 
 from flask import Flask
 
-from fittrackee.federation.models import Actor
 from fittrackee.users.models import FollowRequest, User
 
 from ..api_test_case import ApiTestCaseMixin
@@ -52,54 +51,6 @@ def test_it_returns_current_user_pending_follow_requests(
         assert '@context' not in data['data']['follow_requests'][0]
 
 
-class TestGetFollowRequestWithFederation(ApiTestCaseMixin):
-    def test_it_returns_empty_list_if_no_follow_request(
-        self, app_with_federation: Flask, actor_1: Actor
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-
-        response = client.get(
-            '/api/follow_requests',
-            content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        assert response.status_code == 200
-        data = json.loads(response.data.decode())
-        assert data['status'] == 'success'
-        assert data['data']['follow_requests'] == []
-
-    def test_it_returns_current_user_follow_requests_with_actors(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_2_to_user_1: FollowRequest,
-        follow_request_from_user_3_to_user_1: FollowRequest,
-        follow_request_from_user_3_to_user_2: FollowRequest,
-    ) -> None:
-        follow_request_from_user_3_to_user_1.updated_at = datetime.utcnow()
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-
-        response = client.get(
-            '/api/follow_requests',
-            content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        assert response.status_code == 200
-        data = json.loads(response.data.decode())
-        assert data['status'] == 'success'
-        assert len(data['data']['follow_requests']) == 1
-        assert data['data']['follow_requests'][0]['name'] == 'toto'
-        assert '@context' in data['data']['follow_requests'][0]
-
-
 class TestGetFollowRequestPagination(ApiTestCaseMixin):
     def test_it_returns_pagination(
         self,
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 0aaf6de67..247cbcd39 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -119,7 +119,7 @@ def test_user_has_pending_follow_request(
 
     def test_user_has_no_pending_follow_request(
         self,
-        app_with_federation: Flask,
+        app: Flask,
         user_1: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
@@ -128,7 +128,7 @@ def test_user_has_no_pending_follow_request(
 
     def test_user_approves_follow_request(
         self,
-        app_with_federation: Flask,
+        app: Flask,
         user_1: User,
         user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
@@ -143,7 +143,7 @@ def test_user_approves_follow_request(
 
     def test_user_refuses_follow_request(
         self,
-        app_with_federation: Flask,
+        app: Flask,
         user_1: User,
         user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
@@ -155,7 +155,7 @@ def test_user_refuses_follow_request(
 
     def test_it_raises_error_if_follow_request_does_not_exists(
         self,
-        app_with_federation: Flask,
+        app: Flask,
         user_1: User,
         user_2: User,
     ) -> None:
@@ -164,7 +164,7 @@ def test_it_raises_error_if_follow_request_does_not_exists(
 
     def test_it_raises_error_if_user_approves_follow_request_already_processed(  # noqa
         self,
-        app_with_federation: Flask,
+        app: Flask,
         user_1: User,
         user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,

From 0ffa4d8565c6a807d11a517048eb5450e8861382 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 13 Jun 2021 18:06:08 +0200
Subject: [PATCH 018/238] API - add missing tests

---
 fittrackee/tests/conftest.py                  |  1 +
 .../federation/users/test_users_model.py      | 23 +++++++++++++++++++
 .../fixtures/fixtures_federation_users.py     | 18 +++++++++++++++
 fittrackee/tests/users/test_users_model.py    | 19 +++++++++++++++
 fittrackee/users/follow_requests.py           |  5 ++--
 fittrackee/users/models.py                    | 21 +++++++++++------
 6 files changed, 77 insertions(+), 10 deletions(-)
 create mode 100644 fittrackee/tests/federation/users/test_users_model.py
 create mode 100644 fittrackee/tests/fixtures/fixtures_federation_users.py

diff --git a/fittrackee/tests/conftest.py b/fittrackee/tests/conftest.py
index 98230d445..a36ba6d9f 100644
--- a/fittrackee/tests/conftest.py
+++ b/fittrackee/tests/conftest.py
@@ -8,6 +8,7 @@
 pytest_plugins = [
     'fittrackee.tests.fixtures.fixtures_app',
     'fittrackee.tests.fixtures.fixtures_federation',
+    'fittrackee.tests.fixtures.fixtures_federation_users',
     'fittrackee.tests.fixtures.fixtures_workouts',
     'fittrackee.tests.fixtures.fixtures_users',
 ]
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
new file mode 100644
index 000000000..c243d8f9b
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -0,0 +1,23 @@
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+from fittrackee.users.models import FollowRequest
+
+
+class TestFollowRequestModelWithFederation:
+    def test_follow_request_model(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_1_to_user_2_with_federation: FollowRequest,
+    ) -> None:
+        assert '<FollowRequest from user \'1\' to user \'2\'>' == str(
+            follow_request_from_user_1_to_user_2_with_federation
+        )
+
+        serialized_follow_request = (
+            follow_request_from_user_1_to_user_2_with_federation.serialize()
+        )
+        assert serialized_follow_request['from_user'] == actor_1.serialize()
+        assert serialized_follow_request['to_user'] == actor_2.serialize()
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
new file mode 100644
index 000000000..39c8eff99
--- /dev/null
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -0,0 +1,18 @@
+import pytest
+
+from fittrackee import db
+from fittrackee.federation.models import Actor
+from fittrackee.users.models import FollowRequest
+
+
+@pytest.fixture()
+def follow_request_from_user_1_to_user_2_with_federation(
+    actor_1: Actor,
+    actor_2: Actor,
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=actor_1.user.id, followed_user_id=actor_2.user.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 247cbcd39..c75670785 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -85,6 +85,25 @@ def test_user_model(
         assert serialized_user_sport['stopped_speed_threshold'] == 1
 
 
+class TestFollowRequestModel:
+    def test_follow_request_model(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        assert '<FollowRequest from user \'1\' to user \'2\'>' == str(
+            follow_request_from_user_1_to_user_2
+        )
+
+        serialized_follow_request = (
+            follow_request_from_user_1_to_user_2.serialize()
+        )
+        assert serialized_follow_request['from_user'] == user_1.serialize()
+        assert serialized_follow_request['to_user'] == user_2.serialize()
+
+
 class TestUserFollowingModel:
     def test_user_2_sends_follow_requests_to_user_1(
         self,
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index 642c3ad84..a54ea943c 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -1,6 +1,6 @@
 from typing import Dict
 
-from flask import Blueprint, current_app, request
+from flask import Blueprint, request
 
 from .decorators import authenticate
 from .models import FollowRequest, User
@@ -32,12 +32,11 @@ def get_follow_requests(auth_user: User) -> Dict:
         .paginate(page, per_page, False)
     )
     follow_requests = follow_requests_pagination.items
-    federation_enabled = current_app.config['federation_enabled']
     return {
         'status': 'success',
         'data': {
             'follow_requests': [
-                follow_request.serialize(federation_enabled)['from_user']
+                follow_request.serialize()['from_user']
                 for follow_request in follow_requests
             ]
         },
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index cb1451238..346fdaacb 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -38,6 +38,12 @@ class FollowRequest(BaseModel):
     )
     updated_at = db.Column(db.DateTime, nullable=True)
 
+    def __repr__(self) -> str:
+        return (
+            f'<FollowRequest from user \'{self.follower_user_id}\' '
+            f'to user \'{self.followed_user_id}\'>'
+        )
+
     def __init__(self, follower_user_id: int, followed_user_id: int):
         self.follower_user_id = follower_user_id
         self.followed_user_id = followed_user_id
@@ -45,14 +51,15 @@ def __init__(self, follower_user_id: int, followed_user_id: int):
     def is_rejected(self) -> bool:
         return not self.is_approved and self.updated_at is not None
 
-    def serialize(self, federation_enabled: bool) -> Dict:
+    def serialize(self) -> Dict:
+        if current_app.config['federation_enabled']:
+            return {
+                'from_user': self.from_user.actor.serialize(),
+                'to_user': self.to_user.actor.serialize(),
+            }
         return {
-            'from_user': self.from_user.actor.serialize()
-            if federation_enabled
-            else self.from_user.serialize(),
-            'to_user': self.to_user.actor.serialize()
-            if federation_enabled
-            else self.to_user.serialize(),
+            'from_user': self.from_user.serialize(),
+            'to_user': self.to_user.serialize(),
         }
 
 

From 3f35a00e19c0c01bf3e44ee23eff93532462e5b0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 12:55:27 +0100
Subject: [PATCH 019/238] API - add signature verification for federation (wip)

---
 fittrackee/federation/exceptions.py           |   9 +
 fittrackee/federation/signature.py            | 110 ++++++
 .../tests/federation/users/test_signature.py  | 336 ++++++++++++++++++
 fittrackee/tests/utils.py                     |  20 +-
 4 files changed, 474 insertions(+), 1 deletion(-)
 create mode 100644 fittrackee/federation/exceptions.py
 create mode 100644 fittrackee/federation/signature.py
 create mode 100644 fittrackee/tests/federation/users/test_signature.py

diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
new file mode 100644
index 000000000..1519996a5
--- /dev/null
+++ b/fittrackee/federation/exceptions.py
@@ -0,0 +1,9 @@
+from fittrackee.exceptions import GenericException
+
+
+class InvalidSignatureException(GenericException):
+    def __init__(self) -> None:
+        super().__init__(
+            status='error',
+            message='Invalid signature.',
+        )
diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
new file mode 100644
index 000000000..2d71496c4
--- /dev/null
+++ b/fittrackee/federation/signature.py
@@ -0,0 +1,110 @@
+import base64
+from datetime import datetime
+from typing import Dict, Optional
+
+import requests
+from Crypto.Hash import SHA256
+from Crypto.PublicKey import RSA
+from Crypto.Signature import pkcs1_15
+from flask import Request
+
+from fittrackee import appLog
+
+from .exceptions import InvalidSignatureException
+
+VALID_DATE_DELTA = 30  # in seconds
+VALID_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
+VALID_SIG_KEYS = ['keyId', 'headers', 'signature']
+
+
+class SignatureVerification:
+    def __init__(self, request: Request, signature_dict: Dict):
+        self.request = request
+        self.host = request.headers.get('Host', 'undefined')
+        self.date_str = request.headers.get('Date')
+        self.key_id = signature_dict['keyId']
+        self.headers = signature_dict['headers']
+        self.signature = base64.b64decode(signature_dict['signature'])
+
+    @classmethod
+    def get_signature(cls, request: Request) -> 'SignatureVerification':
+        signature_dict = {}
+        host = request.headers.get('Host', 'undefined')
+        try:
+            header_signature = request.headers['Signature'].split(',')
+            for part in header_signature:
+                key, value = part.split('=', 1)
+                signature_dict[key] = value.strip('"')
+        except Exception as e:
+            appLog.error(f'Invalid signature headers: {e} (host: {host}).')
+            raise InvalidSignatureException()
+
+        if list(signature_dict.keys()) != VALID_SIG_KEYS:
+            appLog.error(
+                f'Invalid signature headers: invalid keys (host: {host}).'
+            )
+            raise InvalidSignatureException()
+
+        return cls(request, signature_dict)
+
+    def get_actor_public_key(self) -> Optional[str]:
+        response = requests.get(
+            self.key_id,
+            headers={'Accept': 'application/activity+json'},
+        )
+        if response.status_code >= 400:
+            return None
+        try:
+            public_key = response.json()['publicKey']['publicKeyPem']
+        except Exception:
+            return None
+        return public_key
+
+    def is_date_invalid(self) -> bool:
+        if not self.date_str:
+            return True
+        try:
+            date = datetime.strptime(self.date_str, VALID_DATE_FORMAT)
+        except ValueError:
+            return True
+        delta = datetime.utcnow() - date
+        return delta.total_seconds() > VALID_DATE_DELTA
+
+    def verify(self) -> None:
+        public_key = self.get_actor_public_key()
+        if not public_key:
+            appLog.error(
+                f'Invalid signature: invalid public key (host: {self.host}).'
+            )
+            raise InvalidSignatureException()
+
+        if self.is_date_invalid():
+            appLog.error(
+                f'Invalid signature: invalid date header (host: {self.host}).'
+            )
+            raise InvalidSignatureException()
+
+        comparison = []
+        for headers_part in self.headers.split(' '):
+            if headers_part == '(request-target)':
+                comparison.append(
+                    '(request-target): post %s' % self.request.path
+                )
+            else:
+                comparison.append(
+                    "%s: %s"
+                    % (
+                        headers_part,
+                        self.request.headers[headers_part.capitalize()],
+                    )
+                )
+        comparison_string: str = '\n'.join(comparison)
+
+        signer = pkcs1_15.new(RSA.import_key(public_key))
+        digest = SHA256.new()
+        digest.update(comparison_string.encode())
+        try:
+            signer.verify(digest, self.signature)
+        except ValueError:
+            appLog.error(f'Invalid signature (host: {self.host}).')
+            raise InvalidSignatureException()
diff --git a/fittrackee/tests/federation/users/test_signature.py b/fittrackee/tests/federation/users/test_signature.py
new file mode 100644
index 000000000..603eb67ed
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_signature.py
@@ -0,0 +1,336 @@
+import base64
+from datetime import datetime, timedelta
+from typing import Dict, Optional
+from unittest.mock import MagicMock, patch
+
+import pytest
+import requests
+from Crypto.Hash import SHA256
+from Crypto.PublicKey import RSA
+from Crypto.Signature import pkcs1_15
+from flask import Flask
+
+from fittrackee.federation.exceptions import InvalidSignatureException
+from fittrackee.federation.models import Actor
+from fittrackee.federation.signature import (
+    VALID_DATE_DELTA,
+    VALID_DATE_FORMAT,
+    SignatureVerification,
+)
+
+from ...utils import generate_response, random_string
+
+
+class SignatureVerificationTestCase:
+    @staticmethod
+    def get_date_string(date: Optional[datetime] = None) -> str:
+        date = date if date else datetime.utcnow()
+        return date.strftime(VALID_DATE_FORMAT)
+
+    @staticmethod
+    def random_signature() -> str:
+        return str(base64.b64encode(random_string().encode()))
+
+    def generate_headers(
+        self,
+        key_id: Optional[str] = None,
+        signature: Optional[str] = None,
+        date_str: Optional[str] = None,  # overrides date
+        date: Optional[datetime] = None,
+        host: Optional[str] = None,
+    ) -> Dict:
+        key_id = key_id if key_id else random_string()
+        signature = signature if signature else self.random_signature()
+        signature_headers = (
+            f'keyId="{key_id}",headers="(request-target) host date",'
+            f'signature="' + signature + '"'
+        )
+        if date_str is None:
+            date_str = self.get_date_string(date)
+        return {
+            'Host': host if host else random_string(),
+            'Date': date_str,
+            'Signature': signature_headers,
+            'Content-Type': 'application/ld+json',
+        }
+
+    def generate_valid_headers(
+        self, host: str, actor: Actor, date_str: Optional[str] = None
+    ) -> Dict:
+        if date_str is None:
+            now = datetime.utcnow()
+            date_str = now.strftime(VALID_DATE_FORMAT)
+        signed_string = (
+            f'(request-target): post /inbox\nhost: {host}\n'
+            f'date: {date_str}'
+        )
+        key = RSA.import_key(actor.private_key)
+        key_signer = pkcs1_15.new(key)
+        encoded_string = signed_string.encode('utf-8')
+        h = SHA256.new(encoded_string)
+        signature = base64.b64encode(key_signer.sign(h))
+        return self.generate_headers(
+            key_id=actor.activitypub_id,
+            signature=signature.decode(),
+            date_str=date_str,
+            host=host,
+        )
+
+    @staticmethod
+    def get_request_mock(headers: Optional[Dict] = None) -> MagicMock:
+        request_mock = MagicMock()
+        request_mock.headers = headers if headers else {}
+        request_mock.path = '/inbox'
+        return request_mock
+
+
+class TestSignatureVerificationInstantiation(SignatureVerificationTestCase):
+    def test_it_raises_error_if_headers_are_empty(self) -> None:
+        request_with_empty_headers = self.get_request_mock()
+
+        with pytest.raises(InvalidSignatureException):
+            SignatureVerification.get_signature(request_with_empty_headers)
+
+    @pytest.mark.parametrize(
+        'input_description,input_signature_headers',
+        [
+            (
+                'missing keyId',
+                'headers="(request-target) host date",'
+                f'signature="{random_string()}"',
+            ),
+            (
+                'missing headers',
+                f'keyId="{random_string()}", signature="{random_string()}"',
+            ),
+            (
+                'missing signature',
+                f'keyId="{random_string()}",'
+                'headers="(request-target) host date"',
+            ),
+        ],
+    )
+    def test_it_raises_error_if_a_signature_key_is_missing(
+        self, input_description: str, input_signature_headers: str
+    ) -> None:
+        request_with_empty_headers = self.get_request_mock(
+            headers={
+                'Host': random_string(),
+                'Date': self.get_date_string(),
+                'Signature': input_signature_headers,
+            }
+        )
+
+        with pytest.raises(InvalidSignatureException):
+            SignatureVerification.get_signature(request_with_empty_headers)
+
+    def test_it_instantiates_signature_verification(self) -> None:
+        key_id = random_string()
+        signature = self.random_signature()
+        signature_headers = (
+            f'keyId="{key_id}",headers="(request-target) host date",'
+            f'signature="' + signature + '"'
+        )
+        date_str = self.get_date_string()
+        valid_request_mock = self.get_request_mock(
+            headers={
+                'Host': random_string(),
+                'Date': date_str,
+                'Signature': signature_headers,
+            }
+        )
+
+        sig_verification = SignatureVerification.get_signature(
+            valid_request_mock
+        )
+
+        assert sig_verification.request == valid_request_mock
+        assert sig_verification.date_str == date_str
+        assert sig_verification.key_id == key_id
+        assert sig_verification.headers == '(request-target) host date'
+        assert sig_verification.signature == base64.b64decode(signature)
+
+
+class TestSignatureDateVerification(SignatureVerificationTestCase):
+    def test_it_returns_date_is_invalid_if_date_is_empty(self) -> None:
+        headers = self.generate_headers(date_str='')
+        request_mock = self.get_request_mock(headers=headers)
+
+        sig_verification = SignatureVerification.get_signature(request_mock)
+
+        assert sig_verification.is_date_invalid() is True
+
+    def test_it_returns_date_is_invalid_if_date_format_is_invalid(
+        self,
+    ) -> None:
+        date_str = datetime.utcnow().strftime('%d %b %Y %H:%M:%S')
+        headers = self.generate_headers(date_str=date_str)
+        request_mock = self.get_request_mock(headers=headers)
+
+        sig_verification = SignatureVerification.get_signature(request_mock)
+
+        assert sig_verification.is_date_invalid() is True
+
+    def test_it_returns_date_is_invalid_if_delay_exceeds_limit(self) -> None:
+        headers = self.generate_headers(
+            date=datetime.utcnow() - timedelta(seconds=VALID_DATE_DELTA + 1)
+        )
+        request_mock = self.get_request_mock(headers=headers)
+
+        sig_verification = SignatureVerification.get_signature(request_mock)
+
+        assert sig_verification.is_date_invalid() is True
+
+    def test_it_returns_date_is_valid_if_dela_is_below_limit(self) -> None:
+        headers = self.generate_headers(
+            date=datetime.utcnow() - timedelta(seconds=VALID_DATE_DELTA - 1)
+        )
+        request_mock = self.get_request_mock(headers=headers)
+
+        sig_verification = SignatureVerification.get_signature(request_mock)
+
+        assert sig_verification.is_date_invalid() is False
+
+
+class TestGetActorPublicKey(SignatureVerificationTestCase):
+    def test_it_calls_requests_with_key_id(self) -> None:
+        key_id = random_string()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(self.generate_headers(key_id=key_id))
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response()
+
+            sig_verification.get_actor_public_key()
+
+            requests_mock.assert_called_with(
+                key_id, headers={'Accept': 'application/activity+json'}
+            )
+
+    def test_it_returns_none_if_requests_returns_error_status_code(
+        self,
+    ) -> None:
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(self.generate_headers())
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(status_code=404)
+
+            public_key = sig_verification.get_actor_public_key()
+
+            assert public_key is None
+
+    def test_it_returns_none_if_requests_returns_invalid_actor_dict(
+        self,
+    ) -> None:
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(self.generate_headers())
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200, content={random_string(): random_string()}
+            )
+
+            public_key = sig_verification.get_actor_public_key()
+
+            assert public_key is None
+
+    def test_it_returns_public_key(self) -> None:
+        public_key = random_string()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(self.generate_headers())
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content={'publicKey': {'publicKeyPem': public_key}},
+            )
+
+            key = sig_verification.get_actor_public_key()
+
+            assert key == public_key
+
+
+class TestSignatureVerify(SignatureVerificationTestCase):
+    def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_valid_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    actor=actor_1,
+                )
+            )
+        )
+        # update actor keys
+        actor_1.generate_keys()
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
+
+            with pytest.raises(InvalidSignatureException):
+                sig_verification.verify()
+
+    def test_verify_raises_error_if_header_date_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_valid_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    actor=actor_1,
+                    date_str='',
+                )
+            )
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
+
+            with pytest.raises(InvalidSignatureException):
+                sig_verification.verify()
+
+    def test_verify_raises_error_if_public_key_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_valid_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    actor=actor_1,
+                )
+            )
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(status_code=404)
+
+            with pytest.raises(InvalidSignatureException):
+                sig_verification.verify()
+
+    def test_verify_does_not_raise_error_if_signature_is_valid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_valid_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    actor=actor_1,
+                )
+            )
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
+
+            sig_verification.verify()
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 460dc91b2..4e830dbb0 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -1,6 +1,9 @@
 import random
 import string
-from typing import Optional
+from json import dumps
+from typing import Dict, Optional, Union
+
+from requests import Response
 
 
 def random_string(
@@ -23,3 +26,18 @@ def random_string(
 
 def random_domain() -> str:
     return random_string(prefix='https://', suffix='.social')
+
+
+def generate_response(
+    content: Optional[Union[str, Dict]] = None,
+    status_code: Optional[int] = None,
+) -> Response:
+    content = content if content else {}
+    response = Response()
+    response._content = (
+        dumps(content).encode()
+        if isinstance(content, dict)
+        else content.encode()
+    )
+    response.status_code = status_code if status_code else 200
+    return response

From 13f3fc49ef9c1c1d95224d23f1ec670c62595cdd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 26 Jun 2021 12:07:35 +0200
Subject: [PATCH 020/238] API - minor tests refacto

---
 fittrackee/tests/application/test_app_config_api.py          | 2 +-
 fittrackee/tests/emails/test_email_service.py                | 2 +-
 .../tests/federation/federation/test_federation_models.py    | 5 -----
 .../tests/federation/users/test_users_follow_request_api.py  | 2 +-
 fittrackee/tests/{api_test_case.py => test_case_mixins.py}   | 0
 fittrackee/tests/users/test_auth_api.py                      | 2 +-
 fittrackee/tests/users/test_users_api.py                     | 2 +-
 fittrackee/tests/users/test_users_follow_api.py              | 2 +-
 fittrackee/tests/users/test_users_follow_request_api.py      | 2 +-
 fittrackee/tests/workouts/test_records_api.py                | 2 +-
 fittrackee/tests/workouts/test_sports_api.py                 | 2 +-
 fittrackee/tests/workouts/test_stats_api.py                  | 2 +-
 fittrackee/tests/workouts/test_workouts_api_0_get.py         | 2 +-
 fittrackee/tests/workouts/test_workouts_api_1_post.py        | 2 +-
 fittrackee/tests/workouts/test_workouts_api_2_patch.py       | 2 +-
 fittrackee/tests/workouts/test_workouts_api_3_delete.py      | 2 +-
 16 files changed, 14 insertions(+), 19 deletions(-)
 rename fittrackee/tests/{api_test_case.py => test_case_mixins.py} (100%)

diff --git a/fittrackee/tests/application/test_app_config_api.py b/fittrackee/tests/application/test_app_config_api.py
index 75dccb2cf..c7da3fed8 100644
--- a/fittrackee/tests/application/test_app_config_api.py
+++ b/fittrackee/tests/application/test_app_config_api.py
@@ -5,7 +5,7 @@
 import fittrackee
 from fittrackee.users.models import User
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 
 class TestGetConfig(ApiTestCaseMixin):
diff --git a/fittrackee/tests/emails/test_email_service.py b/fittrackee/tests/emails/test_email_service.py
index 9d999d71b..3a348410d 100644
--- a/fittrackee/tests/emails/test_email_service.py
+++ b/fittrackee/tests/emails/test_email_service.py
@@ -7,7 +7,7 @@
 from fittrackee.emails.email import EmailMessage
 from fittrackee.emails.exceptions import InvalidEmailUrlScheme
 
-from ..api_test_case import CallArgsMixin
+from ..test_case_mixins import CallArgsMixin
 from .template_results.password_reset_request import expected_en_text_body
 
 
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 23da42bd2..eddc6c635 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -84,10 +84,6 @@ def test_it_returns_serialized_object(
             serialized_actor['inbox']
             == f'{ap_url}/federation/user/{actor_1.preferred_username}/inbox'
         )
-        assert (
-            serialized_actor['inbox']
-            == f'{ap_url}/federation/user/{actor_1.preferred_username}/inbox'
-        )
         assert (
             serialized_actor['outbox']
             == f'{ap_url}/federation/user/{actor_1.preferred_username}/outbox'
@@ -149,7 +145,6 @@ def test_it_returns_serialized_object(
         )
         assert serialized_actor['name'] == remote_actor.user.username
         assert serialized_actor['inbox'] == f'{user_url}/inbox'
-        assert serialized_actor['inbox'] == f'{user_url}/inbox'
         assert serialized_actor['outbox'] == f'{user_url}/outbox'
         assert serialized_actor['followers'] == f'{user_url}/followers'
         assert serialized_actor['following'] == f'{user_url}/following'
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index f9d896fba..4d976585d 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -6,7 +6,7 @@
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import FollowRequest
 
-from ...api_test_case import ApiTestCaseMixin
+from ...test_case_mixins import ApiTestCaseMixin
 
 
 class TestGetFollowRequestWithFederation(ApiTestCaseMixin):
diff --git a/fittrackee/tests/api_test_case.py b/fittrackee/tests/test_case_mixins.py
similarity index 100%
rename from fittrackee/tests/api_test_case.py
rename to fittrackee/tests/test_case_mixins.py
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 75241be21..c68e31c6b 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -11,7 +11,7 @@
 from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 
 class TestUserRegistration:
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index d6c41b52f..d75cd5ad8 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -8,7 +8,7 @@
 from fittrackee.users.models import User, UserSportPreference
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 
 class TestGetUser(ApiTestCaseMixin):
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index fdd9167c1..97cc1202d 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -5,7 +5,7 @@
 
 from fittrackee.users.models import FollowRequest, User
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 from ..utils import random_string
 
 
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
index 23ed21981..c0b929809 100644
--- a/fittrackee/tests/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -6,7 +6,7 @@
 
 from fittrackee.users.models import FollowRequest, User
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 
 class TestGetFollowRequestWithoutFederation(ApiTestCaseMixin):
diff --git a/fittrackee/tests/workouts/test_records_api.py b/fittrackee/tests/workouts/test_records_api.py
index f6e6f259f..361e082f4 100644
--- a/fittrackee/tests/workouts/test_records_api.py
+++ b/fittrackee/tests/workouts/test_records_api.py
@@ -5,7 +5,7 @@
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 
 class TestGetRecords(ApiTestCaseMixin):
diff --git a/fittrackee/tests/workouts/test_sports_api.py b/fittrackee/tests/workouts/test_sports_api.py
index 765e883e1..b55045602 100644
--- a/fittrackee/tests/workouts/test_sports_api.py
+++ b/fittrackee/tests/workouts/test_sports_api.py
@@ -6,7 +6,7 @@
 from fittrackee.users.models import User, UserSportPreference
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 expected_sport_1_cycling_result = {
     'id': 1,
diff --git a/fittrackee/tests/workouts/test_stats_api.py b/fittrackee/tests/workouts/test_stats_api.py
index 810fe50cc..7d0bf79d1 100644
--- a/fittrackee/tests/workouts/test_stats_api.py
+++ b/fittrackee/tests/workouts/test_stats_api.py
@@ -5,7 +5,7 @@
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 
 
 class TestGetStatsByTime(ApiTestCaseMixin):
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get.py b/fittrackee/tests/workouts/test_workouts_api_0_get.py
index 5aa08b0e4..f7266652e 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get.py
@@ -7,7 +7,7 @@
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 from .utils import get_random_short_id
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 740581f83..38f015e49 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -13,7 +13,7 @@
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.short_id import decode_short_id
 
-from ..api_test_case import ApiTestCaseMixin, CallArgsMixin
+from ..test_case_mixins import ApiTestCaseMixin, CallArgsMixin
 
 
 def assert_workout_data_with_gpx(data: Dict) -> None:
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 456765369..34ecc38fb 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -8,7 +8,7 @@
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 from .utils import get_random_short_id, post_an_workout
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index 4b1aba911..f393cccfc 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -7,7 +7,7 @@
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
-from ..api_test_case import ApiTestCaseMixin
+from ..test_case_mixins import ApiTestCaseMixin
 from .utils import get_random_short_id, post_an_workout
 
 

From 51703315aed2bd5e261ed8b3fdce6f6fe0190481 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 13:03:05 +0100
Subject: [PATCH 021/238] API - add tests on follow for users in same federated
 instance

---
 .../federation/users/test_users_follow_api.py | 104 ++++++++++++++++++
 .../tests/users/test_users_follow_api.py      |   2 +-
 2 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 fittrackee/tests/federation/users/test_users_follow_api.py

diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
new file mode 100644
index 000000000..d28ba9358
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -0,0 +1,104 @@
+import json
+from datetime import datetime
+
+from flask import Flask
+
+from fittrackee.federation.models import Actor
+from fittrackee.users.models import FollowRequest
+
+from ...test_case_mixins import ApiTestCaseMixin
+from ...utils import random_string
+
+
+class TestFollowWithFederation(ApiTestCaseMixin):
+    """Follow user belonging to the same instance"""
+
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.post(
+            f'/api/users/{random_string()}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_raises_error_if_target_user_has_already_rejected_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = False
+        follow_request_from_user_1_to_user_2.updated_at = datetime.now()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.post(
+            f'/api/users/{actor_2.preferred_username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'error'
+        assert data['message'] == 'you do not have permissions'
+
+    def test_it_creates_follow_request(
+        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.post(
+            f'/api/users/{actor_2.preferred_username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{actor_2.preferred_username}' "
+            f"is sent."
+        )
+
+    def test_it_returns_success_if_follow_request_already_exists(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        response = client.post(
+            f'/api/users/{actor_2.preferred_username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{actor_2.preferred_username}' "
+            f"is sent."
+        )
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index 97cc1202d..6b8eed6e7 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -9,7 +9,7 @@
 from ..utils import random_string
 
 
-class TestGetFollowRequestWithoutFederation(ApiTestCaseMixin):
+class TestFollowWithoutFederation(ApiTestCaseMixin):
     def test_it_raises_error_if_target_user_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:

From 70fc2d86383a2bf4f6b47d74e5b2ed78877e4d47 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 13:12:51 +0100
Subject: [PATCH 022/238] API - follow user from another instance (wip)

---
 fittrackee/federation/enums.py                |   4 +
 fittrackee/federation/exceptions.py           |  16 ++
 fittrackee/federation/inbox.py                |  40 +++++
 fittrackee/federation/signature.py            |  17 ++
 fittrackee/federation/tasks.py                |  20 +++
 fittrackee/federation/utils.py                |  17 +-
 .../test_federation_remote_inbox.py           | 104 +++++++++++
 .../federation/test_federation_tasks.py       |  66 +++++++
 .../tests/federation/users/test_signature.py  |  13 +-
 .../federation/users/test_users_follow_api.py | 163 +++++++++++++++++-
 .../federation/users/test_users_model.py      |  19 ++
 fittrackee/tests/test_case_mixins.py          |  24 ++-
 .../tests/users/test_users_follow_api.py      |  42 +++++
 fittrackee/tests/users/test_users_model.py    |  12 ++
 fittrackee/tests/utils.py                     |  14 +-
 fittrackee/users/models.py                    |  28 +++
 fittrackee/users/users.py                     |  19 +-
 17 files changed, 602 insertions(+), 16 deletions(-)
 create mode 100644 fittrackee/federation/inbox.py
 create mode 100644 fittrackee/federation/tasks.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_remote_inbox.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_tasks.py

diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index eeb531ec8..bf950af56 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -1,6 +1,10 @@
 from enum import Enum
 
 
+class ActivityType(Enum):
+    FOLLOW = 'Follow'
+
+
 class ActorType(Enum):
     APPLICATION = 'Application'
     GROUP = 'Group'
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index 1519996a5..a8398aa37 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -1,9 +1,25 @@
 from fittrackee.exceptions import GenericException
 
 
+class FederationDisabledException(GenericException):
+    def __init__(self) -> None:
+        super().__init__(
+            status='error',
+            message='Can not create activity, federation is disabled.',
+        )
+
+
 class InvalidSignatureException(GenericException):
     def __init__(self) -> None:
         super().__init__(
             status='error',
             message='Invalid signature.',
         )
+
+
+class SenderNotFoundException(GenericException):
+    def __init__(self) -> None:
+        super().__init__(
+            status='error',
+            message='Sender not found.',
+        )
diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
new file mode 100644
index 000000000..47baa996e
--- /dev/null
+++ b/fittrackee/federation/inbox.py
@@ -0,0 +1,40 @@
+from datetime import datetime
+from json import dumps
+from typing import Dict
+from urllib.parse import urlparse
+
+import requests
+
+from fittrackee import appLog
+
+from .models import Actor
+from .signature import VALID_DATE_FORMAT, signature_header
+
+
+def send_to_remote_user_inbox(
+    sender: Actor, activity: Dict, recipient: Actor
+) -> None:
+    now_str = datetime.utcnow().strftime(VALID_DATE_FORMAT)
+    parsed_inbox_url = urlparse(recipient.inbox_url)
+    signed_header = signature_header(
+        host=parsed_inbox_url.netloc,
+        path=parsed_inbox_url.path,
+        date_str=now_str,
+        actor=sender,
+    )
+    response = requests.post(
+        recipient.inbox_url,
+        data=dumps(activity),
+        headers={
+            "Host": parsed_inbox_url.netloc,
+            "Date": now_str,
+            "Signature": signed_header,
+            "Content-Type": "application/ld+json",
+        },
+    )
+    if response.status_code >= 400:
+        appLog.error(
+            f"Error when send to user inbox '{recipient.inbox_url}', "
+            f"status code: {response.status_code}, "
+            f"content: {response.content.decode()}"
+        )
diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index 2d71496c4..fc7dc5404 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -11,12 +11,29 @@
 from fittrackee import appLog
 
 from .exceptions import InvalidSignatureException
+from .models import Actor
 
 VALID_DATE_DELTA = 30  # in seconds
 VALID_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
 VALID_SIG_KEYS = ['keyId', 'headers', 'signature']
 
 
+def signature_header(host: str, path: str, date_str: str, actor: Actor) -> str:
+    signed_string = (
+        f'(request-target): post {path}\nhost: {host}\ndate: {date_str}'
+    )
+    key = RSA.import_key(actor.private_key)
+    key_signer = pkcs1_15.new(key)
+    encoded_string = signed_string.encode('utf-8')
+    h = SHA256.new(encoded_string)
+    signature = base64.b64encode(key_signer.sign(h))
+    return (
+        f'keyId="{actor.activitypub_id}",'
+        'headers="(request-target) host date",'
+        f'signature="' + signature.decode() + '"'
+    )
+
+
 class SignatureVerification:
     def __init__(self, request: Request, signature_dict: Dict):
         self.request = request
diff --git a/fittrackee/federation/tasks.py b/fittrackee/federation/tasks.py
new file mode 100644
index 000000000..f1c9f8c51
--- /dev/null
+++ b/fittrackee/federation/tasks.py
@@ -0,0 +1,20 @@
+from typing import Dict, List
+
+from fittrackee import appLog, dramatiq
+from fittrackee.federation.exceptions import SenderNotFoundException
+from fittrackee.federation.inbox import send_to_remote_user_inbox
+from fittrackee.federation.models import Actor
+
+
+@dramatiq.actor(queue_name='fittrackee_users_inbox')
+def send_to_users_inbox(
+    sender_id: int, activity: Dict, recipients: List
+) -> None:
+    sender = Actor.query.filter_by(id=sender_id).first()
+    if not sender:
+        appLog.error('Sender not found when sending to users inbox.')
+        raise SenderNotFoundException()
+    for recipient in recipients:
+        send_to_remote_user_inbox(
+            sender=sender, activity=activity, recipient=recipient
+        )
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 3d23cbddf..7d3c763ce 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,4 +1,6 @@
-from typing import Tuple
+import re
+from typing import Optional, Tuple
+from uuid import uuid4
 
 from Crypto.PublicKey import RSA
 from flask import current_app
@@ -35,3 +37,16 @@ def get_ap_url(username: str, url_type: str) -> str:
     if url_type == 'shared_inbox':
         return f'{ap_url}inbox'
     raise Exception('Invalid \'url_type\'.')
+
+
+def remove_url_scheme(url: str) -> str:
+    return re.sub(r'https?://', '', url)
+
+
+def generate_activity_id() -> str:
+    return f"{current_app.config['UI_URL']}/{uuid4()}"
+
+
+def get_username_and_domain(full_name: str) -> Optional[re.Match]:
+    full_name_pattern = r'([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
+    return re.match(full_name_pattern, full_name)
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
new file mode 100644
index 000000000..3e0bb569f
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -0,0 +1,104 @@
+from datetime import datetime
+from json import dumps
+from unittest.mock import Mock, patch
+from urllib.parse import urlparse
+
+from _pytest.logging import LogCaptureFixture
+from flask import Flask
+from freezegun import freeze_time
+
+from fittrackee.federation.inbox import send_to_remote_user_inbox
+from fittrackee.federation.models import Actor
+
+from ...test_case_mixins import BaseTestMixin
+from ...utils import generate_response, get_date_string, random_string
+
+
+class TestSendToRemoteInbox(BaseTestMixin):
+    @patch('fittrackee.federation.inbox.signature_header')
+    @patch('fittrackee.federation.inbox.requests')
+    def test_it_calls_signature_header(
+        self,
+        requests_mock: Mock,
+        signature_header_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        now = datetime.utcnow()
+        parsed_inbox_url = urlparse(remote_actor.inbox_url)
+        requests_mock.post.return_value = generate_response(status_code=200)
+
+        with freeze_time(now):
+            send_to_remote_user_inbox(
+                sender=actor_1, activity={'foo': 'bar'}, recipient=remote_actor
+            )
+
+        signature_header_mock.assert_called_with(
+            host=parsed_inbox_url.netloc,
+            path=parsed_inbox_url.path,
+            date_str=get_date_string(now),
+            actor=actor_1,
+        )
+
+    @patch('fittrackee.federation.inbox.signature_header')
+    @patch('fittrackee.federation.inbox.requests')
+    def test_it_calls_requests_post(
+        self,
+        requests_mock: Mock,
+        signature_header_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        activity = {'foo': 'bar'}
+        now = datetime.utcnow()
+        parsed_inbox_url = urlparse(remote_actor.inbox_url)
+        requests_mock.post.return_value = generate_response(status_code=200)
+        signed_header = random_string()
+        signature_header_mock.return_value = signed_header
+
+        with freeze_time(now):
+            send_to_remote_user_inbox(
+                sender=actor_1, activity=activity, recipient=remote_actor
+            )
+
+        requests_mock.post.assert_called_with(
+            remote_actor.inbox_url,
+            data=dumps(activity),
+            headers={
+                "Host": parsed_inbox_url.netloc,
+                "Date": get_date_string(now),
+                "Signature": signed_header,
+                "Content-Type": "application/ld+json",
+            },
+        )
+
+    @patch('fittrackee.federation.inbox.signature_header')
+    @patch('fittrackee.federation.inbox.requests')
+    def test_it_logs_error_if_remote_inbox_returns_error(
+        self,
+        requests_mock: Mock,
+        signature_header_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        caplog: LogCaptureFixture,
+    ) -> None:
+        status_code = 404
+        content = 'error'
+        requests_mock.post.return_value = generate_response(
+            status_code=status_code, content=content
+        )
+
+        send_to_remote_user_inbox(
+            sender=actor_1, activity={'foo': 'bar'}, recipient=remote_actor
+        )
+
+        assert len(caplog.records) == 1
+        assert caplog.records[0].levelname == 'ERROR'
+        assert caplog.records[0].message == (
+            f"Error when send to user inbox '{remote_actor.inbox_url}', "
+            f"status code: {status_code}, "
+            f"content: {content}"
+        )
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks.py b/fittrackee/tests/federation/federation/test_federation_tasks.py
new file mode 100644
index 000000000..e72ffb4d4
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_tasks.py
@@ -0,0 +1,66 @@
+from unittest.mock import Mock, patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.federation.exceptions import SenderNotFoundException
+from fittrackee.federation.models import Actor
+from fittrackee.federation.tasks import send_to_users_inbox
+from fittrackee.users.models import FollowRequest
+
+from ...utils import random_domain_with_scheme, random_string
+
+
+class TestSendToUsersInbox:
+    def test_it_raises_error_if_sender_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        remote_actor: Actor,
+    ) -> None:
+        with pytest.raises(SenderNotFoundException):
+            send_to_users_inbox(
+                sender_id=0,
+                activity=follow_request_from_user_1_to_user_2.get_activity(),
+                recipients=[remote_actor.inbox_url],
+            )
+
+    @patch('fittrackee.federation.tasks.send_to_remote_user_inbox')
+    def test_it_calls_send_to_remote_user_inbox(
+        self,
+        send_to_remote_user_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        activity = {'foo': 'bar'}
+        send_to_users_inbox(
+            sender_id=actor_1.id,
+            activity=activity,
+            recipients=[remote_actor.inbox_url],
+        )
+
+        send_to_remote_user_inbox_mock.assert_called_with(
+            sender=actor_1, activity=activity, recipient=remote_actor.inbox_url
+        )
+
+    @patch('fittrackee.federation.tasks.send_to_remote_user_inbox')
+    def test_it_calls_send_to_remote_user_inbox_for_each_recipent(
+        self,
+        send_to_remote_user_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        nb_recipients = 3
+        recipients = [
+            f'{random_domain_with_scheme}/{random_string()}/inbox'
+            for _ in range(nb_recipients)
+        ]
+
+        send_to_users_inbox(
+            sender_id=actor_1.id,
+            activity={},
+            recipients=recipients,
+        )
+
+        assert send_to_remote_user_inbox_mock.call_count == nb_recipients
diff --git a/fittrackee/tests/federation/users/test_signature.py b/fittrackee/tests/federation/users/test_signature.py
index 603eb67ed..7abd05b36 100644
--- a/fittrackee/tests/federation/users/test_signature.py
+++ b/fittrackee/tests/federation/users/test_signature.py
@@ -18,15 +18,10 @@
     SignatureVerification,
 )
 
-from ...utils import generate_response, random_string
+from ...utils import generate_response, get_date_string, random_string
 
 
 class SignatureVerificationTestCase:
-    @staticmethod
-    def get_date_string(date: Optional[datetime] = None) -> str:
-        date = date if date else datetime.utcnow()
-        return date.strftime(VALID_DATE_FORMAT)
-
     @staticmethod
     def random_signature() -> str:
         return str(base64.b64encode(random_string().encode()))
@@ -46,7 +41,7 @@ def generate_headers(
             f'signature="' + signature + '"'
         )
         if date_str is None:
-            date_str = self.get_date_string(date)
+            date_str = get_date_string(date)
         return {
             'Host': host if host else random_string(),
             'Date': date_str,
@@ -116,7 +111,7 @@ def test_it_raises_error_if_a_signature_key_is_missing(
         request_with_empty_headers = self.get_request_mock(
             headers={
                 'Host': random_string(),
-                'Date': self.get_date_string(),
+                'Date': get_date_string(),
                 'Signature': input_signature_headers,
             }
         )
@@ -131,7 +126,7 @@ def test_it_instantiates_signature_verification(self) -> None:
             f'keyId="{key_id}",headers="(request-target) host date",'
             f'signature="' + signature + '"'
         )
-        date_str = self.get_date_string()
+        date_str = get_date_string()
         valid_request_mock = self.get_request_mock(
             headers={
                 'Host': random_string(),
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index d28ba9358..4dca3533f 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -1,13 +1,14 @@
 import json
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 from flask import Flask
 
-from fittrackee.federation.models import Actor
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import FollowRequest
 
-from ...test_case_mixins import ApiTestCaseMixin
-from ...utils import random_string
+from ...test_case_mixins import ApiTestCaseMixin, BaseTestMixin
+from ...utils import random_domain, random_string
 
 
 class TestFollowWithFederation(ApiTestCaseMixin):
@@ -102,3 +103,159 @@ def test_it_returns_success_if_follow_request_already_exists(
             == f"Follow request to user '{actor_2.preferred_username}' "
             f"is sent."
         )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        client.post(
+            f'/api/users/{actor_2.preferred_username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_not_called()
+
+
+class TestRemoteFollowWithFederation(BaseTestMixin, ApiTestCaseMixin):
+    """Follow user from another instance"""
+
+    def test_it_raise_error_if_remote_actor_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        remote_account = f'{random_string()}@{random_domain()}'
+
+        response = client.post(
+            f'/api/users/{remote_account}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domain(  # noqa
+        self, app_with_federation: Flask, actor_1: Actor, remote_domain: Domain
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        remote_account = f'{random_string()}@{remote_domain.name}'
+
+        response = client.post(
+            f'/api/users/{remote_account}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    @patch('fittrackee.federation.tasks.send_to_users_inbox')
+    def test_it_creates_follow_request(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        remote_account = (
+            f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
+        )
+
+        response = client.post(
+            f'/api/users/{remote_account}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{remote_account}' is sent."
+        )
+
+    def test_it_returns_success_if_follow_request_already_exists(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        remote_account = (
+            f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
+        )
+
+        response = client.post(
+            f'/api/users/{remote_account}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{remote_account}' is sent."
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_calls_send_to_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        remote_account = (
+            f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
+        )
+
+        client.post(
+            f'/api/users/{remote_account}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_called_once()
+        self.assert_call_args_keys_equal(
+            send_to_users_inbox_mock.send,
+            ['sender_id', 'activity', 'recipients'],
+        )
+        call_args = self.get_call_kwargs(send_to_users_inbox_mock.send)
+        assert call_args['sender_id'] == actor_1.id
+        assert call_args['recipients'] == [remote_actor.inbox_url]
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=actor_1.user.id,
+            followed_user_id=remote_actor.user.id,
+        ).first()
+        activity = follow_request.get_activity()
+        del activity['id']
+        self.assert_dict_contains_subset(call_args['activity'], activity)
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index c243d8f9b..8ab584f91 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -1,5 +1,6 @@
 from flask import Flask
 
+from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import FollowRequest
 
@@ -21,3 +22,21 @@ def test_follow_request_model(
         )
         assert serialized_follow_request['from_user'] == actor_1.serialize()
         assert serialized_follow_request['to_user'] == actor_2.serialize()
+
+    def test_it_returns_activity_object_when_federation_is_enabled(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        activity_object = follow_request_from_user_1_to_user_2.get_activity()
+
+        assert app_with_federation.config['UI_URL'] in activity_object['id']
+        expected_object_subset = {
+            '@context': AP_CTX,
+            'type': 'Follow',
+            'actor': actor_1.user.get_user_url(),
+            'object': f'https://{actor_2.activitypub_id}',
+        }
+        assert {**activity_object, **expected_object_subset} == activity_object
diff --git a/fittrackee/tests/test_case_mixins.py b/fittrackee/tests/test_case_mixins.py
index e62fffccc..d485bfd66 100644
--- a/fittrackee/tests/test_case_mixins.py
+++ b/fittrackee/tests/test_case_mixins.py
@@ -1,10 +1,32 @@
 import json
-from typing import Any, Tuple
+import sys
+from typing import Any, Dict, List, Tuple
+from unittest.mock import Mock
 
 from flask import Flask
 from flask.testing import FlaskClient
 
 
+class BaseTestMixin:
+    @staticmethod
+    def get_call_kwargs(mock: Mock) -> Dict:
+        return (
+            mock.call_args[1]
+            if sys.version_info < (3, 8, 0)
+            else mock.call_args.kwargs
+        )
+
+    def assert_call_args_keys_equal(
+        self, mock: Mock, expected_keys: List
+    ) -> None:
+        args_list = self.get_call_kwargs(mock)
+        assert list(args_list.keys()) == expected_keys
+
+    @staticmethod
+    def assert_dict_contains_subset(container: Dict, subset: Dict) -> None:
+        assert subset.items() <= container.items()
+
+
 class ApiTestCaseMixin:
     @staticmethod
     def get_test_client_and_auth_token(
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index 6b8eed6e7..5163ea6d2 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -1,5 +1,6 @@
 import json
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 from flask import Flask
 
@@ -66,3 +67,44 @@ def test_it_creates_follow_request(
             data['message']
             == f"Follow request to user '{user_2.username}' is sent."
         )
+
+    def test_it_returns_success_if_follow_request_already_exists(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        response = client.post(
+            f'/api/users/{user_2.username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{user_2.username}' is sent."
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        client.post(
+            f'/api/users/{user_2.username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_not_called()
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index c75670785..08a2e36b2 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -3,6 +3,7 @@
 import pytest
 from flask import Flask
 
+from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     NotExistingFollowRequestError,
@@ -103,6 +104,17 @@ def test_follow_request_model(
         assert serialized_follow_request['from_user'] == user_1.serialize()
         assert serialized_follow_request['to_user'] == user_2.serialize()
 
+    def test_it_raises_error_if_getting_activity_object_when_federation_is_disabled(  # noqa
+        self,
+        app: Flask,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        with pytest.raises(
+            FederationDisabledException,
+            match='Can not create activity, federation is disabled.',
+        ):
+            follow_request_from_user_1_to_user_2.get_activity()
+
 
 class TestUserFollowingModel:
     def test_user_2_sends_follow_requests_to_user_1(
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 4e830dbb0..3711f4c7d 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -1,10 +1,13 @@
 import random
 import string
+from datetime import datetime
 from json import dumps
 from typing import Dict, Optional, Union
 
 from requests import Response
 
+from fittrackee.federation.signature import VALID_DATE_FORMAT
+
 
 def random_string(
     length: Optional[int] = None,
@@ -24,10 +27,19 @@ def random_string(
     )
 
 
-def random_domain() -> str:
+def random_domain_with_scheme() -> str:
     return random_string(prefix='https://', suffix='.social')
 
 
+def random_domain() -> str:
+    return random_string(suffix='.social')
+
+
+def get_date_string(date: Optional[datetime] = None) -> str:
+    date = date if date else datetime.utcnow()
+    return date.strftime(VALID_DATE_FORMAT)
+
+
 def generate_response(
     content: Optional[Union[str, Dict]] = None,
     status_code: Optional[int] = None,
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 346fdaacb..5c3064644 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -8,7 +8,12 @@
 from sqlalchemy.sql.expression import select
 
 from fittrackee import BaseModel, bcrypt, db
+from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.enums import ActivityType
+from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.federation.models import Actor
+from fittrackee.federation.tasks import send_to_users_inbox
+from fittrackee.federation.utils import generate_activity_id
 from fittrackee.workouts.models import Workout
 
 from .exceptions import (
@@ -62,6 +67,17 @@ def serialize(self) -> Dict:
             'to_user': self.to_user.serialize(),
         }
 
+    def get_activity(self) -> Dict:
+        if not current_app.config['federation_enabled']:
+            raise FederationDisabledException()
+        return {
+            '@context': AP_CTX,
+            'id': generate_activity_id(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': self.from_user.get_user_url(),
+            'object': f'https://{self.to_user.actor.activitypub_id}',
+        }
+
 
 class User(BaseModel):
     __tablename__ = 'users'
@@ -180,6 +196,14 @@ def send_follow_request_to(self, target: 'User') -> FollowRequest:
         )
         db.session.add(follow_request)
         db.session.commit()
+
+        if current_app.config['federation_enabled'] and target.actor.is_remote:
+            send_to_users_inbox.send(
+                sender_id=self.actor.id,
+                activity=follow_request.get_activity(),
+                recipients=[target.actor.inbox_url],
+            )
+
         return follow_request
 
     def _processes_follow_request_from(
@@ -209,6 +233,10 @@ def refuses_follow_request_from(self, user: 'User') -> FollowRequest:
         )
         return follow_request
 
+    def get_user_url(self) -> str:
+        """Return user url on user interface"""
+        return f"{current_app.config['UI_URL']}/users/{self.username}"
+
     def serialize(self) -> Dict:
         sports = []
         total = (0, '0:00:00')
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 12957a523..ac37557f6 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -7,6 +7,8 @@
 from sqlalchemy import exc
 
 from fittrackee import db
+from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.utils import get_username_and_domain
 from fittrackee.files import get_absolute_file_path
 from fittrackee.responses import (
     ForbiddenErrorResponse,
@@ -606,7 +608,22 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         'status': 'success',
         'message': f"Follow request to user '{user_name}' is sent.",
     }
-    target_user = User.query.filter_by(username=user_name).first()
+
+    user_name_and_domain = get_username_and_domain(user_name)
+    if user_name_and_domain is None:  # local actor
+        target_user = User.query.filter_by(username=user_name).first()
+    else:  # remote actor
+        name, domain_name = user_name_and_domain.groups()
+        domain = Domain.query.filter_by(name=domain_name).first()
+        if not domain:
+            return UserNotFoundErrorResponse()
+        actor = Actor.query.filter_by(
+            preferred_username=name, domain_id=domain.id
+        ).first()
+        if not actor:
+            return UserNotFoundErrorResponse()
+        target_user = actor.user
+
     if target_user:
         existing_follow_request = FollowRequest.query.filter_by(
             follower_user_id=auth_user.id, followed_user_id=target_user.id

From 20507cba0c768c77dd223851dbfee07afadf5d90 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 13:18:08 +0100
Subject: [PATCH 023/238] API - init user inbox (wip)

---
 fittrackee/federation/inbox.py                |  46 ++++-
 fittrackee/federation/utils.py                |  12 +-
 .../federation/users/test_users_inbox.py      | 167 ++++++++++++++++++
 fittrackee/users/users.py                     |  10 ++
 4 files changed, 231 insertions(+), 4 deletions(-)
 create mode 100644 fittrackee/tests/federation/users/test_users_inbox.py

diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index 47baa996e..2265dfd3c 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -1,14 +1,54 @@
 from datetime import datetime
 from json import dumps
-from typing import Dict
+from typing import Dict, Optional, Union
 from urllib.parse import urlparse
 
 import requests
+from flask import Request
 
 from fittrackee import appLog
+from fittrackee.responses import (
+    HttpResponse,
+    InvalidPayloadErrorResponse,
+    UnauthorizedErrorResponse,
+    UserNotFoundErrorResponse,
+)
 
-from .models import Actor
-from .signature import VALID_DATE_FORMAT, signature_header
+from .exceptions import InvalidSignatureException
+from .models import Actor, Domain
+from .signature import (
+    VALID_DATE_FORMAT,
+    SignatureVerification,
+    signature_header,
+)
+from .utils import is_invalid_activity_data
+
+
+def inbox(
+    request: Request, app_domain: Domain, username: Optional[str]
+) -> Union[Dict, HttpResponse]:
+    # if user inbox
+    if username:
+        recipient = Actor.query.filter_by(
+            preferred_username=username,
+            domain_id=app_domain.id,
+        ).first()
+        if not recipient:
+            return UserNotFoundErrorResponse()
+
+    activity_data = request.get_json()
+    if not activity_data or is_invalid_activity_data(activity_data):
+        return InvalidPayloadErrorResponse()
+
+    try:
+        signature_verification = SignatureVerification.get_signature(request)
+        signature_verification.verify()
+    except InvalidSignatureException:
+        return UnauthorizedErrorResponse(message='Invalid signature.')
+
+    # TODO handle activity
+
+    return {'status': 'success'}
 
 
 def send_to_remote_user_inbox(
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 7d3c763ce..619af654a 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,10 +1,12 @@
 import re
-from typing import Optional, Tuple
+from typing import Dict, Optional, Tuple
 from uuid import uuid4
 
 from Crypto.PublicKey import RSA
 from flask import current_app
 
+from .enums import ActivityType
+
 
 def generate_keys() -> Tuple[str, str]:
     """
@@ -50,3 +52,11 @@ def generate_activity_id() -> str:
 def get_username_and_domain(full_name: str) -> Optional[re.Match]:
     full_name_pattern = r'([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
     return re.match(full_name_pattern, full_name)
+
+
+def is_invalid_activity_data(activity_data: Dict) -> bool:
+    return (
+        'type' not in activity_data
+        or 'object' not in activity_data
+        or activity_data['type'] not in [a.value for a in ActivityType]
+    )
diff --git a/fittrackee/tests/federation/users/test_users_inbox.py b/fittrackee/tests/federation/users/test_users_inbox.py
new file mode 100644
index 000000000..e19e7af86
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_users_inbox.py
@@ -0,0 +1,167 @@
+import json
+from typing import Dict
+from unittest.mock import patch
+
+import pytest
+import requests
+from flask import Flask
+
+from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.enums import ActivityType
+from fittrackee.federation.models import Actor
+from fittrackee.federation.signature import signature_header
+
+from ...test_case_mixins import ApiTestCaseMixin
+from ...utils import (
+    generate_response,
+    get_date_string,
+    random_domain,
+    random_string,
+)
+
+
+class TestUserInbox(ApiTestCaseMixin):
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.post(
+            f'/api/users/{random_string()}/inbox',
+            content_type='application/json',
+            data=json.dumps({}),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    @pytest.mark.parametrize(
+        'input_description, input_activity',
+        [
+            ('empty dict', {}),
+            (
+                'missing object',
+                {'type': ActivityType.FOLLOW.value},
+            ),
+            ('missing type', {'object': random_string()}),
+            (
+                'invalid type',
+                {'type': random_string(), 'object': random_string()},
+            ),
+        ],
+    )
+    def test_it_returns_400_if_activity_is_invalid(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        input_description: str,
+        input_activity: Dict,
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.post(
+            f'/api/users/{actor_1.preferred_username}/inbox',
+            content_type='application/json',
+            data=json.dumps(input_activity),
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'invalid payload' in data['message']
+
+    def test_it_returns_401_if_headers_are_missing(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': random_string(),
+            'object': random_string(),
+        }
+
+        response = client.post(
+            f'/api/users/{actor_1.preferred_username}/inbox',
+            content_type='application/json',
+            data=json.dumps(follow_activity),
+        )
+
+        assert response.status_code == 401
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Invalid signature.' in data['message']
+
+    def test_it_returns_401_if_signature_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': random_string(),
+            'object': random_string(),
+        }
+
+        response = client.post(
+            f'/api/users/{actor_1.preferred_username}/inbox',
+            content_type='application/json',
+            headers={
+                'Host': random_string(),
+                'Date': random_string(),
+                'Signature': random_string(),
+            },
+            data=json.dumps(follow_activity),
+        )
+
+        assert response.status_code == 401
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Invalid signature.' in data['message']
+
+    def test_it_returns_200_if_activity_and_signature_are_valid(
+        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+    ) -> None:
+        actor_2.generate_keys()
+        host = random_domain()
+        date_str = get_date_string()
+        client = app_with_federation.test_client()
+        path = f'/api/users/{actor_1.preferred_username}/inbox'
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': actor_2.activitypub_id,
+            'object': actor_1.activitypub_id,
+        }
+
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_2.serialize(),
+            )
+            requests_mock.path = path
+            response = client.post(
+                path,
+                content_type='application/json',
+                headers={
+                    'Host': host,
+                    'Date': date_str,
+                    'Signature': signature_header(
+                        host=host,
+                        path=path,
+                        date_str=date_str,
+                        actor=actor_2,
+                    ),
+                    'Content-Type': 'application/ld+json',
+                },
+                data=json.dumps(follow_activity),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index ac37557f6..3c547f2c0 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -7,6 +7,8 @@
 from sqlalchemy import exc
 
 from fittrackee import db
+from fittrackee.federation.decorators import federation_required
+from fittrackee.federation.inbox import inbox
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils import get_username_and_domain
 from fittrackee.files import get_absolute_file_path
@@ -639,3 +641,11 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         return successful_response_dict
 
     return UserNotFoundErrorResponse()
+
+
+@users_blueprint.route('/users/<user_name>/inbox', methods=['POST'])
+@federation_required
+def user_inbox(
+    app_domain: Domain, user_name: str
+) -> Union[Dict, HttpResponse]:
+    return inbox(request, app_domain, user_name)

From d8919b378bcc01e78b7acff8daec55bb7b20e17d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 13:26:16 +0100
Subject: [PATCH 024/238] API - handle Follow activity in user inbox

---
 fittrackee/federation/activities.py           |  45 ++++++
 fittrackee/federation/exceptions.py           |  18 +++
 fittrackee/federation/inbox.py                |   3 +-
 fittrackee/federation/tasks/__init__.py       |   0
 fittrackee/federation/tasks/activity.py       |  12 ++
 .../{tasks.py => tasks/user_inbox.py}         |   0
 fittrackee/federation/utils.py                |  16 +-
 .../federation/test_federation_activities.py  | 151 ++++++++++++++++++
 .../test_federation_tasks_activity.py         |  28 ++++
 ...py => test_federation_tasks_user_inbox.py} |   8 +-
 .../federation/users/test_users_follow_api.py |   2 +-
 .../federation/users/test_users_inbox.py      | 109 ++++++++-----
 fittrackee/users/exceptions.py                |   4 +
 fittrackee/users/models.py                    |   2 +-
 fittrackee/users/users.py                     |  26 +--
 fittrackee/users/utils/follow.py              |  15 ++
 16 files changed, 380 insertions(+), 59 deletions(-)
 create mode 100644 fittrackee/federation/activities.py
 create mode 100644 fittrackee/federation/tasks/__init__.py
 create mode 100644 fittrackee/federation/tasks/activity.py
 rename fittrackee/federation/{tasks.py => tasks/user_inbox.py} (100%)
 create mode 100644 fittrackee/tests/federation/federation/test_federation_activities.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_tasks_activity.py
 rename fittrackee/tests/federation/federation/{test_federation_tasks.py => test_federation_tasks_user_inbox.py} (86%)
 create mode 100644 fittrackee/users/utils/follow.py

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
new file mode 100644
index 000000000..953ee250a
--- /dev/null
+++ b/fittrackee/federation/activities.py
@@ -0,0 +1,45 @@
+from abc import ABC, abstractmethod
+from typing import Dict
+
+from fittrackee import appLog
+from fittrackee.federation.exceptions import ActorNotFoundException
+from fittrackee.federation.models import Actor
+from fittrackee.users.exceptions import FollowRequestAlreadyRejectedError
+from fittrackee.users.utils.follow import create_follow_request
+
+
+class AbstractActivity(ABC):
+    def __init__(self, activity_dict: Dict) -> None:
+        self.activity = activity_dict
+
+    @abstractmethod
+    def process_activity(self) -> None:
+        pass
+
+
+class FollowActivity(AbstractActivity):
+    def process_activity(self) -> None:
+        followed_actor = Actor.query.filter_by(
+            activitypub_id=self.activity['object']
+        ).first()
+        if not followed_actor:
+            raise ActorNotFoundException(
+                message='followed actor not found for Follow Activity'
+            )
+
+        follower_actor = Actor.query.filter_by(
+            activitypub_id=self.activity['actor']
+        ).first()
+        if not follower_actor:
+            raise ActorNotFoundException(
+                message='followed actor not found for Follow Activity'
+            )
+
+        try:
+            create_follow_request(
+                follower_user_id=follower_actor.user.id,
+                followed_user=followed_actor.user,
+            )
+        except FollowRequestAlreadyRejectedError as e:
+            appLog.error('Follow activity: follow request already rejected.')
+            raise e
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index a8398aa37..c02b415f4 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -1,6 +1,16 @@
+from typing import Optional
+
 from fittrackee.exceptions import GenericException
 
 
+class ActorNotFoundException(GenericException):
+    def __init__(self, message: Optional[str] = None) -> None:
+        super().__init__(
+            status='error',
+            message=f'Actor not found{ f": {message}" if message else ""}.',
+        )
+
+
 class FederationDisabledException(GenericException):
     def __init__(self) -> None:
         super().__init__(
@@ -23,3 +33,11 @@ def __init__(self) -> None:
             status='error',
             message='Sender not found.',
         )
+
+
+class UnsupportedActivityException(GenericException):
+    def __init__(self, activity_type: str) -> None:
+        super().__init__(
+            status='error',
+            message=f"Unsupported activity '{activity_type}'.",
+        )
diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index 2265dfd3c..e55ef6ee9 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -21,6 +21,7 @@
     SignatureVerification,
     signature_header,
 )
+from .tasks.activity import handle_activity
 from .utils import is_invalid_activity_data
 
 
@@ -46,7 +47,7 @@ def inbox(
     except InvalidSignatureException:
         return UnauthorizedErrorResponse(message='Invalid signature.')
 
-    # TODO handle activity
+    handle_activity.send(activity=activity_data)
 
     return {'status': 'success'}
 
diff --git a/fittrackee/federation/tasks/__init__.py b/fittrackee/federation/tasks/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/federation/tasks/activity.py b/fittrackee/federation/tasks/activity.py
new file mode 100644
index 000000000..2d081ff04
--- /dev/null
+++ b/fittrackee/federation/tasks/activity.py
@@ -0,0 +1,12 @@
+from typing import Dict
+
+from fittrackee import dramatiq
+from fittrackee.federation.utils import get_activity_instance
+
+
+@dramatiq.actor(queue_name='fittrackee_activities')
+def handle_activity(activity: Dict) -> None:
+    activity = get_activity_instance({'type': activity['type']})(
+        activity_dict=activity
+    )
+    activity.process_activity()  # type: ignore
diff --git a/fittrackee/federation/tasks.py b/fittrackee/federation/tasks/user_inbox.py
similarity index 100%
rename from fittrackee/federation/tasks.py
rename to fittrackee/federation/tasks/user_inbox.py
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 619af654a..200848696 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,11 +1,13 @@
 import re
-from typing import Dict, Optional, Tuple
+from importlib import import_module
+from typing import Callable, Dict, Optional, Tuple
 from uuid import uuid4
 
 from Crypto.PublicKey import RSA
 from flask import current_app
 
 from .enums import ActivityType
+from .exceptions import UnsupportedActivityException
 
 
 def generate_keys() -> Tuple[str, str]:
@@ -60,3 +62,15 @@ def is_invalid_activity_data(activity_data: Dict) -> bool:
         or 'object' not in activity_data
         or activity_data['type'] not in [a.value for a in ActivityType]
     )
+
+
+def get_activity_instance(activity_dict: Dict) -> Callable:
+    activity_type = activity_dict["type"]
+    try:
+        Activity = getattr(
+            import_module('fittrackee.federation.activities'),
+            f'{activity_type}Activity',
+        )
+    except AttributeError:
+        raise UnsupportedActivityException(activity_type)
+    return Activity
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
new file mode 100644
index 000000000..91211b771
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -0,0 +1,151 @@
+import pytest
+from flask import Flask
+
+from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.enums import ActivityType
+from fittrackee.federation.exceptions import (
+    ActorNotFoundException,
+    UnsupportedActivityException,
+)
+from fittrackee.federation.models import Actor
+from fittrackee.federation.utils import (
+    generate_activity_id,
+    get_activity_instance,
+)
+from fittrackee.users.exceptions import FollowRequestAlreadyRejectedError
+from fittrackee.users.models import FollowRequest
+
+from ...utils import random_domain_with_scheme, random_string
+
+SUPPORTED_ACTIVITIES = [(f'{a.value} activity', a.value) for a in ActivityType]
+
+
+class TestActivityInstantiation:
+    @pytest.mark.parametrize(
+        'input_description,input_type', SUPPORTED_ACTIVITIES
+    )
+    def test_it_instantiates_activity_from_activity_dict(
+        self, input_description: str, input_type: str
+    ) -> None:
+        activity = get_activity_instance({'type': input_type})
+        activity_instance = activity(activity_dict={})
+        assert activity_instance.__class__.__name__ == f'{input_type}Activity'
+
+    def test_it_raises_exception_if_activity_type_is_invalid(self) -> None:
+        with pytest.raises(UnsupportedActivityException):
+            get_activity_instance({'type': random_string()})
+
+
+class TestFollowActivity:
+    def test_it_raises_error_if_target_actor_does_not_exists(
+        self, app_with_federation: Flask, remote_actor: Actor
+    ) -> None:
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': generate_activity_id(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': remote_actor.activitypub_id,
+            'object': f'{random_domain_with_scheme}/users/{random_string()}',
+        }
+
+        activity = get_activity_instance({'type': follow_activity['type']})(
+            activity_dict=follow_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='followed actor not found for Follow Activity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_remote_actor_does_not_exists(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': generate_activity_id(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': f'{random_domain_with_scheme}/users/{random_string()}',
+            'object': actor_1.activitypub_id,
+        }
+
+        activity = get_activity_instance({'type': follow_activity['type']})(
+            activity_dict=follow_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='followed actor not found for Follow Activity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_follow_request_already_rejected(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        actor_1.user.refuses_follow_request_from(remote_actor.user)
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': generate_activity_id(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': remote_actor.activitypub_id,
+            'object': actor_1.activitypub_id,
+        }
+
+        activity = get_activity_instance({'type': follow_activity['type']})(
+            activity_dict=follow_activity
+        )
+
+        with pytest.raises(FollowRequestAlreadyRejectedError):
+            activity.process_activity()
+
+    def test_it_creates_follow_request(
+        self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
+    ) -> None:
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': generate_activity_id(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': remote_actor.activitypub_id,
+            'object': actor_1.activitypub_id,
+        }
+
+        activity = get_activity_instance({'type': follow_activity['type']})(
+            activity_dict=follow_activity
+        )
+        activity.process_activity()
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=remote_actor.user.id,
+            followed_user_id=actor_1.user.id,
+        ).first()
+        assert follow_request is not None
+
+    def test_it_does_raise_error_if_pending_follow_request_already_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_activity = {
+            '@context': AP_CTX,
+            'id': generate_activity_id(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': remote_actor.activitypub_id,
+            'object': actor_1.activitypub_id,
+        }
+
+        activity = get_activity_instance({'type': follow_activity['type']})(
+            activity_dict=follow_activity
+        )
+        activity.process_activity()
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=remote_actor.user.id,
+            followed_user_id=actor_1.user.id,
+        ).first()
+        assert follow_request.updated_at is None
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks_activity.py b/fittrackee/tests/federation/federation/test_federation_tasks_activity.py
new file mode 100644
index 000000000..f383b566e
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_activity.py
@@ -0,0 +1,28 @@
+from unittest.mock import MagicMock, Mock, patch
+
+import pytest
+
+from fittrackee.federation.exceptions import UnsupportedActivityException
+from fittrackee.federation.tasks.activity import handle_activity
+
+from ...utils import random_string
+
+
+class TestHandleActivity:
+    def test_it_raises_error_if_activity_not_supported(self) -> None:
+        with pytest.raises(UnsupportedActivityException):
+            handle_activity(activity={'type': random_string()})
+
+    @patch('fittrackee.federation.tasks.activity.get_activity_instance')
+    def test_it_calls_process_activity(
+        self, get_activity_instance_mock: Mock
+    ) -> None:
+        activity_dict = {'type': random_string()}
+        activity_mock = MagicMock()
+        activity_mock.process_activity = Mock()
+        get_activity_instance_mock.return_value = activity_mock
+
+        handle_activity(activity=activity_dict)
+
+        activity_mock.assert_called_with(activity_dict=activity_dict)
+        activity_mock().process_activity.assert_called()
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks.py b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
similarity index 86%
rename from fittrackee/tests/federation/federation/test_federation_tasks.py
rename to fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
index e72ffb4d4..bb7cdeb82 100644
--- a/fittrackee/tests/federation/federation/test_federation_tasks.py
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
@@ -5,7 +5,7 @@
 
 from fittrackee.federation.exceptions import SenderNotFoundException
 from fittrackee.federation.models import Actor
-from fittrackee.federation.tasks import send_to_users_inbox
+from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
 from fittrackee.users.models import FollowRequest
 
 from ...utils import random_domain_with_scheme, random_string
@@ -25,7 +25,7 @@ def test_it_raises_error_if_sender_does_not_exist(
                 recipients=[remote_actor.inbox_url],
             )
 
-    @patch('fittrackee.federation.tasks.send_to_remote_user_inbox')
+    @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
     def test_it_calls_send_to_remote_user_inbox(
         self,
         send_to_remote_user_inbox_mock: Mock,
@@ -44,8 +44,8 @@ def test_it_calls_send_to_remote_user_inbox(
             sender=actor_1, activity=activity, recipient=remote_actor.inbox_url
         )
 
-    @patch('fittrackee.federation.tasks.send_to_remote_user_inbox')
-    def test_it_calls_send_to_remote_user_inbox_for_each_recipent(
+    @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
+    def test_it_calls_send_to_remote_user_inbox_for_each_recipient(
         self,
         send_to_remote_user_inbox_mock: Mock,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index 4dca3533f..278b279b3 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -166,7 +166,7 @@ def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domai
         assert data['status'] == 'not found'
         assert data['message'] == 'user does not exist'
 
-    @patch('fittrackee.federation.tasks.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_users_inbox')
     def test_it_creates_follow_request(
         self,
         send_to_users_inbox_mock: Mock,
diff --git a/fittrackee/tests/federation/users/test_users_inbox.py b/fittrackee/tests/federation/users/test_users_inbox.py
index e19e7af86..578fb5515 100644
--- a/fittrackee/tests/federation/users/test_users_inbox.py
+++ b/fittrackee/tests/federation/users/test_users_inbox.py
@@ -1,10 +1,11 @@
 import json
-from typing import Dict
-from unittest.mock import patch
+from typing import Dict, Tuple
+from unittest.mock import Mock, patch
 
 import pytest
 import requests
 from flask import Flask
+from werkzeug.test import TestResponse
 
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
@@ -19,8 +20,53 @@
     random_string,
 )
 
+# Prevent pytest from collecting TestResponse as test
+TestResponse.__test__ = False  # type: ignore
+
 
 class TestUserInbox(ApiTestCaseMixin):
+    @staticmethod
+    def post_to_user_inbox(
+        app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+    ) -> Tuple[Dict, TestResponse]:
+        actor_2.generate_keys()
+        host = random_domain()
+        date_str = get_date_string()
+        client = app_with_federation.test_client()
+        inbox_path = f'/api/users/{actor_1.preferred_username}/inbox'
+        follow_activity: Dict = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.FOLLOW.value,
+            'actor': actor_2.activitypub_id,
+            'object': actor_1.activitypub_id,
+        }
+
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_2.serialize(),
+            )
+            requests_mock.path = inbox_path
+            response = client.post(
+                inbox_path,
+                content_type='application/json',
+                headers={
+                    'Host': host,
+                    'Date': date_str,
+                    'Signature': signature_header(
+                        host=host,
+                        path=inbox_path,
+                        date_str=date_str,
+                        actor=actor_2,
+                    ),
+                    'Content-Type': 'application/ld+json',
+                },
+                data=json.dumps(follow_activity),
+            )
+
+        return follow_activity, response
+
     def test_it_returns_404_if_user_does_not_exist(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
@@ -123,45 +169,32 @@ def test_it_returns_401_if_signature_is_invalid(
         assert 'error' in data['status']
         assert 'Invalid signature.' in data['message']
 
+    @patch('fittrackee.federation.inbox.handle_activity')
     def test_it_returns_200_if_activity_and_signature_are_valid(
-        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+        self,
+        handle_activity: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
     ) -> None:
-        actor_2.generate_keys()
-        host = random_domain()
-        date_str = get_date_string()
-        client = app_with_federation.test_client()
-        path = f'/api/users/{actor_1.preferred_username}/inbox'
-        follow_activity = {
-            '@context': AP_CTX,
-            'id': random_string(),
-            'type': ActivityType.FOLLOW.value,
-            'actor': actor_2.activitypub_id,
-            'object': actor_1.activitypub_id,
-        }
-
-        with patch.object(requests, 'get') as requests_mock:
-            requests_mock.return_value = generate_response(
-                status_code=200,
-                content=actor_2.serialize(),
-            )
-            requests_mock.path = path
-            response = client.post(
-                path,
-                content_type='application/json',
-                headers={
-                    'Host': host,
-                    'Date': date_str,
-                    'Signature': signature_header(
-                        host=host,
-                        path=path,
-                        date_str=date_str,
-                        actor=actor_2,
-                    ),
-                    'Content-Type': 'application/ld+json',
-                },
-                data=json.dumps(follow_activity),
-            )
+        _, response = self.post_to_user_inbox(
+            app_with_federation, actor_1, actor_2
+        )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
+
+    @patch('fittrackee.federation.inbox.handle_activity')
+    def test_it_calls_handle_activity_task(
+        self,
+        handle_activity: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+    ) -> None:
+        activity_dict, response = self.post_to_user_inbox(
+            app_with_federation, actor_1, actor_2
+        )
+
+        handle_activity.send.assert_called_with(activity=activity_dict)
diff --git a/fittrackee/users/exceptions.py b/fittrackee/users/exceptions.py
index 9e1b542dd..91ec2f679 100644
--- a/fittrackee/users/exceptions.py
+++ b/fittrackee/users/exceptions.py
@@ -2,6 +2,10 @@ class FollowRequestAlreadyProcessedError(Exception):
     ...
 
 
+class FollowRequestAlreadyRejectedError(Exception):
+    ...
+
+
 class NotExistingFollowRequestError(Exception):
     ...
 
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 5c3064644..27ed9e4fb 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -12,7 +12,7 @@
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.federation.models import Actor
-from fittrackee.federation.tasks import send_to_users_inbox
+from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
 from fittrackee.federation.utils import generate_activity_id
 from fittrackee.workouts.models import Workout
 
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 3c547f2c0..57a5328bc 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -23,9 +23,13 @@
 from fittrackee.workouts.models import Record, Workout, WorkoutSegment
 
 from .decorators import authenticate, authenticate_as_admin
-from .exceptions import UserNotFoundException
-from .models import FollowRequest, User, UserSportPreference
+from .exceptions import (
+    FollowRequestAlreadyRejectedError,
+    UserNotFoundException,
+)
+from .models import User, UserSportPreference
 from .utils.admin import set_admin_rights
+from .utils.follow import create_follow_request
 
 users_blueprint = Blueprint('users', __name__)
 
@@ -627,17 +631,13 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         target_user = actor.user
 
     if target_user:
-        existing_follow_request = FollowRequest.query.filter_by(
-            follower_user_id=auth_user.id, followed_user_id=target_user.id
-        ).first()
-        if existing_follow_request:
-            if existing_follow_request.is_rejected():
-                return ForbiddenErrorResponse()
-            else:
-                return successful_response_dict
-
-        auth_user = User.query.filter_by(id=auth_user.id).first()
-        auth_user.send_follow_request_to(target_user)
+        try:
+            create_follow_request(
+                follower_user_id=auth_user.id,
+                followed_user=target_user,
+            )
+        except FollowRequestAlreadyRejectedError:
+            return ForbiddenErrorResponse()
         return successful_response_dict
 
     return UserNotFoundErrorResponse()
diff --git a/fittrackee/users/utils/follow.py b/fittrackee/users/utils/follow.py
new file mode 100644
index 000000000..ef4193e86
--- /dev/null
+++ b/fittrackee/users/utils/follow.py
@@ -0,0 +1,15 @@
+from ..exceptions import FollowRequestAlreadyRejectedError
+from ..models import FollowRequest, User
+
+
+def create_follow_request(follower_user_id: int, followed_user: User) -> None:
+    existing_follow_request = FollowRequest.query.filter_by(
+        follower_user_id=follower_user_id, followed_user_id=followed_user.id
+    ).first()
+    if existing_follow_request:
+        if existing_follow_request.is_rejected():
+            raise FollowRequestAlreadyRejectedError()
+        return
+
+    auth_user = User.query.filter_by(id=follower_user_id).first()
+    auth_user.send_follow_request_to(followed_user)

From f9d009c6cca676f2d282df5458d8a5fc43ffd954 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 26 Jun 2021 21:15:17 +0200
Subject: [PATCH 025/238] API - add keys generation in migration and fix actor
 urls

---
 fittrackee/federation/utils.py                 |  2 +-
 .../23_8842c351a2d8_init_federation.py         | 16 ++++++++++------
 .../federation/test_federation_models.py       | 18 +++++++++---------
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 200848696..1ef8636f1 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -32,7 +32,7 @@ def get_ap_url(username: str, url_type: str) -> str:
     - 'followers'
     - 'shared_inbox'
     """
-    ap_url = f"{current_app.config['AP_DOMAIN']}/federation/"
+    ap_url = f"https://{current_app.config['AP_DOMAIN']}/federation/"
     ap_url_user = f'{ap_url}user/{username}'
     if url_type == 'user_url':
         return ap_url_user
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index e254f1256..fe394de27 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -11,7 +11,7 @@
 import sqlalchemy as sa
 from alembic import op
 
-from fittrackee.federation.utils import get_ap_url
+from fittrackee.federation.utils import generate_keys, get_ap_url, remove_url_scheme
 
 
 # revision identifiers, used by Alembic.
@@ -41,7 +41,8 @@ def upgrade():
         sa.UniqueConstraint('name'),
     )
 
-    domain = os.environ['UI_URL']
+    # create local domain (even if federation is not enabled)
+    domain = remove_url_scheme(os.environ['UI_URL'])
     created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
     op.execute(
         "INSERT INTO domains (name, created_at, is_allowed)"
@@ -87,7 +88,7 @@ def upgrade():
         'users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id']
     )
 
-    # create local actors
+    # create local actors with keys (even if federation is not enabled)
     user_helper = sa.Table(
         'users',
         sa.MetaData(),
@@ -98,14 +99,17 @@ def upgrade():
     domain = connection.execute(domain_table.select()).fetchone()
     for user in connection.execute(user_helper.select()):
         created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
+        public_key, private_key = generate_keys()
         op.execute(
             "INSERT INTO actors ("
-            "activitypub_id, domain_id, preferred_username, followers_url, "
-            "following_url, inbox_url, outbox_url, shared_inbox_url, "
-            "created_at, manually_approves_followers) "
+            "activitypub_id, domain_id, preferred_username, public_key, "
+            "private_key, followers_url, following_url, inbox_url, "
+            "outbox_url, shared_inbox_url, created_at, "
+            "manually_approves_followers) "
             "VALUES ("
             f"'{get_ap_url(user.username, 'user_url')}', "
             f"{domain.id}, '{user.username}', "
+            f"'{public_key}', '{private_key}', "
             f"'{get_ap_url(user.username, 'followers')}', "
             f"'{get_ap_url(user.username, 'following')}', "
             f"'{get_ap_url(user.username, 'inbox')}', "
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index eddc6c635..6a926c4fc 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -80,20 +80,20 @@ def test_it_returns_serialized_object(
             serialized_actor['preferredUsername'] == actor_1.preferred_username
         )
         assert serialized_actor['name'] == actor_1.user.username
-        assert (
-            serialized_actor['inbox']
-            == f'{ap_url}/federation/user/{actor_1.preferred_username}/inbox'
+        assert serialized_actor['inbox'] == (
+            f'https://{ap_url}/federation/user/'
+            f'{actor_1.preferred_username}/inbox'
         )
-        assert (
-            serialized_actor['outbox']
-            == f'{ap_url}/federation/user/{actor_1.preferred_username}/outbox'
+        assert serialized_actor['outbox'] == (
+            f'https://{ap_url}/federation/user/'
+            f'{actor_1.preferred_username}/outbox'
         )
         assert serialized_actor['followers'] == (
-            f'{ap_url}/federation/user/'
+            f'https://{ap_url}/federation/user/'
             f'{actor_1.preferred_username}/followers'
         )
         assert serialized_actor['following'] == (
-            f'{ap_url}/federation/user/'
+            f'https://{ap_url}/federation/user/'
             f'{actor_1.preferred_username}/following'
         )
         assert serialized_actor['manuallyApprovesFollowers'] is True
@@ -105,7 +105,7 @@ def test_it_returns_serialized_object(
         assert 'publicKeyPem' in serialized_actor['publicKey']
         assert (
             serialized_actor['endpoints']['sharedInbox']
-            == f'{ap_url}/federation/inbox'
+            == f'https://{ap_url}/federation/inbox'
         )
 
     def test_generated_key_is_valid(

From 2cdcc6fdf67d04bf89e306df9d4374c41d82cd09 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 26 Jun 2021 21:55:23 +0200
Subject: [PATCH 026/238] API - create actor on user registration

---
 .../tests/federation/users/test_auth_api.py   | 35 +++++++++++++++++++
 fittrackee/tests/users/test_auth_api.py       |  5 +++
 fittrackee/users/auth.py                      |  2 ++
 fittrackee/users/models.py                    | 13 ++++++-
 4 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 fittrackee/tests/federation/users/test_auth_api.py

diff --git a/fittrackee/tests/federation/users/test_auth_api.py b/fittrackee/tests/federation/users/test_auth_api.py
new file mode 100644
index 000000000..4ec21baa8
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_auth_api.py
@@ -0,0 +1,35 @@
+import json
+
+from flask import Flask
+
+from fittrackee.users.models import User
+
+
+def assert_actor_is_created(app: Flask) -> None:
+    client = app.test_client()
+    username = 'justatest'
+
+    client.post(
+        '/api/auth/register',
+        data=json.dumps(
+            dict(
+                username=username,
+                email='test@test.com',
+                password='12345678',
+                password_conf='12345678',
+            )
+        ),
+        content_type='application/json',
+    )
+
+    user = User.query.filter_by(username=username).first()
+    assert user.actor.preferred_username == username
+    assert user.actor.public_key is not None
+    assert user.actor.private_key is not None
+
+
+class TestUserRegistration:
+    def test_it_creates_actor_on_user_registration(
+        self, app_with_federation: Flask
+    ) -> None:
+        assert_actor_is_created(app=app_with_federation)
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index c68e31c6b..e71660650 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -11,6 +11,7 @@
 from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout
 
+from ..federation.users.test_auth_api import assert_actor_is_created
 from ..test_case_mixins import ApiTestCaseMixin
 
 
@@ -38,6 +39,10 @@ def test_user_can_register(self, app: Flask) -> None:
         assert response.content_type == 'application/json'
         assert response.status_code == 201
 
+    def test_it_creates_actor_on_user_registration(self, app: Flask) -> None:
+        """it must create actor even if federation is disabled"""
+        assert_actor_is_created(app=app)
+
     @pytest.mark.parametrize(
         'input_username',
         ['test', 'TEST'],
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 5855cf124..35e1c558e 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -138,6 +138,8 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
         new_user.timezone = 'Europe/Paris'
         db.session.add(new_user)
         db.session.commit()
+        # create actor even if federation is disabled
+        new_user.create_actor()
         # generate auth token
         auth_token = new_user.encode_auth_token(new_user.id)
         return {
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 27ed9e4fb..5d9df6d43 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -11,7 +11,7 @@
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import FederationDisabledException
-from fittrackee.federation.models import Actor
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
 from fittrackee.federation.utils import generate_activity_id
 from fittrackee.workouts.models import Workout
@@ -237,6 +237,17 @@ def get_user_url(self) -> str:
         """Return user url on user interface"""
         return f"{current_app.config['UI_URL']}/users/{self.username}"
 
+    def create_actor(self) -> None:
+        app_domain = Domain.query.filter_by(
+            name=current_app.config['AP_DOMAIN']
+        ).first()
+        actor = Actor(username=self.username, domain_id=app_domain.id)
+        db.session.add(actor)
+        db.session.flush()
+        self.actor_id = actor.id
+        actor.generate_keys()
+        db.session.commit()
+
     def serialize(self) -> Dict:
         sports = []
         total = (0, '0:00:00')

From a130070e11303bf604d7ead7fec01ef88ec9aa61 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 13:53:46 +0100
Subject: [PATCH 027/238] API - create remote actor

---
 fittrackee/federation/federation.py           |  91 ++++-
 fittrackee/federation/inbox.py                |   8 +-
 fittrackee/federation/models.py               |  43 ++-
 fittrackee/federation/remote_user.py          |  16 +
 fittrackee/federation/tasks/user_inbox.py     |   6 +-
 .../23_8842c351a2d8_init_federation.py        |  30 +-
 fittrackee/tests/conftest.py                  |   2 +
 .../federation/test_federation_federation.py  | 341 +++++++++++++++++-
 .../federation/test_federation_models.py      |  13 +-
 .../test_federation_remote_inbox.py           |  12 +-
 .../test_federation_tasks_user_inbox.py       |   4 +-
 .../federation/federation/test_remote_user.py |  41 +++
 .../tests/fixtures/fixtures_federation.py     |  36 +-
 fittrackee/tests/utils.py                     |  54 +++
 fittrackee/users/models.py                    |  33 +-
 15 files changed, 661 insertions(+), 69 deletions(-)
 create mode 100644 fittrackee/federation/remote_user.py
 create mode 100644 fittrackee/tests/federation/federation/test_remote_user.py

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 4de1de76b..bc29e6326 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -1,6 +1,18 @@
-from flask import Blueprint
+from typing import Dict, Union
+from urllib.parse import urlparse
 
-from fittrackee.responses import HttpResponse, UserNotFoundErrorResponse
+from flask import Blueprint, request
+
+from fittrackee import db
+from fittrackee.federation.exceptions import ActorNotFoundException
+from fittrackee.federation.remote_user import get_remote_user
+from fittrackee.responses import (
+    HttpResponse,
+    InvalidPayloadErrorResponse,
+    UserNotFoundErrorResponse,
+)
+from fittrackee.users.decorators import authenticate
+from fittrackee.users.models import User
 
 from .decorators import federation_required
 from .models import Actor, Domain
@@ -24,3 +36,78 @@ def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
         response=actor.serialize(),
         content_type='application/jrd+json; charset=utf-8',
     )
+
+
+@ap_federation_blueprint.route('/remote-user', methods=['POST'])
+@federation_required
+@authenticate
+def remote_actor(
+    app_domain: Domain, auth_user: User
+) -> Union[Dict, HttpResponse]:
+    remote_actor_url = (
+        request.get_json(silent=True).get('actor_url')  # type: ignore
+        if request.get_json(silent=True) is not None
+        else None
+    )
+    if not remote_actor_url:
+        return InvalidPayloadErrorResponse()
+
+    # check if domain already exists
+    remote_domain_name = urlparse(remote_actor_url).netloc
+    remote_domain = Domain.query.filter_by(name=remote_domain_name).first()
+    if not remote_domain:
+        remote_domain = Domain(name=remote_domain_name)
+        db.session.add(remote_domain)
+        db.session.flush()
+
+    if not remote_domain.is_remote:
+        return InvalidPayloadErrorResponse(
+            message='The provided account is not a remote account.'
+        )
+
+    try:
+        remote_actor_object = get_remote_user(remote_actor_url)
+    except ActorNotFoundException:
+        return InvalidPayloadErrorResponse(
+            message='Can not fetch remote actor.'
+        )
+
+    # check if actor already exists
+    try:
+        actor = Actor.query.filter_by(
+            preferred_username=remote_actor_object['preferredUsername'],
+            domain_id=remote_domain.id,
+        ).first()
+    except KeyError:
+        return InvalidPayloadErrorResponse(
+            message='Invalid remote actor object.'
+        )
+    if not actor:
+        try:
+            actor = Actor(
+                preferred_username=remote_actor_object['preferredUsername'],
+                domain_id=remote_domain.id,
+                remote_user_data=remote_actor_object,
+            )
+        except KeyError:
+            return InvalidPayloadErrorResponse(
+                message='Invalid remote actor object.'
+            )
+        db.session.add(actor)
+        db.session.flush()
+        user = User(
+            username=remote_actor_object['name'],
+            email=None,
+            password=None,
+        )
+        db.session.add(user)
+        user.actor_id = actor.id
+    else:
+        actor.update_remote_data(remote_actor_object)
+        actor.user.username = remote_actor_object['name']
+    db.session.commit()
+
+    return HttpResponse(
+        response=actor.serialize(),
+        content_type='application/jrd+json; charset=utf-8',
+    )
diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index e55ef6ee9..50c2f0649 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -53,10 +53,10 @@ def inbox(
 
 
 def send_to_remote_user_inbox(
-    sender: Actor, activity: Dict, recipient: Actor
+    sender: Actor, activity: Dict, recipient_inbox_url: str
 ) -> None:
     now_str = datetime.utcnow().strftime(VALID_DATE_FORMAT)
-    parsed_inbox_url = urlparse(recipient.inbox_url)
+    parsed_inbox_url = urlparse(recipient_inbox_url)
     signed_header = signature_header(
         host=parsed_inbox_url.netloc,
         path=parsed_inbox_url.path,
@@ -64,7 +64,7 @@ def send_to_remote_user_inbox(
         actor=sender,
     )
     response = requests.post(
-        recipient.inbox_url,
+        recipient_inbox_url,
         data=dumps(activity),
         headers={
             "Host": parsed_inbox_url.netloc,
@@ -75,7 +75,7 @@ def send_to_remote_user_inbox(
     )
     if response.status_code >= 400:
         appLog.error(
-            f"Error when send to user inbox '{recipient.inbox_url}', "
+            f"Error when send to user inbox '{recipient_inbox_url}', "
             f"status code: {response.status_code}, "
             f"content: {response.content.decode()}"
         )
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index fd858f9cd..50090e82f 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -84,30 +84,25 @@ def __str__(self) -> str:
 
     def __init__(
         self,
-        username: str,
+        preferred_username: str,
         domain_id: int,
         created_at: Optional[datetime] = datetime.utcnow(),
         remote_user_data: Optional[Dict] = None,
     ) -> None:
         self.created_at = created_at
         self.domain_id = domain_id
-        self.preferred_username = username
+        self.preferred_username = preferred_username
         if remote_user_data:
-            self.activitypub_id = remote_user_data['id']
-            self.followers_url = remote_user_data['followers']
-            self.following_url = remote_user_data['following']
-            self.inbox_url = remote_user_data['inbox']
-            self.outbox_url = remote_user_data['outbox']
-            self.shared_inbox_url = remote_user_data.get('endpoints', {}).get(
-                'sharedInbox'
-            )
+            self.update_remote_data(remote_user_data)
         else:
-            self.activitypub_id = get_ap_url(username, 'user_url')
-            self.followers_url = get_ap_url(username, 'followers')
-            self.following_url = get_ap_url(username, 'following')
-            self.inbox_url = get_ap_url(username, 'inbox')
-            self.outbox_url = get_ap_url(username, 'outbox')
-            self.shared_inbox_url = get_ap_url(username, 'shared_inbox')
+            self.activitypub_id = get_ap_url(preferred_username, 'user_url')
+            self.followers_url = get_ap_url(preferred_username, 'followers')
+            self.following_url = get_ap_url(preferred_username, 'following')
+            self.inbox_url = get_ap_url(preferred_username, 'inbox')
+            self.outbox_url = get_ap_url(preferred_username, 'outbox')
+            self.shared_inbox_url = get_ap_url(
+                preferred_username, 'shared_inbox'
+            )
 
     def generate_keys(self) -> None:
         self.public_key, self.private_key = generate_keys()
@@ -122,6 +117,22 @@ def name(self) -> Optional[str]:
             return self.user.username
         return None
 
+    def update_remote_data(self, remote_user_data: Dict) -> None:
+        self.activitypub_id = remote_user_data['id']
+        self.type = ActorType(remote_user_data['type'])
+        self.manually_approves_followers = remote_user_data[
+            'manuallyApprovesFollowers'
+        ]
+        self.followers_url = remote_user_data['followers']
+        self.following_url = remote_user_data['following']
+        self.inbox_url = remote_user_data['inbox']
+        self.outbox_url = remote_user_data['outbox']
+        self.shared_inbox_url = remote_user_data.get('endpoints', {}).get(
+            'sharedInbox'
+        )
+        self.public_key = remote_user_data['publicKey']['publicKeyPem']
+        self.last_fetch_date = datetime.utcnow()
+
     def serialize(self) -> Dict:
         return {
             '@context': AP_CTX,
diff --git a/fittrackee/federation/remote_user.py b/fittrackee/federation/remote_user.py
new file mode 100644
index 000000000..675b0f377
--- /dev/null
+++ b/fittrackee/federation/remote_user.py
@@ -0,0 +1,16 @@
+from typing import Dict
+
+import requests
+
+from fittrackee.federation.exceptions import ActorNotFoundException
+
+
+def get_remote_user(actor_url: str) -> Dict:
+    response = requests.get(
+        actor_url,
+        headers={'Accept': 'application/activity+json'},
+    )
+    if response.status_code >= 400:
+        raise ActorNotFoundException()
+
+    return response.json()
diff --git a/fittrackee/federation/tasks/user_inbox.py b/fittrackee/federation/tasks/user_inbox.py
index f1c9f8c51..e53b36b07 100644
--- a/fittrackee/federation/tasks/user_inbox.py
+++ b/fittrackee/federation/tasks/user_inbox.py
@@ -14,7 +14,9 @@ def send_to_users_inbox(
     if not sender:
         appLog.error('Sender not found when sending to users inbox.')
         raise SenderNotFoundException()
-    for recipient in recipients:
+    for recipient_inbox_url in recipients:
         send_to_remote_user_inbox(
-            sender=sender, activity=activity, recipient=recipient
+            sender=sender,
+            activity=activity,
+            recipient_inbox_url=recipient_inbox_url,
         )
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index fe394de27..532d51bf9 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -87,7 +87,19 @@ def upgrade():
     op.create_foreign_key(
         'users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id']
     )
-
+    op.drop_constraint('users_username_key', 'users', type_='unique')
+    op.alter_column(
+        'users', 'username', existing_type=sa.String(length=20),
+        type_=sa.String(length=50), existing_nullable=False
+    )
+    # user email and password are empty for remote actors
+    op.alter_column(
+        'users', 'email', existing_type=sa.VARCHAR(length=120), nullable=True
+    )
+    op.alter_column(
+        'users', 'password', existing_type=sa.VARCHAR(length=255),
+        nullable=True
+    )
     # create local actors with keys (even if federation is not enabled)
     user_helper = sa.Table(
         'users',
@@ -125,6 +137,9 @@ def upgrade():
         op.execute(
             f'UPDATE users SET actor_id = {actor.id} WHERE users.id = {user.id}'
         )
+    op.create_unique_constraint(
+        'username_actor_id_unique', 'users', ['username', 'actor_id']
+    )
 
     op.create_table(
         'follow_requests',
@@ -148,12 +163,25 @@ def upgrade():
 def downgrade():
     op.drop_table('follow_requests')
 
+    op.drop_constraint('username_actor_id_unique', 'users', type_='unique')
+    op.alter_column(
+        'users', 'username', existing_type=sa.String(length=50),
+        type_=sa.String(length=20), existing_nullable=False
+    )
+    op.alter_column(
+        'users', 'password', existing_type=sa.VARCHAR(length=255),
+        nullable=False
+    )
+    op.alter_column(
+        'users', 'email', existing_type=sa.VARCHAR(length=120), nullable=False
+    )
     op.drop_constraint('users_actor_id_fkey', 'users', type_='foreignkey')
     op.drop_constraint('users_actor_id_key', 'users', type_='unique')
     op.drop_column('users', 'actor_id')
 
     op.drop_table('actors')
     op.execute('DROP TYPE actor_types')
+    op.create_unique_constraint('users_username_key', 'users', ['username'])
 
     op.drop_table('domains')
 
diff --git a/fittrackee/tests/conftest.py b/fittrackee/tests/conftest.py
index a36ba6d9f..ae34cb95d 100644
--- a/fittrackee/tests/conftest.py
+++ b/fittrackee/tests/conftest.py
@@ -2,6 +2,8 @@
 
 os.environ['FLASK_ENV'] = 'testing'
 os.environ['APP_SETTINGS'] = 'fittrackee.config.TestingConfig'
+os.environ['UI_URL'] = 'https://0.0.0.0:5000'
+os.environ['SENDER_EMAIL'] = 'fittrackee@example.com'
 # to avoid resetting dev database during tests
 os.environ['DATABASE_URL'] = os.environ['DATABASE_TEST_URL']
 
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index 6b840af3d..f8eb3d1fa 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -1,9 +1,20 @@
 import json
+from unittest.mock import patch
 from uuid import uuid4
 
 from flask import Flask
 
-from fittrackee.federation.models import Actor
+from fittrackee.federation.exceptions import ActorNotFoundException
+from fittrackee.federation.models import Actor, Domain
+from fittrackee.users.models import User
+
+from ...test_case_mixins import ApiTestCaseMixin
+from ...utils import (
+    get_remote_user_object,
+    random_actor_url,
+    random_domain_with_scheme,
+    random_string,
+)
 
 
 class TestFederationUser:
@@ -57,3 +68,331 @@ def test_it_returns_error_if_federation_is_disabled(
             'error, federation is disabled for this instance'
             in data['message']
         )
+
+
+class TestRemoteUser(ApiTestCaseMixin):
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+        response = client.post(
+            '/federation/remote-user',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+            data=json.dumps({'actor_url': random_actor_url()}),
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, federation is disabled for this instance'
+            in data['message']
+        )
+
+    def test_it_returns_error_if_user_is_not_logged(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
+        response = client.post(
+            '/federation/remote-user',
+            content_type='application/json',
+            data=json.dumps({'actor_url': random_actor_url()}),
+        )
+
+        assert response.status_code == 401
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'provide a valid auth token' in data['message']
+
+    def test_it_returns_400_if_remote_user_url_is_missing(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        response = client.post(
+            '/federation/remote-user',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'invalid payload' in data['message']
+
+    def test_it_returns_error_if_remote_instance_returns_error(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.side_effect = ActorNotFoundException()
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps({'actor_url': random_actor_url()}),
+            )
+
+            assert response.status_code == 400
+            data = json.loads(response.data.decode())
+            assert 'error' in data['status']
+            assert 'Can not fetch remote actor.' in data['message']
+
+    def test_it_returns_error_if_remote_actor_object_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = {}
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps({'actor_url': random_actor_url()}),
+            )
+
+            assert response.status_code == 400
+            data = json.loads(response.data.decode())
+            assert 'error' in data['status']
+            assert 'Invalid remote actor object.' in data['message']
+
+    def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
+        self, app_with_federation: Flask, actor_1: Actor, remote_domain: Domain
+    ) -> None:
+        remote_username = random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = {
+                'preferredUsername': remote_username,
+            }
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps(
+                    {
+                        'actor_url': random_actor_url(
+                            username=remote_username,
+                            domain_with_scheme=f'https://{remote_domain.name}',
+                        )
+                    }
+                ),
+            )
+
+            assert response.status_code == 400
+            data = json.loads(response.data.decode())
+            assert 'error' in data['status']
+            assert 'Invalid remote actor object.' in data['message']
+
+    def test_it_returns_error_if_remote_domain_is_local_domain(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        remote_username = random_string()
+        domain = f"https://{ app_with_federation.config['AP_DOMAIN']}"
+        remote_user_object = get_remote_user_object(
+            username=remote_username, domain_with_scheme=domain
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps(
+                    {
+                        'actor_url': random_actor_url(
+                            username=remote_username, domain_with_scheme=domain
+                        )
+                    }
+                ),
+            )
+
+            assert response.status_code == 400
+            data = json.loads(response.data.decode())
+            assert 'error' in data['status']
+            assert (
+                'The provided account is not a remote account.'
+                in data['message']
+            )
+
+    def test_it_creates_remote_actor_if_actor_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor, remote_domain: Domain
+    ) -> None:
+        remote_username = random_string()
+        remote_preferred_username = random_string()
+        domain = f'https://{remote_domain.name}'
+        remote_user_object = get_remote_user_object(
+            username=remote_username,
+            preferred_username=remote_preferred_username,
+            domain_with_scheme=domain,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps(
+                    {
+                        'actor_url': random_actor_url(
+                            username=remote_preferred_username,
+                            domain_with_scheme=domain,
+                        )
+                    }
+                ),
+            )
+
+            assert response.status_code == 200
+            data = json.loads(response.data.decode())
+            assert data == remote_user_object
+
+    def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        remote_username = random_string()
+        remote_preferred_username = random_string()
+        domain = random_domain_with_scheme()
+        remote_user_object = get_remote_user_object(
+            username=remote_username,
+            preferred_username=remote_preferred_username,
+            domain_with_scheme=domain,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps(
+                    {
+                        'actor_url': random_actor_url(
+                            username=remote_preferred_username,
+                            domain_with_scheme=domain,
+                        )
+                    }
+                ),
+            )
+
+            assert response.status_code == 200
+            data = json.loads(response.data.decode())
+            assert data == remote_user_object
+
+    def test_it_returns_updated_remote_actor_if_remote_domain_exists(
+        self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
+    ) -> None:
+        remote_user_object = remote_actor.serialize()
+        updated_name = random_string()
+        remote_user_object['name'] = updated_name
+        last_fetched = remote_actor.last_fetch_date
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps({'actor_url': remote_actor.activitypub_id}),
+            )
+
+            assert response.status_code == 200
+            data = json.loads(response.data.decode())
+            assert data == remote_user_object
+            assert remote_actor.name == updated_name
+            assert remote_actor.last_fetch_date != last_fetched
+
+    def test_it_creates_several_remote_actors(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        """
+        check constrains on User model (especially empty password and email)
+        """
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+        with patch(
+            'fittrackee.federation.federation.get_remote_user'
+        ) as get_remote_user_mock:
+            remote_preferred_username = random_string()
+            domain = random_domain_with_scheme()
+            remote_user_object = get_remote_user_object(
+                preferred_username=remote_preferred_username,
+                domain_with_scheme=domain,
+            )
+            get_remote_user_mock.return_value = remote_user_object
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps(
+                    {
+                        'actor_url': random_actor_url(
+                            username=remote_preferred_username,
+                            domain_with_scheme=domain,
+                        )
+                    }
+                ),
+            )
+
+            assert response.status_code == 200
+            data = json.loads(response.data.decode())
+            assert data == remote_user_object
+
+            remote_preferred_username = random_string()
+            domain = random_domain_with_scheme()
+            remote_user_object = get_remote_user_object(
+                preferred_username=remote_preferred_username,
+                domain_with_scheme=domain,
+            )
+            get_remote_user_mock.return_value = remote_user_object
+            response = client.post(
+                '/federation/remote-user',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+                data=json.dumps(
+                    {
+                        'actor_url': random_actor_url(
+                            username=remote_preferred_username,
+                            domain_with_scheme=domain,
+                        )
+                    }
+                ),
+            )
+
+            assert response.status_code == 200
+            data = json.loads(response.data.decode())
+            assert data == remote_user_object
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 6a926c4fc..f5e079fbf 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -10,6 +10,8 @@
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils import get_ap_url
 
+from ...utils import random_actor_url
+
 
 class TestGetApUrl:
     def test_it_raises_error_if_url_type_is_invalid(self, app: Flask) -> None:
@@ -132,9 +134,9 @@ def test_it_returns_serialized_object(
         remote_domain: Domain,
     ) -> None:
         serialized_actor = remote_actor.serialize()
-        ap_url = remote_domain.name
-        user_url = (
-            f'{remote_domain.name}/users/{remote_actor.preferred_username}'
+        remote_domain_url = f'https://{remote_domain.name}'
+        user_url = random_actor_url(
+            remote_actor.preferred_username, remote_domain_url
         )
         assert serialized_actor['@context'] == AP_CTX
         assert serialized_actor['id'] == remote_actor.activitypub_id
@@ -159,7 +161,8 @@ def test_it_returns_serialized_object(
         )
         assert 'publicKeyPem' in serialized_actor['publicKey']
         assert (
-            serialized_actor['endpoints']['sharedInbox'] == f'{ap_url}/inbox'
+            serialized_actor['endpoints']['sharedInbox']
+            == f'{remote_domain_url}/inbox'
         )
 
 
@@ -170,5 +173,5 @@ def test_it_returns_actor_empty_name(
         domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
         ).first()
-        actor = Actor(username=uuid4().hex, domain_id=domain.id)
+        actor = Actor(preferred_username=uuid4().hex, domain_id=domain.id)
         assert actor.name is None
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
index 3e0bb569f..dd4dae4ce 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -31,7 +31,9 @@ def test_it_calls_signature_header(
 
         with freeze_time(now):
             send_to_remote_user_inbox(
-                sender=actor_1, activity={'foo': 'bar'}, recipient=remote_actor
+                sender=actor_1,
+                activity={'foo': 'bar'},
+                recipient_inbox_url=remote_actor.inbox_url,
             )
 
         signature_header_mock.assert_called_with(
@@ -60,7 +62,9 @@ def test_it_calls_requests_post(
 
         with freeze_time(now):
             send_to_remote_user_inbox(
-                sender=actor_1, activity=activity, recipient=remote_actor
+                sender=actor_1,
+                activity=activity,
+                recipient_inbox_url=remote_actor.inbox_url,
             )
 
         requests_mock.post.assert_called_with(
@@ -92,7 +96,9 @@ def test_it_logs_error_if_remote_inbox_returns_error(
         )
 
         send_to_remote_user_inbox(
-            sender=actor_1, activity={'foo': 'bar'}, recipient=remote_actor
+            sender=actor_1,
+            activity={'foo': 'bar'},
+            recipient_inbox_url=remote_actor.inbox_url,
         )
 
         assert len(caplog.records) == 1
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
index bb7cdeb82..4738029c3 100644
--- a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
@@ -41,7 +41,9 @@ def test_it_calls_send_to_remote_user_inbox(
         )
 
         send_to_remote_user_inbox_mock.assert_called_with(
-            sender=actor_1, activity=activity, recipient=remote_actor.inbox_url
+            sender=actor_1,
+            activity=activity,
+            recipient_inbox_url=remote_actor.inbox_url,
         )
 
     @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
diff --git a/fittrackee/tests/federation/federation/test_remote_user.py b/fittrackee/tests/federation/federation/test_remote_user.py
new file mode 100644
index 000000000..12462896e
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_remote_user.py
@@ -0,0 +1,41 @@
+from unittest.mock import patch
+
+import pytest
+import requests
+
+from fittrackee.federation.exceptions import ActorNotFoundException
+from fittrackee.federation.remote_user import get_remote_user
+
+from ...utils import (
+    generate_response,
+    get_remote_user_object,
+    random_actor_url,
+    random_domain_with_scheme,
+    random_string,
+)
+
+
+class TestGetRemoteUser:
+    def test_it_returns_error_if_remote_instance_returns_error(self) -> None:
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(status_code=404)
+
+            with pytest.raises(ActorNotFoundException):
+                get_remote_user(random_actor_url())
+
+    def test_it_returns_user_object_if_remote_response_is_successful(
+        self,
+    ) -> None:
+        username = random_string()
+        remote_domain = random_domain_with_scheme()
+        remote_user = get_remote_user_object(username, remote_domain)
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200, content=remote_user
+            )
+
+            expected_user = get_remote_user(
+                random_actor_url(username, remote_domain)
+            )
+
+            assert remote_user == expected_user
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 82d20a4ef..6c7e5682d 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -5,13 +5,13 @@
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import User
 
-from ..utils import random_domain
+from ..utils import get_remote_user_object, random_domain
 
 
 @pytest.fixture()
 def app_actor(app: Flask) -> Actor:
     domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).first()
-    actor = Actor(username='test', domain_id=domain.id)
+    actor = Actor(preferred_username='test', domain_id=domain.id)
     db.session.add(actor)
     db.session.commit()
     return actor
@@ -22,7 +22,7 @@ def actor_1(user_1: User, app_with_federation: Flask) -> Actor:
     domain = Domain.query.filter_by(
         name=app_with_federation.config['AP_DOMAIN']
     ).first()
-    actor = Actor(username=user_1.username, domain_id=domain.id)
+    actor = Actor(preferred_username=user_1.username, domain_id=domain.id)
     db.session.add(actor)
     db.session.flush()
     user_1.actor_id = actor.id
@@ -35,7 +35,7 @@ def actor_2(user_2: User, app_with_federation: Flask) -> Actor:
     domain = Domain.query.filter_by(
         name=app_with_federation.config['AP_DOMAIN']
     ).first()
-    actor = Actor(username=user_2.username, domain_id=domain.id)
+    actor = Actor(preferred_username=user_2.username, domain_id=domain.id)
     db.session.add(actor)
     db.session.flush()
     user_2.actor_id = actor.id
@@ -48,7 +48,7 @@ def actor_3(user_3: User, app_with_federation: Flask) -> Actor:
     domain = Domain.query.filter_by(
         name=app_with_federation.config['AP_DOMAIN']
     ).first()
-    actor = Actor(username=user_3.username, domain_id=domain.id)
+    actor = Actor(preferred_username=user_3.username, domain_id=domain.id)
     db.session.add(actor)
     db.session.flush()
     user_3.actor_id = actor.id
@@ -68,30 +68,18 @@ def remote_domain(app_with_federation: Flask) -> Domain:
 def remote_actor(
     user_2: User, app_with_federation: Flask, remote_domain: Domain
 ) -> Actor:
-    user_name = user_2.username.capitalize()
-    user_url = f'{remote_domain.name}/users/{user_2.username}'
+    domain = f'https://{remote_domain.name}'
+    remote_user_object = get_remote_user_object(
+        username=user_2.username, domain_with_scheme=domain
+    )
     actor = Actor(
-        username=user_2.username,
+        preferred_username=user_2.username,
         domain_id=remote_domain.id,
-        remote_user_data={
-            '@context': [
-                'https://www.w3.org/ns/activitystreams',
-                'https://w3id.org/security/v1',
-            ],
-            'id': user_url,
-            'type': 'Person',
-            'following': f'{user_url}/following',
-            'followers': f'{user_url}/followers',
-            'inbox': f'{user_url}/inbox',
-            'outbox': f'{user_url}/outbox',
-            'name': user_name,
-            'preferredUsername': user_2.username,
-            'endpoints': {'sharedInbox': f'{remote_domain.name}/inbox'},
-        },
+        remote_user_data=remote_user_object,
     )
     db.session.add(actor)
     db.session.flush()
-    user_2.name = user_name
+    user_2.name = user_2.username.capitalize()
     user_2.actor_id = actor.id
     db.session.commit()
     return actor
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 3711f4c7d..8e3ecd948 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -53,3 +53,57 @@ def generate_response(
     )
     response.status_code = status_code if status_code else 200
     return response
+
+
+def random_full_username() -> str:
+    return f'{random_string()}@{random_domain()}'
+
+
+def random_actor_url(
+    username: Optional[str] = None, domain_with_scheme: Optional[str] = None
+) -> str:
+    username = username if username else random_string()
+    remote_domain = (
+        domain_with_scheme
+        if domain_with_scheme
+        else random_domain_with_scheme()
+    )
+    return f'{remote_domain}/users/{username}'
+
+
+def get_remote_user_object(
+    username: Optional[str] = None,
+    preferred_username: Optional[str] = None,
+    domain_with_scheme: Optional[str] = None,
+) -> Dict:
+    username = username if username else random_string()
+    preferred_username = (
+        preferred_username if preferred_username else random_string()
+    )
+    remote_domain = (
+        domain_with_scheme
+        if domain_with_scheme
+        else random_domain_with_scheme()
+    )
+    user_url = random_actor_url(username, remote_domain)
+    return {
+        '@context': [
+            'https://www.w3.org/ns/activitystreams',
+            'https://w3id.org/security/v1',
+        ],
+        'id': user_url,
+        'type': 'Person',
+        'following': f'{user_url}/following',
+        'followers': f'{user_url}/followers',
+        'inbox': f'{user_url}/inbox',
+        'outbox': f'{user_url}/outbox',
+        'name': username,
+        'preferredUsername': preferred_username,
+        'manuallyApprovesFollowers': True,
+        'publicKey': {
+            'id': f'{user_url}#main-key',
+            'owner': user_url,
+            'publicKeyPem': random_string(),
+        },
+        'endpoints': {'sharedInbox': f'{remote_domain}/inbox'},
+    }
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 5d9df6d43..777f9e43a 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -81,13 +81,20 @@ def get_activity(self) -> Dict:
 
 class User(BaseModel):
     __tablename__ = 'users'
+    __table_args__ = (
+        db.UniqueConstraint(
+            'username', 'actor_id', name='username_actor_id_unique'
+        ),
+    )
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
     actor_id = db.Column(
         db.Integer, db.ForeignKey('actors.id'), unique=True, nullable=True
     )
-    username = db.Column(db.String(20), unique=True, nullable=False)
-    email = db.Column(db.String(120), unique=True, nullable=False)
-    password = db.Column(db.String(255), nullable=False)
+    username = db.Column(db.String(50), nullable=False)
+    # Note: Null values are not considered equal
+    # source: https://www.postgresql.org/docs/current/indexes-unique.html
+    email = db.Column(db.String(120), unique=True, nullable=True)
+    password = db.Column(db.String(255), nullable=True)
     created_at = db.Column(db.DateTime, nullable=False)
     admin = db.Column(db.Boolean, default=False, nullable=False)
     first_name = db.Column(db.String(80), nullable=True)
@@ -131,15 +138,19 @@ def __repr__(self) -> str:
     def __init__(
         self,
         username: str,
-        email: str,
-        password: str,
+        email: Optional[str],
+        password: Optional[str],
         created_at: Optional[datetime] = datetime.utcnow(),
     ) -> None:
         self.username = username
-        self.email = email
-        self.password = bcrypt.generate_password_hash(
-            password, current_app.config.get('BCRYPT_LOG_ROUNDS')
-        ).decode()
+        self.email = email  # email is None for remote actor
+        self.password = (
+            bcrypt.generate_password_hash(
+                password, current_app.config.get('BCRYPT_LOG_ROUNDS')
+            ).decode()
+            if email
+            else None
+        )  # no password for remote actor
         self.created_at = created_at
 
     @staticmethod
@@ -241,7 +252,9 @@ def create_actor(self) -> None:
         app_domain = Domain.query.filter_by(
             name=current_app.config['AP_DOMAIN']
         ).first()
-        actor = Actor(username=self.username, domain_id=app_domain.id)
+        actor = Actor(
+            preferred_username=self.username, domain_id=app_domain.id
+        )
         db.session.add(actor)
         db.session.flush()
         self.actor_id = actor.id

From 209c8fbb29a9fe28aba9ee071973f4b0a408d402 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 13:55:03 +0100
Subject: [PATCH 028/238] API - add digest in HTTP headers

---
 fittrackee/federation/exceptions.py           |   4 +-
 fittrackee/federation/inbox.py                |  16 +-
 fittrackee/federation/signature.py            |  85 +++++--
 .../test_federation_remote_inbox.py           |  36 ++-
 .../tests/federation/users/test_signature.py  | 230 +++++++++++++++---
 .../federation/users/test_users_inbox.py      |   7 +-
 6 files changed, 304 insertions(+), 74 deletions(-)

diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index c02b415f4..78f8f44e5 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -20,10 +20,10 @@ def __init__(self) -> None:
 
 
 class InvalidSignatureException(GenericException):
-    def __init__(self) -> None:
+    def __init__(self, message: Optional[str] = None) -> None:
         super().__init__(
             status='error',
-            message='Invalid signature.',
+            message=f'Invalid signature{f": {message}" if message else ""}.',
         )
 
 
diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index 50c2f0649..d0fa75c30 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -19,7 +19,8 @@
 from .signature import (
     VALID_DATE_FORMAT,
     SignatureVerification,
-    signature_header,
+    get_digest,
+    get_signature_header,
 )
 from .tasks.activity import handle_activity
 from .utils import is_invalid_activity_data
@@ -57,20 +58,23 @@ def send_to_remote_user_inbox(
 ) -> None:
     now_str = datetime.utcnow().strftime(VALID_DATE_FORMAT)
     parsed_inbox_url = urlparse(recipient_inbox_url)
-    signed_header = signature_header(
+    digest = get_digest(activity)
+    signed_header = get_signature_header(
         host=parsed_inbox_url.netloc,
         path=parsed_inbox_url.path,
         date_str=now_str,
         actor=sender,
+        digest=digest,
     )
     response = requests.post(
         recipient_inbox_url,
         data=dumps(activity),
         headers={
-            "Host": parsed_inbox_url.netloc,
-            "Date": now_str,
-            "Signature": signed_header,
-            "Content-Type": "application/ld+json",
+            'Host': parsed_inbox_url.netloc,
+            'Date': now_str,
+            'Signature': signed_header,
+            'Digest': digest,
+            'Content-Type': 'application/ld+json',
         },
     )
     if response.status_code >= 400:
diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index fc7dc5404..8de363faf 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -1,4 +1,6 @@
 import base64
+import hashlib
+import json
 from datetime import datetime
 from typing import Dict, Optional
 
@@ -15,12 +17,32 @@
 
 VALID_DATE_DELTA = 30  # in seconds
 VALID_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
-VALID_SIG_KEYS = ['keyId', 'headers', 'signature']
-
-
-def signature_header(host: str, path: str, date_str: str, actor: Actor) -> str:
+VALID_SIG_KEYS = ['keyId', 'algorithm', 'headers', 'signature']
+SUPPORTED_ALGORITHMS = {
+    'rsa-sha256': {'algorithm': 'SHA-256', 'hash_function': hashlib.sha256},
+    'rsa-sha512': {'algorithm': 'SHA-512', 'hash_function': hashlib.sha512},
+}
+DEFAULT_ALGORITHM = 'rsa-sha256'
+
+
+def get_digest(activity: Dict, algorithm: Optional[str] = None) -> str:
+    algorithm_dict = SUPPORTED_ALGORITHMS[
+        DEFAULT_ALGORITHM if algorithm is None else algorithm
+    ]
+    digest = base64.b64encode(
+        algorithm_dict['hash_function'](  # type: ignore
+            json.dumps(activity).encode()
+        ).digest()
+    ).decode()
+    return f"{algorithm_dict['algorithm']}={digest}"
+
+
+def get_signature_header(
+    host: str, path: str, date_str: str, actor: Actor, digest: str
+) -> str:
     signed_string = (
-        f'(request-target): post {path}\nhost: {host}\ndate: {date_str}'
+        f'(request-target): post {path}\nhost: {host}\ndate: {date_str}\n'
+        f'digest: {digest}'
     )
     key = RSA.import_key(actor.private_key)
     key_signer = pkcs1_15.new(key)
@@ -29,7 +51,8 @@ def signature_header(host: str, path: str, date_str: str, actor: Actor) -> str:
     signature = base64.b64encode(key_signer.sign(h))
     return (
         f'keyId="{actor.activitypub_id}",'
-        'headers="(request-target) host date",'
+        'algorithm=rsa-sha256,'
+        'headers="(request-target) host date digest",'
         f'signature="' + signature.decode() + '"'
     )
 
@@ -42,6 +65,8 @@ def __init__(self, request: Request, signature_dict: Dict):
         self.key_id = signature_dict['keyId']
         self.headers = signature_dict['headers']
         self.signature = base64.b64decode(signature_dict['signature'])
+        self.algorithm = signature_dict['algorithm']
+        self.digest = request.headers.get('Digest')
 
     @classmethod
     def get_signature(cls, request: Request) -> 'SignatureVerification':
@@ -56,9 +81,12 @@ def get_signature(cls, request: Request) -> 'SignatureVerification':
             appLog.error(f'Invalid signature headers: {e} (host: {host}).')
             raise InvalidSignatureException()
 
-        if list(signature_dict.keys()) != VALID_SIG_KEYS:
+        keys_list = list(signature_dict.keys())
+        if keys_list != VALID_SIG_KEYS:
             appLog.error(
-                f'Invalid signature headers: invalid keys (host: {host}).'
+                'Invalid signature headers: invalid keys, expected: '
+                f'{VALID_SIG_KEYS}, got: {keys_list} '
+                f'(host: {host}).'
             )
             raise InvalidSignatureException()
 
@@ -87,19 +115,37 @@ def is_date_invalid(self) -> bool:
         delta = datetime.utcnow() - date
         return delta.total_seconds() > VALID_DATE_DELTA
 
+    def raise_error(self, error: str) -> None:
+        appLog.error(f'Invalid signature: {error} (host: {self.host}).')
+        raise InvalidSignatureException(error)
+
+    def verify_digest(self) -> None:
+        if self.algorithm not in SUPPORTED_ALGORITHMS.keys():
+            self.raise_error('unsupported algorithm')
+        expected_algorithm = SUPPORTED_ALGORITHMS[self.algorithm]['algorithm']
+        hash_function = SUPPORTED_ALGORITHMS[self.algorithm]['hash_function']
+
+        try:
+            if not self.digest:
+                raise Exception('No digest')
+            algorithm, digest = self.digest.split('=', 1)
+            if algorithm != expected_algorithm:
+                raise Exception('Algorithm mismatch')
+            expected = hash_function(  # type: ignore
+                self.request.data
+            ).digest()
+            if base64.b64decode(digest) != expected:
+                raise Exception()
+        except Exception:
+            self.raise_error('invalid HTTP digest')
+
     def verify(self) -> None:
         public_key = self.get_actor_public_key()
         if not public_key:
-            appLog.error(
-                f'Invalid signature: invalid public key (host: {self.host}).'
-            )
-            raise InvalidSignatureException()
+            self.raise_error('invalid public key')
 
         if self.is_date_invalid():
-            appLog.error(
-                f'Invalid signature: invalid date header (host: {self.host}).'
-            )
-            raise InvalidSignatureException()
+            self.raise_error('invalid date header')
 
         comparison = []
         for headers_part in self.headers.split(' '):
@@ -108,6 +154,8 @@ def verify(self) -> None:
                     '(request-target): post %s' % self.request.path
                 )
             else:
+                if headers_part == 'digest':
+                    self.verify_digest()
                 comparison.append(
                     "%s: %s"
                     % (
@@ -117,11 +165,10 @@ def verify(self) -> None:
                 )
         comparison_string: str = '\n'.join(comparison)
 
-        signer = pkcs1_15.new(RSA.import_key(public_key))
+        signer = pkcs1_15.new(RSA.import_key(public_key))  # type: ignore
         digest = SHA256.new()
         digest.update(comparison_string.encode())
         try:
             signer.verify(digest, self.signature)
         except ValueError:
-            appLog.error(f'Invalid signature (host: {self.host}).')
-            raise InvalidSignatureException()
+            self.raise_error('verification failed')
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
index dd4dae4ce..78e9ababf 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -15,12 +15,14 @@
 
 
 class TestSendToRemoteInbox(BaseTestMixin):
-    @patch('fittrackee.federation.inbox.signature_header')
+    @patch('fittrackee.federation.inbox.get_digest')
+    @patch('fittrackee.federation.inbox.get_signature_header')
     @patch('fittrackee.federation.inbox.requests')
-    def test_it_calls_signature_header(
+    def test_it_calls_get_signature_header(
         self,
         requests_mock: Mock,
-        signature_header_mock: Mock,
+        get_signature_header_mock: Mock,
+        get_digest_mock: Mock,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
@@ -28,6 +30,8 @@ def test_it_calls_signature_header(
         now = datetime.utcnow()
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
+        digest = random_string()
+        get_digest_mock.return_value = digest
 
         with freeze_time(now):
             send_to_remote_user_inbox(
@@ -36,19 +40,22 @@ def test_it_calls_signature_header(
                 recipient_inbox_url=remote_actor.inbox_url,
             )
 
-        signature_header_mock.assert_called_with(
+        get_signature_header_mock.assert_called_with(
             host=parsed_inbox_url.netloc,
             path=parsed_inbox_url.path,
             date_str=get_date_string(now),
             actor=actor_1,
+            digest=digest,
         )
 
-    @patch('fittrackee.federation.inbox.signature_header')
+    @patch('fittrackee.federation.inbox.get_digest')
+    @patch('fittrackee.federation.inbox.get_signature_header')
     @patch('fittrackee.federation.inbox.requests')
     def test_it_calls_requests_post(
         self,
         requests_mock: Mock,
-        signature_header_mock: Mock,
+        get_signature_header_mock: Mock,
+        get_digest_mock: Mock,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
@@ -58,7 +65,9 @@ def test_it_calls_requests_post(
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
         signed_header = random_string()
-        signature_header_mock.return_value = signed_header
+        get_signature_header_mock.return_value = signed_header
+        digest = random_string()
+        get_digest_mock.return_value = digest
 
         with freeze_time(now):
             send_to_remote_user_inbox(
@@ -71,19 +80,20 @@ def test_it_calls_requests_post(
             remote_actor.inbox_url,
             data=dumps(activity),
             headers={
-                "Host": parsed_inbox_url.netloc,
-                "Date": get_date_string(now),
-                "Signature": signed_header,
-                "Content-Type": "application/ld+json",
+                'Host': parsed_inbox_url.netloc,
+                'Date': get_date_string(now),
+                'Digest': digest,
+                'Signature': signed_header,
+                'Content-Type': 'application/ld+json',
             },
         )
 
-    @patch('fittrackee.federation.inbox.signature_header')
+    @patch('fittrackee.federation.inbox.get_signature_header')
     @patch('fittrackee.federation.inbox.requests')
     def test_it_logs_error_if_remote_inbox_returns_error(
         self,
         requests_mock: Mock,
-        signature_header_mock: Mock,
+        get_signature_header_mock: Mock,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
diff --git a/fittrackee/tests/federation/users/test_signature.py b/fittrackee/tests/federation/users/test_signature.py
index 7abd05b36..f4e15f33b 100644
--- a/fittrackee/tests/federation/users/test_signature.py
+++ b/fittrackee/tests/federation/users/test_signature.py
@@ -1,25 +1,42 @@
 import base64
+import json
 from datetime import datetime, timedelta
 from typing import Dict, Optional
 from unittest.mock import MagicMock, patch
 
 import pytest
 import requests
-from Crypto.Hash import SHA256
-from Crypto.PublicKey import RSA
-from Crypto.Signature import pkcs1_15
 from flask import Flask
 
+from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.exceptions import InvalidSignatureException
 from fittrackee.federation.models import Actor
 from fittrackee.federation.signature import (
     VALID_DATE_DELTA,
     VALID_DATE_FORMAT,
     SignatureVerification,
+    get_digest,
+    get_signature_header,
 )
 
 from ...utils import generate_response, get_date_string, random_string
 
+TEST_ACTIVITY = {
+    '@context': AP_CTX,
+    'id': random_string(),
+    'type': random_string(),
+    'actor': random_string(),
+    'object': random_string(),
+}
+
+
+class TestGetDigest:
+    def test_it_returns_digest_with_default_algorithm(self) -> None:
+        assert get_digest(TEST_ACTIVITY).startswith('SHA-256=')
+
+    def test_it_returns_digest_with_given_algorithm(self) -> None:
+        assert get_digest(TEST_ACTIVITY, 'rsa-sha512').startswith('SHA-512=')
+
 
 class SignatureVerificationTestCase:
     @staticmethod
@@ -33,49 +50,58 @@ def generate_headers(
         date_str: Optional[str] = None,  # overrides date
         date: Optional[datetime] = None,
         host: Optional[str] = None,
+        algorithm: Optional[str] = None,
+        digest: Optional[str] = None,
     ) -> Dict:
         key_id = key_id if key_id else random_string()
         signature = signature if signature else self.random_signature()
+        algorithm = algorithm if algorithm else random_string()
         signature_headers = (
-            f'keyId="{key_id}",headers="(request-target) host date",'
-            f'signature="' + signature + '"'
+            f'keyId="{key_id}",algorithm={algorithm},headers="(request-target)'
+            f' host date digest",signature="' + signature + '"'
         )
+        digest = digest if digest else random_string()
         if date_str is None:
             date_str = get_date_string(date)
         return {
             'Host': host if host else random_string(),
             'Date': date_str,
+            'Digest': digest,
             'Signature': signature_headers,
             'Content-Type': 'application/ld+json',
         }
 
     def generate_valid_headers(
-        self, host: str, actor: Actor, date_str: Optional[str] = None
+        self,
+        host: str,
+        actor: Actor,
+        activity: Dict,
+        date_str: Optional[str] = None,
     ) -> Dict:
         if date_str is None:
             now = datetime.utcnow()
             date_str = now.strftime(VALID_DATE_FORMAT)
-        signed_string = (
-            f'(request-target): post /inbox\nhost: {host}\n'
-            f'date: {date_str}'
+        digest = get_digest(activity)
+        signed_header = get_signature_header(
+            host, '/inbox', date_str, actor, digest
         )
-        key = RSA.import_key(actor.private_key)
-        key_signer = pkcs1_15.new(key)
-        encoded_string = signed_string.encode('utf-8')
-        h = SHA256.new(encoded_string)
-        signature = base64.b64encode(key_signer.sign(h))
         return self.generate_headers(
             key_id=actor.activitypub_id,
-            signature=signature.decode(),
+            signature=signed_header,
             date_str=date_str,
             host=host,
+            algorithm='rsa-sha256',
+            digest=digest,
         )
 
     @staticmethod
-    def get_request_mock(headers: Optional[Dict] = None) -> MagicMock:
+    def get_request_mock(
+        headers: Optional[Dict] = None, data: Optional[Dict] = None
+    ) -> MagicMock:
         request_mock = MagicMock()
         request_mock.headers = headers if headers else {}
         request_mock.path = '/inbox'
+        request_mock.data = json.dumps(data if data else {}).encode()
         return request_mock
 
 
@@ -91,7 +117,7 @@ def test_it_raises_error_if_headers_are_empty(self) -> None:
         [
             (
                 'missing keyId',
-                'headers="(request-target) host date",'
+                'headers="(request-target) host date digest",'
                 f'signature="{random_string()}"',
             ),
             (
@@ -101,7 +127,7 @@ def test_it_raises_error_if_headers_are_empty(self) -> None:
             (
                 'missing signature',
                 f'keyId="{random_string()}",'
-                'headers="(request-target) host date"',
+                'headers="(request-target) host date digest"',
             ),
         ],
     )
@@ -122,15 +148,20 @@ def test_it_raises_error_if_a_signature_key_is_missing(
     def test_it_instantiates_signature_verification(self) -> None:
         key_id = random_string()
         signature = self.random_signature()
+        algorithm = 'rsa-sha256'
         signature_headers = (
-            f'keyId="{key_id}",headers="(request-target) host date",'
+            f'keyId="{key_id}",algorithm={algorithm},'
+            'headers="(request-target) host date digest",'
             f'signature="' + signature + '"'
         )
         date_str = get_date_string()
+        activity = {'foo': 'bar'}
+        digest = get_digest(activity)
         valid_request_mock = self.get_request_mock(
             headers={
                 'Host': random_string(),
                 'Date': date_str,
+                'Digest': digest,
                 'Signature': signature_headers,
             }
         )
@@ -142,8 +173,10 @@ def test_it_instantiates_signature_verification(self) -> None:
         assert sig_verification.request == valid_request_mock
         assert sig_verification.date_str == date_str
         assert sig_verification.key_id == key_id
-        assert sig_verification.headers == '(request-target) host date'
+        assert sig_verification.headers == '(request-target) host date digest'
         assert sig_verification.signature == base64.b64decode(signature)
+        assert sig_verification.algorithm == algorithm
+        assert sig_verification.digest == digest
 
 
 class TestSignatureDateVerification(SignatureVerificationTestCase):
@@ -246,8 +279,76 @@ def test_it_returns_public_key(self) -> None:
             assert key == public_key
 
 
+class TestSignatureDigestVerification(SignatureVerificationTestCase):
+    @pytest.mark.parametrize(
+        'input_description,input_digest',
+        [
+            (
+                'invalid digest',
+                random_string(),
+            ),
+            (
+                'mismatched digest (different data)',
+                get_digest({"foo": "bar"}),
+            ),
+            (
+                'mismatched digest (different algo)',
+                get_digest(TEST_ACTIVITY, algorithm='rsa-sha512'),
+            ),
+        ],
+    )
+    def test_verify_raises_error_if_http_digest_is_invalid(
+        self,
+        input_description: str,
+        input_digest: str,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    algorithm='rsa-sha256',
+                    digest=input_digest,
+                ),
+                data=TEST_ACTIVITY,
+            )
+        )
+
+        with pytest.raises(
+            InvalidSignatureException, match='invalid HTTP digest'
+        ):
+            sig_verification.verify_digest()
+
+    @pytest.mark.parametrize(
+        'input_description,input_algorithm',
+        [('SHA256', 'rsa-sha256'), ('SHA512', 'rsa-sha512')],
+    )
+    def test_verify_do_not_raise_error_if_http_digest_is_valid(
+        self,
+        input_description: str,
+        input_algorithm: str,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    algorithm=input_algorithm,
+                    digest=get_digest(TEST_ACTIVITY, input_algorithm),
+                ),
+                data=TEST_ACTIVITY,
+            )
+        )
+
+        sig_verification.verify_digest()
+
+
 class TestSignatureVerify(SignatureVerificationTestCase):
-    def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
+    def test_verify_raises_error_if_header_date_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
@@ -256,21 +357,23 @@ def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
+                    date_str='',
+                    activity=TEST_ACTIVITY,
                 )
             )
         )
-        # update actor keys
-        actor_1.generate_keys()
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
                 status_code=200,
                 content=actor_1.serialize(),
             )
 
-            with pytest.raises(InvalidSignatureException):
+            with pytest.raises(
+                InvalidSignatureException, match='invalid date header'
+            ):
                 sig_verification.verify()
 
-    def test_verify_raises_error_if_header_date_is_invalid(
+    def test_verify_raises_error_if_public_key_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
@@ -279,20 +382,72 @@ def test_verify_raises_error_if_header_date_is_invalid(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
-                    date_str='',
+                    activity=TEST_ACTIVITY,
                 )
             )
         )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(status_code=404)
+
+            with pytest.raises(
+                InvalidSignatureException, match='invalid public key'
+            ):
+                sig_verification.verify()
+
+    def test_verify_raises_error_if_algorithm_is_not_supported(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        algorithm = random_string()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    algorithm=algorithm,
+                    digest=get_digest(TEST_ACTIVITY),
+                ),
+                data=TEST_ACTIVITY,
+            )
+        )
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
                 status_code=200,
                 content=actor_1.serialize(),
             )
 
-            with pytest.raises(InvalidSignatureException):
+            with pytest.raises(
+                InvalidSignatureException, match='unsupported algorithm'
+            ):
                 sig_verification.verify()
 
-    def test_verify_raises_error_if_public_key_is_invalid(
+    def test_verify_raises_error_if_http_digest_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    algorithm='rsa-sha256',
+                    digest=random_string(),
+                ),
+                data=TEST_ACTIVITY,
+            )
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
+
+            with pytest.raises(
+                InvalidSignatureException, match='invalid HTTP digest'
+            ):
+                sig_verification.verify()
+
+    def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
@@ -301,13 +456,22 @@ def test_verify_raises_error_if_public_key_is_invalid(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
-                )
+                    activity=TEST_ACTIVITY,
+                ),
+                data=TEST_ACTIVITY,
             )
         )
+        # update actor keys
+        actor_1.generate_keys()
         with patch.object(requests, 'get') as requests_mock:
-            requests_mock.return_value = generate_response(status_code=404)
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
 
-            with pytest.raises(InvalidSignatureException):
+            with pytest.raises(
+                InvalidSignatureException, match='verification failed'
+            ):
                 sig_verification.verify()
 
     def test_verify_does_not_raise_error_if_signature_is_valid(
@@ -319,7 +483,9 @@ def test_verify_does_not_raise_error_if_signature_is_valid(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
-                )
+                    activity=TEST_ACTIVITY,
+                ),
+                data=TEST_ACTIVITY,
             )
         )
         with patch.object(requests, 'get') as requests_mock:
diff --git a/fittrackee/tests/federation/users/test_users_inbox.py b/fittrackee/tests/federation/users/test_users_inbox.py
index 578fb5515..113848039 100644
--- a/fittrackee/tests/federation/users/test_users_inbox.py
+++ b/fittrackee/tests/federation/users/test_users_inbox.py
@@ -10,7 +10,7 @@
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.models import Actor
-from fittrackee.federation.signature import signature_header
+from fittrackee.federation.signature import get_digest, get_signature_header
 
 from ...test_case_mixins import ApiTestCaseMixin
 from ...utils import (
@@ -41,6 +41,7 @@ def post_to_user_inbox(
             'actor': actor_2.activitypub_id,
             'object': actor_1.activitypub_id,
         }
+        digest = get_digest(follow_activity)
 
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
@@ -54,11 +55,13 @@ def post_to_user_inbox(
                 headers={
                     'Host': host,
                     'Date': date_str,
-                    'Signature': signature_header(
+                    'Digest': digest,
+                    'Signature': get_signature_header(
                         host=host,
                         path=inbox_path,
                         date_str=date_str,
                         actor=actor_2,
+                        digest=digest,
                     ),
                     'Content-Type': 'application/ld+json',
                 },

From d1c0b64960ea7a324d37a04d44415acdb76bfa53 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 7 Jul 2021 17:48:19 +0200
Subject: [PATCH 029/238] API - refactor and fix user inbox

---
 fittrackee/federation/federation.py                   | 11 +++++++++++
 .../federation/test_federation_tasks_user_inbox.py    |  9 +++++++--
 .../{users => federation}/test_users_inbox.py         | 10 +++++-----
 fittrackee/tests/federation/users/test_users_model.py |  4 ++--
 fittrackee/users/models.py                            |  4 ++--
 fittrackee/users/users.py                             | 10 ----------
 6 files changed, 27 insertions(+), 21 deletions(-)
 rename fittrackee/tests/federation/{users => federation}/test_users_inbox.py (94%)

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index bc29e6326..4bd227694 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -15,6 +15,7 @@
 from fittrackee.users.models import User
 
 from .decorators import federation_required
+from .inbox import inbox
 from .models import Actor, Domain
 
 ap_federation_blueprint = Blueprint('ap_federation', __name__)
@@ -111,3 +112,13 @@ def remote_actor(
         response=actor.serialize(),
         content_type='application/jrd+json; charset=utf-8',
     )
+
+
+@ap_federation_blueprint.route(
+    '/user/<string:preferred_username>/inbox', methods=['POST']
+)
+@federation_required
+def user_inbox(
+    app_domain: Domain, preferred_username: str
+) -> Union[Dict, HttpResponse]:
+    return inbox(request, app_domain, preferred_username)
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
index 4738029c3..96ea6db91 100644
--- a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
@@ -15,13 +15,18 @@ class TestSendToUsersInbox:
     def test_it_raises_error_if_sender_does_not_exist(
         self,
         app_with_federation: Flask,
-        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_1_to_user_2_with_federation: FollowRequest,
         remote_actor: Actor,
     ) -> None:
         with pytest.raises(SenderNotFoundException):
             send_to_users_inbox(
                 sender_id=0,
-                activity=follow_request_from_user_1_to_user_2.get_activity(),
+                activity=(
+                    # fmt: off
+                    follow_request_from_user_1_to_user_2_with_federation.
+                    get_activity()
+                    # fmt: on
+                ),
                 recipients=[remote_actor.inbox_url],
             )
 
diff --git a/fittrackee/tests/federation/users/test_users_inbox.py b/fittrackee/tests/federation/federation/test_users_inbox.py
similarity index 94%
rename from fittrackee/tests/federation/users/test_users_inbox.py
rename to fittrackee/tests/federation/federation/test_users_inbox.py
index 113848039..875191b9a 100644
--- a/fittrackee/tests/federation/users/test_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_users_inbox.py
@@ -33,7 +33,7 @@ def post_to_user_inbox(
         host = random_domain()
         date_str = get_date_string()
         client = app_with_federation.test_client()
-        inbox_path = f'/api/users/{actor_1.preferred_username}/inbox'
+        inbox_path = f'/federation/user/{actor_1.preferred_username}/inbox'
         follow_activity: Dict = {
             '@context': AP_CTX,
             'id': random_string(),
@@ -76,7 +76,7 @@ def test_it_returns_404_if_user_does_not_exist(
         client = app_with_federation.test_client()
 
         response = client.post(
-            f'/api/users/{random_string()}/inbox',
+            f'/federation/user/{random_string()}/inbox',
             content_type='application/json',
             data=json.dumps({}),
         )
@@ -111,7 +111,7 @@ def test_it_returns_400_if_activity_is_invalid(
         client = app_with_federation.test_client()
 
         response = client.post(
-            f'/api/users/{actor_1.preferred_username}/inbox',
+            f'/federation/user/{actor_1.preferred_username}/inbox',
             content_type='application/json',
             data=json.dumps(input_activity),
         )
@@ -134,7 +134,7 @@ def test_it_returns_401_if_headers_are_missing(
         }
 
         response = client.post(
-            f'/api/users/{actor_1.preferred_username}/inbox',
+            f'/federation/user/{actor_1.preferred_username}/inbox',
             content_type='application/json',
             data=json.dumps(follow_activity),
         )
@@ -157,7 +157,7 @@ def test_it_returns_401_if_signature_is_invalid(
         }
 
         response = client.post(
-            f'/api/users/{actor_1.preferred_username}/inbox',
+            f'/federation/user/{actor_1.preferred_username}/inbox',
             content_type='application/json',
             headers={
                 'Host': random_string(),
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 8ab584f91..94c072226 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -36,7 +36,7 @@ def test_it_returns_activity_object_when_federation_is_enabled(
         expected_object_subset = {
             '@context': AP_CTX,
             'type': 'Follow',
-            'actor': actor_1.user.get_user_url(),
-            'object': f'https://{actor_2.activitypub_id}',
+            'actor': actor_1.activitypub_id,
+            'object': actor_2.activitypub_id,
         }
         assert {**activity_object, **expected_object_subset} == activity_object
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 777f9e43a..3ee2744b7 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -74,8 +74,8 @@ def get_activity(self) -> Dict:
             '@context': AP_CTX,
             'id': generate_activity_id(),
             'type': ActivityType.FOLLOW.value,
-            'actor': self.from_user.get_user_url(),
-            'object': f'https://{self.to_user.actor.activitypub_id}',
+            'actor': self.from_user.actor.activitypub_id,
+            'object': self.to_user.actor.activitypub_id,
         }
 
 
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 57a5328bc..73ede8882 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -7,8 +7,6 @@
 from sqlalchemy import exc
 
 from fittrackee import db
-from fittrackee.federation.decorators import federation_required
-from fittrackee.federation.inbox import inbox
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils import get_username_and_domain
 from fittrackee.files import get_absolute_file_path
@@ -641,11 +639,3 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         return successful_response_dict
 
     return UserNotFoundErrorResponse()
-
-
-@users_blueprint.route('/users/<user_name>/inbox', methods=['POST'])
-@federation_required
-def user_inbox(
-    app_domain: Domain, user_name: str
-) -> Union[Dict, HttpResponse]:
-    return inbox(request, app_domain, user_name)

From c50ff9c3703e252290ec41bd03a13e0b84c84bf4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 10 Jul 2021 17:51:21 +0200
Subject: [PATCH 030/238] API - minor test refactor

---
 .../test_signature.py => federation/test_federation_signature.py} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename fittrackee/tests/federation/{users/test_signature.py => federation/test_federation_signature.py} (100%)

diff --git a/fittrackee/tests/federation/users/test_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
similarity index 100%
rename from fittrackee/tests/federation/users/test_signature.py
rename to fittrackee/tests/federation/federation/test_federation_signature.py

From 177da4dada9226d8ca6086c86ffbe749f61926c7 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 10 Jul 2021 18:01:48 +0200
Subject: [PATCH 031/238] API - check if header actor is the same as activity
 actor

---
 fittrackee/federation/signature.py            |  7 ++
 .../federation/test_federation_signature.py   | 73 +++++++++++++++----
 2 files changed, 67 insertions(+), 13 deletions(-)

diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index 8de363faf..0b649b549 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -139,7 +139,14 @@ def verify_digest(self) -> None:
         except Exception:
             self.raise_error('invalid HTTP digest')
 
+    def header_actor_is_payload_actor(self) -> bool:
+        activity = json.loads(self.request.data.decode())
+        return self.key_id == activity.get('actor')
+
     def verify(self) -> None:
+        if not self.header_actor_is_payload_actor():
+            self.raise_error('invalid actor')
+
         public_key = self.get_actor_public_key()
         if not public_key:
             self.raise_error('invalid public key')
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index f4e15f33b..1d8048e08 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -104,6 +104,18 @@ def get_request_mock(
         request_mock.data = json.dumps(data if data else {}).encode()
         return request_mock
 
+    @staticmethod
+    def get_activity(actor: Optional[Actor] = None) -> Dict:
+        return {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': random_string(),
+            'actor': (
+                random_string() if actor is None else actor.activitypub_id
+            ),
+            'object': random_string(),
+        }
+
 
 class TestSignatureVerificationInstantiation(SignatureVerificationTestCase):
     def test_it_raises_error_if_headers_are_empty(self) -> None:
@@ -332,15 +344,16 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
         app_with_federation: Flask,
         actor_1: Actor,
     ) -> None:
+        activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
                     algorithm=input_algorithm,
-                    digest=get_digest(TEST_ACTIVITY, input_algorithm),
+                    digest=get_digest(activity, input_algorithm),
                 ),
-                data=TEST_ACTIVITY,
+                data=activity,
             )
         )
 
@@ -348,18 +361,45 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
 
 
 class TestSignatureVerify(SignatureVerificationTestCase):
+    def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
+        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+    ) -> None:
+        actor_1.generate_keys()
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_valid_headers(
+                    host=app_with_federation.config['AP_DOMAIN'],
+                    actor=actor_1,
+                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    activity=self.get_activity(actor=actor_2),
+                )
+            )
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
+
+            with pytest.raises(
+                InvalidSignatureException, match='invalid actor'
+            ):
+                sig_verification.verify()
+
     def test_verify_raises_error_if_header_date_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
+        activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
                     date_str='',
-                    activity=TEST_ACTIVITY,
-                )
+                    activity=self.get_activity(actor=actor_1),
+                ),
+                data=activity,
             )
         )
         with patch.object(requests, 'get') as requests_mock:
@@ -377,13 +417,15 @@ def test_verify_raises_error_if_public_key_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
+        activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
-                    activity=TEST_ACTIVITY,
-                )
+                    activity=activity,
+                ),
+                data=activity,
             )
         )
         with patch.object(requests, 'get') as requests_mock:
@@ -399,15 +441,17 @@ def test_verify_raises_error_if_algorithm_is_not_supported(
     ) -> None:
         actor_1.generate_keys()
         algorithm = random_string()
+        activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
+                    key_id=actor_1.activitypub_id,
                     date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
                     algorithm=algorithm,
-                    digest=get_digest(TEST_ACTIVITY),
+                    digest=get_digest(activity),
                 ),
-                data=TEST_ACTIVITY,
+                data=activity,
             )
         )
         with patch.object(requests, 'get') as requests_mock:
@@ -429,11 +473,12 @@ def test_verify_raises_error_if_http_digest_is_invalid(
             self.get_request_mock(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
+                    key_id=actor_1.activitypub_id,
                     date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
                     algorithm='rsa-sha256',
                     digest=random_string(),
                 ),
-                data=TEST_ACTIVITY,
+                data=self.get_activity(actor=actor_1),
             )
         )
         with patch.object(requests, 'get') as requests_mock:
@@ -451,14 +496,15 @@ def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
+        activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
-                    activity=TEST_ACTIVITY,
+                    activity=activity,
                 ),
-                data=TEST_ACTIVITY,
+                data=activity,
             )
         )
         # update actor keys
@@ -478,14 +524,15 @@ def test_verify_does_not_raise_error_if_signature_is_valid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         actor_1.generate_keys()
+        activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=actor_1,
-                    activity=TEST_ACTIVITY,
+                    activity=activity,
                 ),
-                data=TEST_ACTIVITY,
+                data=activity,
             )
         )
         with patch.object(requests, 'get') as requests_mock:

From 17b1ad64c42cfcdad5e406fdc8161ac8d04981ad Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:04:21 +0100
Subject: [PATCH 032/238] API - update federation endpoints documentation

---
 fittrackee/federation/federation.py | 140 ++++++++++++++++++++++++++++
 fittrackee/federation/nodeinfo.py   |  69 ++++++++++++++
 fittrackee/federation/webfinger.py  |  39 ++++++++
 3 files changed, 248 insertions(+)

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 4bd227694..d1cfed513 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -26,6 +26,54 @@
 )
 @federation_required
 def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
+    """
+    Get a local actor
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /federation/user/admin HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "@context": [
+          "https://www.w3.org/ns/activitystreams",
+          "https://w3id.org/security/v1"
+        ],
+        "id": "https://example.com/federation/user/Sam",
+        "type": "Person",
+        "preferredUsername": "Sam",
+        "name": "Sam",
+        "inbox": "https://example.com/federation/user/Sam/inbox",
+        "outbox": "https://example.com/federation/user/Sam/outbox",
+        "followers": "https://example.com/federation/user/Sam/followers",
+        "following": "https://example.com/federation/user/Sam/following",
+        "manuallyApprovesFollowers": true,
+        "publicKey": {
+          "id": "https://example.com/federation/user/Sam#main-key",
+          "owner": "https://example.com/federation/user/Sam",
+          "publicKeyPem": "-----BEGIN PUBLIC KEY---(...)---END PUBLIC KEY-----"
+        },
+        "endpoints": {
+          "sharedInbox": "https://example.com/federation/inbox"
+        }
+      }
+
+    :param string preferred_username: actor preferred username
+
+    :statuscode 200: success
+    :statuscode 403: error, federation is disabled for this instance
+    :statuscode 404: user does not exist
+
+    """
     actor = Actor.query.filter_by(
         preferred_username=preferred_username,
         domain_id=app_domain.id,
@@ -45,6 +93,67 @@ def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
 def remote_actor(
     app_domain: Domain, auth_user: User
 ) -> Union[Dict, HttpResponse]:
+    """
+    Add a remote actor to local instance if it does not exist.
+    Otherwise it updates it.
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      POST /federation/remote_user HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "@context": [
+          "https://www.w3.org/ns/activitystreams",
+          "https://w3id.org/security/v1"
+        ],
+        "id": "https://remote-instance.social/user/Sam",
+        "type": "Person",
+        "preferredUsername": "Sam",
+        "name": "Sam",
+        "inbox": "https://remote-instance.social/user/Sam/inbox",
+        "outbox": "https://remote-instance.social/user/Sam/outbox",
+        "followers": "https://remote-instance.social/user/Sam/followers",
+        "following": "https://remote-instance.social/user/Sam/following",
+        "manuallyApprovesFollowers": true,
+        "publicKey": {
+          "id": "https://remote-instance.social/user/Sam#main-key",
+          "owner": "https://remote-instance.social/user/Sam",
+          "publicKeyPem": "-----BEGIN PUBLIC KEY---(...)---END PUBLIC KEY-----"
+        },
+        "endpoints": {
+          "sharedInbox": "https://remote-instance.social/inbox"
+        }
+      }
+
+    :param integer auth_user_id: authenticate user id (from JSON Web Token)
+
+    :<json string actor_url: remote actor activitypub id
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 400:
+      - invalid payload
+      - The provided account is not a remote account.
+      - Can not fetch remote actor.
+      - Invalid remote actor object.
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 403: error, federation is disabled for this instance
+
+    """
     remote_actor_url = (
         request.get_json(silent=True).get('actor_url')  # type: ignore
         if request.get_json(silent=True) is not None
@@ -121,4 +230,35 @@ def remote_actor(
 def user_inbox(
     app_domain: Domain, preferred_username: str
 ) -> Union[Dict, HttpResponse]:
+    """
+    Post an activity to user inbox
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      POST /federation/user/Sam/inbox HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success"
+      }
+
+    :param string preferred_username: actor preferred username
+
+    :<json json activity: activity
+
+    :statuscode 200: success
+    :statuscode 400: invalid payload
+    :statuscode 403: error, federation is disabled for this instance
+    :statuscode 404: user does not exist
+
+    """
     return inbox(request, app_domain, preferred_username)
diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
index 90c075017..b9c32af21 100644
--- a/fittrackee/federation/nodeinfo.py
+++ b/fittrackee/federation/nodeinfo.py
@@ -13,6 +13,36 @@
 @ap_nodeinfo_blueprint.route('/.well-known/nodeinfo', methods=['GET'])
 @federation_required
 def get_nodeinfo_url(app_domain: Domain) -> HttpResponse:
+    """
+    Get node info links
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /.well-known/nodeinfo HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json; charset=utf-8
+
+      {
+        "links": [
+          {
+            "rel": "http://nodeinfo.diaspora.software/ns/schema/2.0",
+            "href": "https://example.com/nodeinfo/2.0"
+          }
+        ]
+      }
+
+    :statuscode 200: success
+    :statuscode 403: error, federation is disabled for this instance
+
+    """
     nodeinfo_url = f'https://{app_domain.name}/nodeinfo/2.0'
     response = {
         'links': [
@@ -30,6 +60,45 @@ def get_nodeinfo_url(app_domain: Domain) -> HttpResponse:
 @ap_nodeinfo_blueprint.route('/nodeinfo/2.0', methods=['GET'])
 @federation_required
 def get_nodeinfo(app_domain: Domain) -> HttpResponse:
+    """
+    Get node infos
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /nodeinfo/2.0 HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json; charset=utf-8
+
+      {
+        "version": "2.0",
+        "software": {
+          "name": "fittrackee",
+          "version": "0.4.8"
+        },
+        "protocols": [
+          "activitypub"
+        ],
+        "usage": {
+          "users": {
+            "total": 10
+          },
+          "localWorkouts": 35
+        },
+        "openRegistrations": true
+      }
+
+    :statuscode 200: success
+    :statuscode 403: error, federation is disabled for this instance
+
+    """
     # TODO : add 'activeHalfyear' and 'activeMonth' for users
     workouts_count = Workout.query.filter().count()
     users_count = User.query.filter().count()
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index 99789ae3e..ace9b7016 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -15,6 +15,45 @@
 @ap_webfinger_blueprint.route('/webfinger', methods=['GET'])
 @federation_required
 def webfinger(app_domain: Domain) -> HttpResponse:
+    """
+    Get account links
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /.well-known/webfinger?resource=acct:Sam@example.com HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "subject": "acct:Sam@example.com",
+        "links": [
+          {
+            "href": "https://example.com/federation/user/Sam",
+            "rel": "self",
+            "type": "application/activity+json"
+          }
+        ]
+      }
+
+    :query string acct: user account
+
+
+    :statuscode 200: success
+    :statuscode 400:
+      - Missing resource in request args.
+      - Invalid resource.
+    :statuscode 403: error, federation is disabled for this instance
+    :statuscode 404: user does not exist
+
+    """
     resource = request.args.get('resource')
     if not resource or not resource.startswith('acct:'):
         return InvalidPayloadErrorResponse('Missing resource in request args.')

From 0c6bde3c4b12017f9ca15ab93f2a08b9983bcb02 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 11 Jul 2021 13:10:32 +0200
Subject: [PATCH 033/238] API - generate keys on actor creation

---
 fittrackee/federation/models.py                            | 1 +
 .../federation/federation/test_federation_signature.py     | 7 -------
 fittrackee/tests/federation/federation/test_users_inbox.py | 1 -
 fittrackee/users/models.py                                 | 1 -
 4 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 50090e82f..1026de46b 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -103,6 +103,7 @@ def __init__(
             self.shared_inbox_url = get_ap_url(
                 preferred_username, 'shared_inbox'
             )
+            self.generate_keys()
 
     def generate_keys(self) -> None:
         self.public_key, self.private_key = generate_keys()
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 1d8048e08..3f06f1037 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -364,7 +364,6 @@ class TestSignatureVerify(SignatureVerificationTestCase):
     def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
         self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
     ) -> None:
-        actor_1.generate_keys()
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_valid_headers(
@@ -389,7 +388,6 @@ def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
     def test_verify_raises_error_if_header_date_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        actor_1.generate_keys()
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -416,7 +414,6 @@ def test_verify_raises_error_if_header_date_is_invalid(
     def test_verify_raises_error_if_public_key_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        actor_1.generate_keys()
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -439,7 +436,6 @@ def test_verify_raises_error_if_public_key_is_invalid(
     def test_verify_raises_error_if_algorithm_is_not_supported(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        actor_1.generate_keys()
         algorithm = random_string()
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
@@ -468,7 +464,6 @@ def test_verify_raises_error_if_algorithm_is_not_supported(
     def test_verify_raises_error_if_http_digest_is_invalid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        actor_1.generate_keys()
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_headers(
@@ -495,7 +490,6 @@ def test_verify_raises_error_if_http_digest_is_invalid(
     def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        actor_1.generate_keys()
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -523,7 +517,6 @@ def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
     def test_verify_does_not_raise_error_if_signature_is_valid(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        actor_1.generate_keys()
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
diff --git a/fittrackee/tests/federation/federation/test_users_inbox.py b/fittrackee/tests/federation/federation/test_users_inbox.py
index 875191b9a..cddef61b0 100644
--- a/fittrackee/tests/federation/federation/test_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_users_inbox.py
@@ -29,7 +29,6 @@ class TestUserInbox(ApiTestCaseMixin):
     def post_to_user_inbox(
         app_with_federation: Flask, actor_1: Actor, actor_2: Actor
     ) -> Tuple[Dict, TestResponse]:
-        actor_2.generate_keys()
         host = random_domain()
         date_str = get_date_string()
         client = app_with_federation.test_client()
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 3ee2744b7..e484cdeaf 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -258,7 +258,6 @@ def create_actor(self) -> None:
         db.session.add(actor)
         db.session.flush()
         self.actor_id = actor.id
-        actor.generate_keys()
         db.session.commit()
 
     def serialize(self) -> Dict:

From a2f45887107ed10c5e17bd9e990e1aa2031cdb42 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:11:38 +0100
Subject: [PATCH 034/238] API - update nodeinfo endpoint

---
 fittrackee/federation/nodeinfo.py             |  6 +--
 .../federation/test_federation_nodeinfo.py    | 53 +++++++++++++++++++
 2 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
index b9c32af21..ab9b2184c 100644
--- a/fittrackee/federation/nodeinfo.py
+++ b/fittrackee/federation/nodeinfo.py
@@ -1,7 +1,7 @@
 from flask import Blueprint, current_app
 
+from fittrackee.federation.models import Actor
 from fittrackee.responses import HttpResponse
-from fittrackee.users.models import User
 from fittrackee.workouts.models import Workout
 
 from .decorators import federation_required
@@ -101,7 +101,7 @@ def get_nodeinfo(app_domain: Domain) -> HttpResponse:
     """
     # TODO : add 'activeHalfyear' and 'activeMonth' for users
     workouts_count = Workout.query.filter().count()
-    users_count = User.query.filter().count()
+    actor_count = Actor.query.filter_by(domain_id=app_domain.id).count()
     response = {
         'version': '2.0',
         'software': {
@@ -110,7 +110,7 @@ def get_nodeinfo(app_domain: Domain) -> HttpResponse:
         },
         'protocols': ['activitypub'],
         'usage': {
-            'users': {'total': users_count},
+            'users': {'total': actor_count},
             'localWorkouts': workouts_count,
         },
         'openRegistrations': current_app.config['is_registration_enabled'],
diff --git a/fittrackee/tests/federation/federation/test_federation_nodeinfo.py b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
index aeb48f845..bb6c850d9 100644
--- a/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
+++ b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
@@ -4,6 +4,7 @@
 
 from fittrackee import VERSION
 from fittrackee.federation.models import Actor
+from fittrackee.workouts.models import Sport, Workout
 
 
 class TestWellKnowNodeInfo:
@@ -102,3 +103,55 @@ def test_it_returns_instance_nodeinfo_if_federation_is_enabled(
             'usage': {'users': {'total': 1}, 'localWorkouts': 0},
             'openRegistrations': True,
         }
+
+    def test_it_displays_workouts_count(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client = app_with_federation.test_client()
+        response = client.get(
+            '/nodeinfo/2.0',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['usage']['localWorkouts'] == 1
+
+    def test_only_local_actors_are_counted(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        client = app_with_federation.test_client()
+        response = client.get(
+            '/nodeinfo/2.0',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+
+        assert data['usage']['users']['total'] == 1
+
+    def test_it_displays_if_registration_is_disabled(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        app_with_federation.config['is_registration_enabled'] = False
+        client = app_with_federation.test_client()
+        response = client.get(
+            '/nodeinfo/2.0',
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['openRegistrations'] is False

From b0de9370613e0866db57d81dcaf23a41bb1c8469 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:12:22 +0100
Subject: [PATCH 035/238] API - minor test fix after rebase

---
 fittrackee/tests/conftest.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fittrackee/tests/conftest.py b/fittrackee/tests/conftest.py
index ae34cb95d..a36ba6d9f 100644
--- a/fittrackee/tests/conftest.py
+++ b/fittrackee/tests/conftest.py
@@ -2,8 +2,6 @@
 
 os.environ['FLASK_ENV'] = 'testing'
 os.environ['APP_SETTINGS'] = 'fittrackee.config.TestingConfig'
-os.environ['UI_URL'] = 'https://0.0.0.0:5000'
-os.environ['SENDER_EMAIL'] = 'fittrackee@example.com'
 # to avoid resetting dev database during tests
 os.environ['DATABASE_URL'] = os.environ['DATABASE_TEST_URL']
 

From 217a6ff67c66f3703ae12dee14846673d8616a41 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 17 Jul 2021 17:30:51 +0200
Subject: [PATCH 036/238] API - signature refacto

---
 fittrackee/federation/inbox.py                |  8 ++---
 fittrackee/federation/signature.py            | 24 ++++++++-------
 .../test_federation_remote_inbox.py           | 30 +++++++++----------
 .../federation/test_federation_signature.py   | 26 ++++++++--------
 .../federation/federation/test_users_inbox.py |  9 ++++--
 5 files changed, 53 insertions(+), 44 deletions(-)

diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index d0fa75c30..1e8c53d1e 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -19,8 +19,8 @@
 from .signature import (
     VALID_DATE_FORMAT,
     SignatureVerification,
-    get_digest,
-    get_signature_header,
+    generate_digest,
+    generate_signature_header,
 )
 from .tasks.activity import handle_activity
 from .utils import is_invalid_activity_data
@@ -58,8 +58,8 @@ def send_to_remote_user_inbox(
 ) -> None:
     now_str = datetime.utcnow().strftime(VALID_DATE_FORMAT)
     parsed_inbox_url = urlparse(recipient_inbox_url)
-    digest = get_digest(activity)
-    signed_header = get_signature_header(
+    digest = generate_digest(activity)
+    signed_header = generate_signature_header(
         host=parsed_inbox_url.netloc,
         path=parsed_inbox_url.path,
         date_str=now_str,
diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index 0b649b549..f643fc825 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -1,3 +1,7 @@
+"""
+inspired by bookwyrm signatures.py
+https://github.com/bookwyrm-social/bookwyrm
+"""
 import base64
 import hashlib
 import json
@@ -25,7 +29,7 @@
 DEFAULT_ALGORITHM = 'rsa-sha256'
 
 
-def get_digest(activity: Dict, algorithm: Optional[str] = None) -> str:
+def generate_digest(activity: Dict, algorithm: Optional[str] = None) -> str:
     algorithm_dict = SUPPORTED_ALGORITHMS[
         DEFAULT_ALGORITHM if algorithm is None else algorithm
     ]
@@ -37,7 +41,7 @@ def get_digest(activity: Dict, algorithm: Optional[str] = None) -> str:
     return f"{algorithm_dict['algorithm']}={digest}"
 
 
-def get_signature_header(
+def generate_signature_header(
     host: str, path: str, date_str: str, actor: Actor, digest: str
 ) -> str:
     signed_string = (
@@ -51,7 +55,7 @@ def get_signature_header(
     signature = base64.b64encode(key_signer.sign(h))
     return (
         f'keyId="{actor.activitypub_id}",'
-        'algorithm=rsa-sha256,'
+        f'algorithm={DEFAULT_ALGORITHM},'
         'headers="(request-target) host date digest",'
         f'signature="' + signature.decode() + '"'
     )
@@ -115,13 +119,13 @@ def is_date_invalid(self) -> bool:
         delta = datetime.utcnow() - date
         return delta.total_seconds() > VALID_DATE_DELTA
 
-    def raise_error(self, error: str) -> None:
+    def log_and_raise_error(self, error: str) -> None:
         appLog.error(f'Invalid signature: {error} (host: {self.host}).')
         raise InvalidSignatureException(error)
 
     def verify_digest(self) -> None:
         if self.algorithm not in SUPPORTED_ALGORITHMS.keys():
-            self.raise_error('unsupported algorithm')
+            self.log_and_raise_error('unsupported algorithm')
         expected_algorithm = SUPPORTED_ALGORITHMS[self.algorithm]['algorithm']
         hash_function = SUPPORTED_ALGORITHMS[self.algorithm]['hash_function']
 
@@ -137,7 +141,7 @@ def verify_digest(self) -> None:
             if base64.b64decode(digest) != expected:
                 raise Exception()
         except Exception:
-            self.raise_error('invalid HTTP digest')
+            self.log_and_raise_error('invalid HTTP digest')
 
     def header_actor_is_payload_actor(self) -> bool:
         activity = json.loads(self.request.data.decode())
@@ -145,14 +149,14 @@ def header_actor_is_payload_actor(self) -> bool:
 
     def verify(self) -> None:
         if not self.header_actor_is_payload_actor():
-            self.raise_error('invalid actor')
+            self.log_and_raise_error('invalid actor')
 
         public_key = self.get_actor_public_key()
         if not public_key:
-            self.raise_error('invalid public key')
+            self.log_and_raise_error('invalid public key')
 
         if self.is_date_invalid():
-            self.raise_error('invalid date header')
+            self.log_and_raise_error('invalid date header')
 
         comparison = []
         for headers_part in self.headers.split(' '):
@@ -178,4 +182,4 @@ def verify(self) -> None:
         try:
             signer.verify(digest, self.signature)
         except ValueError:
-            self.raise_error('verification failed')
+            self.log_and_raise_error('verification failed')
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
index 78e9ababf..358817bff 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -15,14 +15,14 @@
 
 
 class TestSendToRemoteInbox(BaseTestMixin):
-    @patch('fittrackee.federation.inbox.get_digest')
-    @patch('fittrackee.federation.inbox.get_signature_header')
+    @patch('fittrackee.federation.inbox.generate_digest')
+    @patch('fittrackee.federation.inbox.generate_signature_header')
     @patch('fittrackee.federation.inbox.requests')
-    def test_it_calls_get_signature_header(
+    def test_it_calls_generate_signature_header(
         self,
         requests_mock: Mock,
-        get_signature_header_mock: Mock,
-        get_digest_mock: Mock,
+        generate_signature_header_mock: Mock,
+        generate_digest_mock: Mock,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
@@ -31,7 +31,7 @@ def test_it_calls_get_signature_header(
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
         digest = random_string()
-        get_digest_mock.return_value = digest
+        generate_digest_mock.return_value = digest
 
         with freeze_time(now):
             send_to_remote_user_inbox(
@@ -40,7 +40,7 @@ def test_it_calls_get_signature_header(
                 recipient_inbox_url=remote_actor.inbox_url,
             )
 
-        get_signature_header_mock.assert_called_with(
+        generate_signature_header_mock.assert_called_with(
             host=parsed_inbox_url.netloc,
             path=parsed_inbox_url.path,
             date_str=get_date_string(now),
@@ -48,14 +48,14 @@ def test_it_calls_get_signature_header(
             digest=digest,
         )
 
-    @patch('fittrackee.federation.inbox.get_digest')
-    @patch('fittrackee.federation.inbox.get_signature_header')
+    @patch('fittrackee.federation.inbox.generate_digest')
+    @patch('fittrackee.federation.inbox.generate_signature_header')
     @patch('fittrackee.federation.inbox.requests')
     def test_it_calls_requests_post(
         self,
         requests_mock: Mock,
-        get_signature_header_mock: Mock,
-        get_digest_mock: Mock,
+        generate_signature_header_mock: Mock,
+        generate_digest_mock: Mock,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
@@ -65,9 +65,9 @@ def test_it_calls_requests_post(
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
         signed_header = random_string()
-        get_signature_header_mock.return_value = signed_header
+        generate_signature_header_mock.return_value = signed_header
         digest = random_string()
-        get_digest_mock.return_value = digest
+        generate_digest_mock.return_value = digest
 
         with freeze_time(now):
             send_to_remote_user_inbox(
@@ -88,12 +88,12 @@ def test_it_calls_requests_post(
             },
         )
 
-    @patch('fittrackee.federation.inbox.get_signature_header')
+    @patch('fittrackee.federation.inbox.generate_signature_header')
     @patch('fittrackee.federation.inbox.requests')
     def test_it_logs_error_if_remote_inbox_returns_error(
         self,
         requests_mock: Mock,
-        get_signature_header_mock: Mock,
+        generate_signature_header_mock: Mock,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 3f06f1037..652e749e7 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -15,8 +15,8 @@
     VALID_DATE_DELTA,
     VALID_DATE_FORMAT,
     SignatureVerification,
-    get_digest,
-    get_signature_header,
+    generate_digest,
+    generate_signature_header,
 )
 
 from ...utils import generate_response, get_date_string, random_string
@@ -30,12 +30,14 @@
 }
 
 
-class TestGetDigest:
+class TestGenerateDigest:
     def test_it_returns_digest_with_default_algorithm(self) -> None:
-        assert get_digest(TEST_ACTIVITY).startswith('SHA-256=')
+        assert generate_digest(TEST_ACTIVITY).startswith('SHA-256=')
 
     def test_it_returns_digest_with_given_algorithm(self) -> None:
-        assert get_digest(TEST_ACTIVITY, 'rsa-sha512').startswith('SHA-512=')
+        assert generate_digest(TEST_ACTIVITY, 'rsa-sha512').startswith(
+            'SHA-512='
+        )
 
 
 class SignatureVerificationTestCase:
@@ -81,8 +83,8 @@ def generate_valid_headers(
         if date_str is None:
             now = datetime.utcnow()
             date_str = now.strftime(VALID_DATE_FORMAT)
-        digest = get_digest(activity)
-        signed_header = get_signature_header(
+        digest = generate_digest(activity)
+        signed_header = generate_signature_header(
             host, '/inbox', date_str, actor, digest
         )
         return self.generate_headers(
@@ -168,7 +170,7 @@ def test_it_instantiates_signature_verification(self) -> None:
         )
         date_str = get_date_string()
         activity = {'foo': 'bar'}
-        digest = get_digest(activity)
+        digest = generate_digest(activity)
         valid_request_mock = self.get_request_mock(
             headers={
                 'Host': random_string(),
@@ -301,11 +303,11 @@ class TestSignatureDigestVerification(SignatureVerificationTestCase):
             ),
             (
                 'mismatched digest (different data)',
-                get_digest({"foo": "bar"}),
+                generate_digest({"foo": "bar"}),
             ),
             (
                 'mismatched digest (different algo)',
-                get_digest(TEST_ACTIVITY, algorithm='rsa-sha512'),
+                generate_digest(TEST_ACTIVITY, algorithm='rsa-sha512'),
             ),
         ],
     )
@@ -351,7 +353,7 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
                     host=app_with_federation.config['AP_DOMAIN'],
                     date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
                     algorithm=input_algorithm,
-                    digest=get_digest(activity, input_algorithm),
+                    digest=generate_digest(activity, input_algorithm),
                 ),
                 data=activity,
             )
@@ -445,7 +447,7 @@ def test_verify_raises_error_if_algorithm_is_not_supported(
                     key_id=actor_1.activitypub_id,
                     date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
                     algorithm=algorithm,
-                    digest=get_digest(activity),
+                    digest=generate_digest(activity),
                 ),
                 data=activity,
             )
diff --git a/fittrackee/tests/federation/federation/test_users_inbox.py b/fittrackee/tests/federation/federation/test_users_inbox.py
index cddef61b0..5d5ecbaf5 100644
--- a/fittrackee/tests/federation/federation/test_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_users_inbox.py
@@ -10,7 +10,10 @@
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.models import Actor
-from fittrackee.federation.signature import get_digest, get_signature_header
+from fittrackee.federation.signature import (
+    generate_digest,
+    generate_signature_header,
+)
 
 from ...test_case_mixins import ApiTestCaseMixin
 from ...utils import (
@@ -40,7 +43,7 @@ def post_to_user_inbox(
             'actor': actor_2.activitypub_id,
             'object': actor_1.activitypub_id,
         }
-        digest = get_digest(follow_activity)
+        digest = generate_digest(follow_activity)
 
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
@@ -55,7 +58,7 @@ def post_to_user_inbox(
                     'Host': host,
                     'Date': date_str,
                     'Digest': digest,
-                    'Signature': get_signature_header(
+                    'Signature': generate_signature_header(
                         host=host,
                         path=inbox_path,
                         date_str=date_str,

From 42ec118364881fb6b5a61f63ca6003ca8c64b3f5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:14:12 +0100
Subject: [PATCH 037/238] API - verify signature without digest

---
 fittrackee/federation/signature.py            | 22 +++---
 .../federation/test_federation_signature.py   | 71 +++++++++++++++++--
 2 files changed, 80 insertions(+), 13 deletions(-)

diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index f643fc825..696932bb9 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -21,7 +21,7 @@
 
 VALID_DATE_DELTA = 30  # in seconds
 VALID_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
-VALID_SIG_KEYS = ['keyId', 'algorithm', 'headers', 'signature']
+VALID_SIG_KEYS = ['keyId', 'headers', 'signature']
 SUPPORTED_ALGORITHMS = {
     'rsa-sha256': {'algorithm': 'SHA-256', 'hash_function': hashlib.sha256},
     'rsa-sha512': {'algorithm': 'SHA-512', 'hash_function': hashlib.sha512},
@@ -41,6 +41,14 @@ def generate_digest(activity: Dict, algorithm: Optional[str] = None) -> str:
     return f"{algorithm_dict['algorithm']}={digest}"
 
 
+def generate_signature(private_key: str, signed_string: str) -> bytes:
+    key = RSA.import_key(private_key)
+    key_signer = pkcs1_15.new(key)
+    encoded_string = signed_string.encode('utf-8')
+    h = SHA256.new(encoded_string)
+    return base64.b64encode(key_signer.sign(h))
+
+
 def generate_signature_header(
     host: str, path: str, date_str: str, actor: Actor, digest: str
 ) -> str:
@@ -48,11 +56,7 @@ def generate_signature_header(
         f'(request-target): post {path}\nhost: {host}\ndate: {date_str}\n'
         f'digest: {digest}'
     )
-    key = RSA.import_key(actor.private_key)
-    key_signer = pkcs1_15.new(key)
-    encoded_string = signed_string.encode('utf-8')
-    h = SHA256.new(encoded_string)
-    signature = base64.b64encode(key_signer.sign(h))
+    signature = generate_signature(actor.private_key, signed_string)
     return (
         f'keyId="{actor.activitypub_id}",'
         f'algorithm={DEFAULT_ALGORITHM},'
@@ -69,7 +73,7 @@ def __init__(self, request: Request, signature_dict: Dict):
         self.key_id = signature_dict['keyId']
         self.headers = signature_dict['headers']
         self.signature = base64.b64decode(signature_dict['signature'])
-        self.algorithm = signature_dict['algorithm']
+        self.algorithm = signature_dict.get('algorithm', DEFAULT_ALGORITHM)
         self.digest = request.headers.get('Digest')
 
     @classmethod
@@ -86,9 +90,9 @@ def get_signature(cls, request: Request) -> 'SignatureVerification':
             raise InvalidSignatureException()
 
         keys_list = list(signature_dict.keys())
-        if keys_list != VALID_SIG_KEYS:
+        if not all(key in keys_list for key in VALID_SIG_KEYS):
             appLog.error(
-                'Invalid signature headers: invalid keys, expected: '
+                'Invalid signature headers: missing keys, expected: '
                 f'{VALID_SIG_KEYS}, got: {keys_list} '
                 f'(host: {host}).'
             )
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 652e749e7..34c09b22a 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -16,6 +16,7 @@
     VALID_DATE_FORMAT,
     SignatureVerification,
     generate_digest,
+    generate_signature,
     generate_signature_header,
 )
 
@@ -57,21 +58,30 @@ def generate_headers(
     ) -> Dict:
         key_id = key_id if key_id else random_string()
         signature = signature if signature else self.random_signature()
-        algorithm = algorithm if algorithm else random_string()
+        signature_headers = f'keyId="{key_id}",'
+        if algorithm is not None:
+            signature_headers += f'algorithm={algorithm},'
+            digest = digest if digest else random_string()
+        signature_headers += (
+            'headers="(request-target) host date digest",signature="'
+            + signature
+            + '"'
+        )
         signature_headers = (
             f'keyId="{key_id}",algorithm={algorithm},headers="(request-target)'
             f' host date digest",signature="' + signature + '"'
         )
-        digest = digest if digest else random_string()
         if date_str is None:
             date_str = get_date_string(date)
-        return {
+        headers = {
             'Host': host if host else random_string(),
             'Date': date_str,
-            'Digest': digest,
             'Signature': signature_headers,
             'Content-Type': 'application/ld+json',
         }
+        if digest:
+            headers['Digest'] = digest
+        return headers
 
     def generate_valid_headers(
         self,
@@ -96,6 +106,39 @@ def generate_valid_headers(
             digest=digest,
         )
 
+    @staticmethod
+    def _generate_signature_header_without_digest(
+        host: str, path: str, date_str: str, actor: Actor
+    ) -> str:
+        signed_string = (
+            f'(request-target): post {path}\nhost: {host}\ndate: {date_str}'
+        )
+        signature = generate_signature(actor.private_key, signed_string)
+        return (
+            f'keyId="{actor.activitypub_id}",'
+            'headers="(request-target) host date",'
+            f'signature="' + signature.decode() + '"'
+        )
+
+    def generate_valid_headers_without_digest(
+        self,
+        host: str,
+        actor: Actor,
+        date_str: Optional[str] = None,
+    ) -> Dict:
+        if date_str is None:
+            now = datetime.utcnow()
+            date_str = now.strftime(VALID_DATE_FORMAT)
+        signed_header = self._generate_signature_header_without_digest(
+            host, '/inbox', date_str, actor
+        )
+        return self.generate_headers(
+            key_id=actor.activitypub_id,
+            signature=signed_header,
+            date_str=date_str,
+            host=host,
+        )
+
     @staticmethod
     def get_request_mock(
         headers: Optional[Dict] = None, data: Optional[Dict] = None
@@ -537,3 +580,23 @@ def test_verify_does_not_raise_error_if_signature_is_valid(
             )
 
             sig_verification.verify()
+
+    def test_verify_does_not_raise_error_if_signature_without_digest_is_valid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        activity = self.get_activity(actor=actor_1)
+        sig_verification = SignatureVerification.get_signature(
+            self.get_request_mock(
+                self.generate_valid_headers_without_digest(
+                    host=app_with_federation.config['AP_DOMAIN'], actor=actor_1
+                ),
+                data=activity,
+            )
+        )
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor_1.serialize(),
+            )
+
+            sig_verification.verify()

From d67d3961006096ba31873fdf5dce124f077c6d48 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 18 Jul 2021 11:21:45 +0200
Subject: [PATCH 038/238] API - fix signature actor verification

---
 fittrackee/federation/signature.py                            | 4 ++--
 .../tests/federation/federation/test_federation_signature.py  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index 696932bb9..bcddb79f4 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -58,7 +58,7 @@ def generate_signature_header(
     )
     signature = generate_signature(actor.private_key, signed_string)
     return (
-        f'keyId="{actor.activitypub_id}",'
+        f'keyId="{actor.activitypub_id}#main-key",'
         f'algorithm={DEFAULT_ALGORITHM},'
         'headers="(request-target) host date digest",'
         f'signature="' + signature.decode() + '"'
@@ -149,7 +149,7 @@ def verify_digest(self) -> None:
 
     def header_actor_is_payload_actor(self) -> bool:
         activity = json.loads(self.request.data.decode())
-        return self.key_id == activity.get('actor')
+        return self.key_id.replace('#main-key', '') == activity.get('actor')
 
     def verify(self) -> None:
         if not self.header_actor_is_payload_actor():
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 34c09b22a..5f146e3f0 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -115,7 +115,7 @@ def _generate_signature_header_without_digest(
         )
         signature = generate_signature(actor.private_key, signed_string)
         return (
-            f'keyId="{actor.activitypub_id}",'
+            f'keyId="{actor.activitypub_id}#main-key",'
             'headers="(request-target) host date",'
             f'signature="' + signature.decode() + '"'
         )

From edae36bd1011d8ce30346ba17dd70c2fb8fea64c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 18 Jul 2021 12:12:32 +0200
Subject: [PATCH 039/238] API - minor refacto

---
 fittrackee/federation/models.py                 |  6 ++++++
 fittrackee/federation/webfinger.py              |  2 +-
 .../federation/test_federation_models.py        | 16 ++++++++++++++++
 .../federation/test_federation_webfinger.py     | 17 +++++------------
 4 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 1026de46b..d89e8bd09 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -118,6 +118,12 @@ def name(self) -> Optional[str]:
             return self.user.username
         return None
 
+    @property
+    def fullname(self) -> Optional[str]:
+        if self.type == ActorType.PERSON:
+            return f'{self.preferred_username}@{self.domain.name}'
+        return None
+
     def update_remote_data(self, remote_user_data: Dict) -> None:
         self.activitypub_id = remote_user_data['id']
         self.type = ActorType(remote_user_data['type'])
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index ace9b7016..5802d87af 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -73,7 +73,7 @@ def webfinger(app_domain: Domain) -> HttpResponse:
         return UserNotFoundErrorResponse()
 
     response = {
-        'subject': f'acct:{actor.preferred_username}@{actor.domain.name}',
+        'subject': f'acct:{actor.fullname}',
         'links': [
             {
                 'href': actor.activitypub_id,
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index f5e079fbf..27265b9c5 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -70,6 +70,14 @@ def test_actor_is_local(
     ) -> None:
         assert not actor_1.is_remote
 
+    def test_it_returns_fullname(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        assert (
+            actor_1.fullname
+            == f'{actor_1.preferred_username}@{actor_1.domain.name}'
+        )
+
     def test_it_returns_serialized_object(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
@@ -127,6 +135,14 @@ def test_actor_is_remote(
     ) -> None:
         assert remote_actor.is_remote
 
+    def test_it_returns_fullname(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        assert (
+            actor_1.fullname
+            == f'{actor_1.preferred_username}@{actor_1.domain.name}'
+        )
+
     def test_it_returns_serialized_object(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_webfinger.py b/fittrackee/tests/federation/federation/test_federation_webfinger.py
index b897ad7b1..34a1cbf03 100644
--- a/fittrackee/tests/federation/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/federation/test_federation_webfinger.py
@@ -84,8 +84,7 @@ def test_it_returns_json_resource_descriptor_as_content_type(
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
-            '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain.name}',
+            '/.well-known/webfinger?resource=acct:' f'{actor_1.fullname}',
             content_type='application/json',
         )
 
@@ -97,25 +96,20 @@ def test_it_returns_subject_with_user_data(
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
-            '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain.name}',
+            '/.well-known/webfinger?resource=acct:' f'{actor_1.fullname}',
             content_type='application/json',
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
-        assert (
-            f'acct:{actor_1.preferred_username}@{actor_1.domain.name}'
-            in data['subject']
-        )
+        assert f'acct:{actor_1.fullname}' in data['subject']
 
     def test_it_returns_user_links(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
-            '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{actor_1.domain.name}',
+            '/.well-known/webfinger?resource=acct:' f'{actor_1.fullname}',
             content_type='application/json',
         )
 
@@ -132,8 +126,7 @@ def test_it_returns_error_if_federation_is_disabled(
     ) -> None:
         client = app.test_client()
         response = client.get(
-            '/.well-known/webfinger?resource=acct:'
-            f'{app_actor.preferred_username}@{app_actor.domain.name}',
+            '/.well-known/webfinger?resource=acct:' f'{app_actor.fullname}',
             content_type='application/json',
         )
 

From 1c38570f4de4de66169ee89d576713a2e6fa5c77 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:16:00 +0100
Subject: [PATCH 040/238] API - test refacto

---
 fittrackee/federation/utils.py                |   5 -
 .../federation/test_federation_activities.py  |  74 ++++-----
 .../federation/test_federation_federation.py  | 154 ++++++------------
 .../federation/federation/test_remote_user.py |  18 +-
 .../federation/users/test_users_follow_api.py |  45 +++--
 .../federation/users/test_users_model.py      |   5 +-
 .../tests/fixtures/fixtures_federation.py     |  20 ++-
 fittrackee/tests/utils.py                     |  94 ++++++-----
 fittrackee/users/models.py                    |   6 +-
 9 files changed, 185 insertions(+), 236 deletions(-)

diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 1ef8636f1..6b56df2ab 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,7 +1,6 @@
 import re
 from importlib import import_module
 from typing import Callable, Dict, Optional, Tuple
-from uuid import uuid4
 
 from Crypto.PublicKey import RSA
 from flask import current_app
@@ -47,10 +46,6 @@ def remove_url_scheme(url: str) -> str:
     return re.sub(r'https?://', '', url)
 
 
-def generate_activity_id() -> str:
-    return f"{current_app.config['UI_URL']}/{uuid4()}"
-
-
 def get_username_and_domain(full_name: str) -> Optional[re.Match]:
     full_name_pattern = r'([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
     return re.match(full_name_pattern, full_name)
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index 91211b771..9a0685146 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -1,3 +1,5 @@
+from typing import Dict, Optional, Union
+
 import pytest
 from flask import Flask
 
@@ -8,14 +10,11 @@
     UnsupportedActivityException,
 )
 from fittrackee.federation.models import Actor
-from fittrackee.federation.utils import (
-    generate_activity_id,
-    get_activity_instance,
-)
+from fittrackee.federation.utils import get_activity_instance
 from fittrackee.users.exceptions import FollowRequestAlreadyRejectedError
 from fittrackee.users.models import FollowRequest
 
-from ...utils import random_domain_with_scheme, random_string
+from ...utils import RandomActor, random_string
 
 SUPPORTED_ACTIVITIES = [(f'{a.value} activity', a.value) for a in ActivityType]
 
@@ -37,17 +36,28 @@ def test_it_raises_exception_if_activity_type_is_invalid(self) -> None:
 
 
 class TestFollowActivity:
-    def test_it_raises_error_if_target_actor_does_not_exists(
-        self, app_with_federation: Flask, remote_actor: Actor
-    ) -> None:
-        follow_activity = {
+    @staticmethod
+    def generate_follow_activity(
+        actor_id: Optional[str] = None,
+        object_actor: Optional[Union[Actor, RandomActor]] = None,
+    ) -> Dict:
+        if object_actor is None:
+            object_actor = RandomActor()
+        return {
             '@context': AP_CTX,
-            'id': generate_activity_id(),
+            'id': f'{actor_id}#follow/{object_actor.fullname}',
             'type': ActivityType.FOLLOW.value,
-            'actor': remote_actor.activitypub_id,
-            'object': f'{random_domain_with_scheme}/users/{random_string()}',
+            'actor': actor_id if actor_id else RandomActor().activitypub_id,
+            'object': object_actor.activitypub_id,
         }
 
+    def test_it_raises_error_if_target_actor_does_not_exists(
+        self, app_with_federation: Flask, remote_actor: Actor
+    ) -> None:
+        follow_activity = self.generate_follow_activity(
+            actor_id=remote_actor.activitypub_id
+        )
+
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
@@ -61,13 +71,7 @@ def test_it_raises_error_if_target_actor_does_not_exists(
     def test_it_raises_error_if_remote_actor_does_not_exists(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        follow_activity = {
-            '@context': AP_CTX,
-            'id': generate_activity_id(),
-            'type': ActivityType.FOLLOW.value,
-            'actor': f'{random_domain_with_scheme}/users/{random_string()}',
-            'object': actor_1.activitypub_id,
-        }
+        follow_activity = self.generate_follow_activity(object_actor=actor_1)
 
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -87,13 +91,9 @@ def test_it_raises_error_if_follow_request_already_rejected(
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         actor_1.user.refuses_follow_request_from(remote_actor.user)
-        follow_activity = {
-            '@context': AP_CTX,
-            'id': generate_activity_id(),
-            'type': ActivityType.FOLLOW.value,
-            'actor': remote_actor.activitypub_id,
-            'object': actor_1.activitypub_id,
-        }
+        follow_activity = self.generate_follow_activity(
+            actor_id=remote_actor.activitypub_id, object_actor=actor_1
+        )
 
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -105,14 +105,9 @@ def test_it_raises_error_if_follow_request_already_rejected(
     def test_it_creates_follow_request(
         self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
     ) -> None:
-        follow_activity = {
-            '@context': AP_CTX,
-            'id': generate_activity_id(),
-            'type': ActivityType.FOLLOW.value,
-            'actor': remote_actor.activitypub_id,
-            'object': actor_1.activitypub_id,
-        }
-
+        follow_activity = self.generate_follow_activity(
+            actor_id=remote_actor.activitypub_id, object_actor=actor_1
+        )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
@@ -131,14 +126,9 @@ def test_it_does_raise_error_if_pending_follow_request_already_exist(
         remote_actor: Actor,
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        follow_activity = {
-            '@context': AP_CTX,
-            'id': generate_activity_id(),
-            'type': ActivityType.FOLLOW.value,
-            'actor': remote_actor.activitypub_id,
-            'object': actor_1.activitypub_id,
-        }
-
+        follow_activity = self.generate_follow_activity(
+            actor_id=remote_actor.activitypub_id, object_actor=actor_1
+        )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index f8eb3d1fa..cf9a74881 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -9,12 +9,7 @@
 from fittrackee.users.models import User
 
 from ...test_case_mixins import ApiTestCaseMixin
-from ...utils import (
-    get_remote_user_object,
-    random_actor_url,
-    random_domain_with_scheme,
-    random_string,
-)
+from ...utils import RandomActor, random_string
 
 
 class TestFederationUser:
@@ -72,14 +67,14 @@ def test_it_returns_error_if_federation_is_disabled(
 
 class TestRemoteUser(ApiTestCaseMixin):
     def test_it_returns_error_if_federation_is_disabled(
-        self, app: Flask, user_1: User
+        self, app: Flask, user_1: User, random_actor: RandomActor
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(app)
         response = client.post(
             '/federation/remote-user',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
-            data=json.dumps({'actor_url': random_actor_url()}),
+            data=json.dumps({'actor_url': random_actor.activitypub_id}),
         )
 
         assert response.status_code == 403
@@ -91,13 +86,13 @@ def test_it_returns_error_if_federation_is_disabled(
         )
 
     def test_it_returns_error_if_user_is_not_logged(
-        self, app_with_federation: Flask
+        self, app_with_federation: Flask, random_actor: RandomActor
     ) -> None:
         client = app_with_federation.test_client()
         response = client.post(
             '/federation/remote-user',
             content_type='application/json',
-            data=json.dumps({'actor_url': random_actor_url()}),
+            data=json.dumps({'actor_url': random_actor.activitypub_id}),
         )
 
         assert response.status_code == 401
@@ -123,7 +118,10 @@ def test_it_returns_400_if_remote_user_url_is_missing(
         assert 'invalid payload' in data['message']
 
     def test_it_returns_error_if_remote_instance_returns_error(
-        self, app_with_federation: Flask, actor_1: Actor
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
@@ -136,7 +134,7 @@ def test_it_returns_error_if_remote_instance_returns_error(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor_url()}),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 400
@@ -145,7 +143,10 @@ def test_it_returns_error_if_remote_instance_returns_error(
             assert 'Can not fetch remote actor.' in data['message']
 
     def test_it_returns_error_if_remote_actor_object_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
@@ -158,7 +159,7 @@ def test_it_returns_error_if_remote_actor_object_is_invalid(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor_url()}),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 400
@@ -167,9 +168,12 @@ def test_it_returns_error_if_remote_actor_object_is_invalid(
             assert 'Invalid remote actor object.' in data['message']
 
     def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
-        self, app_with_federation: Flask, actor_1: Actor, remote_domain: Domain
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_domain: Domain,
+        random_actor: RandomActor,
     ) -> None:
-        remote_username = random_string()
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
@@ -177,20 +181,13 @@ def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
             'fittrackee.federation.federation.get_remote_user'
         ) as get_remote_user_mock:
             get_remote_user_mock.return_value = {
-                'preferredUsername': remote_username,
+                'preferredUsername': random_actor.preferred_username,
             }
             response = client.post(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps(
-                    {
-                        'actor_url': random_actor_url(
-                            username=remote_username,
-                            domain_with_scheme=f'https://{remote_domain.name}',
-                        )
-                    }
-                ),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 400
@@ -202,11 +199,10 @@ def test_it_returns_error_if_remote_domain_is_local_domain(
         self,
         app_with_federation: Flask,
         actor_1: Actor,
+        random_actor: RandomActor,
     ) -> None:
-        remote_username = random_string()
-        domain = f"https://{ app_with_federation.config['AP_DOMAIN']}"
-        remote_user_object = get_remote_user_object(
-            username=remote_username, domain_with_scheme=domain
+        random_actor.domain = (
+            f"https://{ app_with_federation.config['AP_DOMAIN']}"
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
@@ -214,18 +210,14 @@ def test_it_returns_error_if_remote_domain_is_local_domain(
         with patch(
             'fittrackee.federation.federation.get_remote_user'
         ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
+            get_remote_user_mock.return_value = (
+                random_actor.get_remote_user_object()
+            )
             response = client.post(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps(
-                    {
-                        'actor_url': random_actor_url(
-                            username=remote_username, domain_with_scheme=domain
-                        )
-                    }
-                ),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 400
@@ -237,19 +229,17 @@ def test_it_returns_error_if_remote_domain_is_local_domain(
             )
 
     def test_it_creates_remote_actor_if_actor_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor, remote_domain: Domain
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_domain: Domain,
+        random_actor: RandomActor,
     ) -> None:
-        remote_username = random_string()
-        remote_preferred_username = random_string()
-        domain = f'https://{remote_domain.name}'
-        remote_user_object = get_remote_user_object(
-            username=remote_username,
-            preferred_username=remote_preferred_username,
-            domain_with_scheme=domain,
-        )
+        random_actor.domain = f'https://{remote_domain.name}'
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
+        remote_user_object = random_actor.get_remote_user_object()
         with patch(
             'fittrackee.federation.federation.get_remote_user'
         ) as get_remote_user_mock:
@@ -258,14 +248,7 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps(
-                    {
-                        'actor_url': random_actor_url(
-                            username=remote_preferred_username,
-                            domain_with_scheme=domain,
-                        )
-                    }
-                ),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 200
@@ -273,16 +256,12 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
             assert data == remote_user_object
 
     def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
     ) -> None:
-        remote_username = random_string()
-        remote_preferred_username = random_string()
-        domain = random_domain_with_scheme()
-        remote_user_object = get_remote_user_object(
-            username=remote_username,
-            preferred_username=remote_preferred_username,
-            domain_with_scheme=domain,
-        )
+        remote_user_object = random_actor.get_remote_user_object()
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
@@ -294,21 +273,14 @@ def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps(
-                    {
-                        'actor_url': random_actor_url(
-                            username=remote_preferred_username,
-                            domain_with_scheme=domain,
-                        )
-                    }
-                ),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 200
             data = json.loads(response.data.decode())
             assert data == remote_user_object
 
-    def test_it_returns_updated_remote_actor_if_remote_domain_exists(
+    def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
     ) -> None:
         remote_user_object = remote_actor.serialize()
@@ -336,7 +308,11 @@ def test_it_returns_updated_remote_actor_if_remote_domain_exists(
             assert remote_actor.last_fetch_date != last_fetched
 
     def test_it_creates_several_remote_actors(
-        self, app_with_federation: Flask, actor_1: Actor
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
+        random_actor_2: RandomActor,
     ) -> None:
         """
         check constrains on User model (especially empty password and email)
@@ -347,50 +323,26 @@ def test_it_creates_several_remote_actors(
         with patch(
             'fittrackee.federation.federation.get_remote_user'
         ) as get_remote_user_mock:
-            remote_preferred_username = random_string()
-            domain = random_domain_with_scheme()
-            remote_user_object = get_remote_user_object(
-                preferred_username=remote_preferred_username,
-                domain_with_scheme=domain,
-            )
+            remote_user_object = random_actor.get_remote_user_object()
             get_remote_user_mock.return_value = remote_user_object
             response = client.post(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps(
-                    {
-                        'actor_url': random_actor_url(
-                            username=remote_preferred_username,
-                            domain_with_scheme=domain,
-                        )
-                    }
-                ),
+                data=json.dumps({'actor_url': random_actor.activitypub_id}),
             )
 
             assert response.status_code == 200
             data = json.loads(response.data.decode())
             assert data == remote_user_object
 
-            remote_preferred_username = random_string()
-            domain = random_domain_with_scheme()
-            remote_user_object = get_remote_user_object(
-                preferred_username=remote_preferred_username,
-                domain_with_scheme=domain,
-            )
+            remote_user_object = random_actor_2.get_remote_user_object()
             get_remote_user_mock.return_value = remote_user_object
             response = client.post(
                 '/federation/remote-user',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps(
-                    {
-                        'actor_url': random_actor_url(
-                            username=remote_preferred_username,
-                            domain_with_scheme=domain,
-                        )
-                    }
-                ),
+                data=json.dumps({'actor_url': random_actor_2.activitypub_id}),
             )
 
             assert response.status_code == 200
diff --git a/fittrackee/tests/federation/federation/test_remote_user.py b/fittrackee/tests/federation/federation/test_remote_user.py
index 12462896e..997c199bd 100644
--- a/fittrackee/tests/federation/federation/test_remote_user.py
+++ b/fittrackee/tests/federation/federation/test_remote_user.py
@@ -6,13 +6,7 @@
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.remote_user import get_remote_user
 
-from ...utils import (
-    generate_response,
-    get_remote_user_object,
-    random_actor_url,
-    random_domain_with_scheme,
-    random_string,
-)
+from ...utils import RandomActor, generate_response, random_actor_url
 
 
 class TestGetRemoteUser:
@@ -24,18 +18,14 @@ def test_it_returns_error_if_remote_instance_returns_error(self) -> None:
                 get_remote_user(random_actor_url())
 
     def test_it_returns_user_object_if_remote_response_is_successful(
-        self,
+        self, random_actor: RandomActor
     ) -> None:
-        username = random_string()
-        remote_domain = random_domain_with_scheme()
-        remote_user = get_remote_user_object(username, remote_domain)
+        remote_user = random_actor.get_remote_user_object()
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
                 status_code=200, content=remote_user
             )
 
-            expected_user = get_remote_user(
-                random_actor_url(username, remote_domain)
-            )
+            expected_user = get_remote_user(random_actor.activitypub_id)
 
             assert remote_user == expected_user
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index 278b279b3..e38b2b21c 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -8,14 +8,16 @@
 from fittrackee.users.models import FollowRequest
 
 from ...test_case_mixins import ApiTestCaseMixin, BaseTestMixin
-from ...utils import random_domain, random_string
+from ...utils import RandomActor, random_string
 
 
 class TestFollowWithFederation(ApiTestCaseMixin):
     """Follow user belonging to the same instance"""
 
     def test_it_raises_error_if_target_user_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
@@ -129,15 +131,17 @@ class TestRemoteFollowWithFederation(BaseTestMixin, ApiTestCaseMixin):
     """Follow user from another instance"""
 
     def test_it_raise_error_if_remote_actor_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
-        remote_account = f'{random_string()}@{random_domain()}'
 
         response = client.post(
-            f'/api/users/{remote_account}/follow',
+            f'/api/users/{random_actor.fullname}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -148,15 +152,18 @@ def test_it_raise_error_if_remote_actor_does_not_exist(
         assert data['message'] == 'user does not exist'
 
     def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domain(  # noqa
-        self, app_with_federation: Flask, actor_1: Actor, remote_domain: Domain
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_domain: Domain,
+        random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
-        remote_account = f'{random_string()}@{remote_domain.name}'
 
         response = client.post(
-            f'/api/users/{remote_account}/follow',
+            f'/api/users/{random_actor.fullname}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -177,12 +184,9 @@ def test_it_creates_follow_request(
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
-        remote_account = (
-            f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
-        )
 
         response = client.post(
-            f'/api/users/{remote_account}/follow',
+            f'/api/users/{remote_actor.fullname}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -192,7 +196,7 @@ def test_it_creates_follow_request(
         assert data['status'] == 'success'
         assert (
             data['message']
-            == f"Follow request to user '{remote_account}' is sent."
+            == f"Follow request to user '{remote_actor.fullname}' is sent."
         )
 
     def test_it_returns_success_if_follow_request_already_exists(
@@ -205,12 +209,9 @@ def test_it_returns_success_if_follow_request_already_exists(
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
-        remote_account = (
-            f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
-        )
 
         response = client.post(
-            f'/api/users/{remote_account}/follow',
+            f'/api/users/{remote_actor.fullname}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -220,7 +221,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         assert data['status'] == 'success'
         assert (
             data['message']
-            == f"Follow request to user '{remote_account}' is sent."
+            == f"Follow request to user '{remote_actor.fullname}' is sent."
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
@@ -234,12 +235,9 @@ def test_it_calls_send_to_inbox(
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
-        remote_account = (
-            f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
-        )
 
         client.post(
-            f'/api/users/{remote_account}/follow',
+            f'/api/users/{remote_actor.fullname}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -257,5 +255,4 @@ def test_it_calls_send_to_inbox(
             followed_user_id=remote_actor.user.id,
         ).first()
         activity = follow_request.get_activity()
-        del activity['id']
-        self.assert_dict_contains_subset(call_args['activity'], activity)
+        assert call_args['activity'] == activity
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 94c072226..ca3c466f3 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -32,11 +32,10 @@ def test_it_returns_activity_object_when_federation_is_enabled(
     ) -> None:
         activity_object = follow_request_from_user_1_to_user_2.get_activity()
 
-        assert app_with_federation.config['UI_URL'] in activity_object['id']
-        expected_object_subset = {
+        assert activity_object == {
             '@context': AP_CTX,
+            'id': f'{actor_1.activitypub_id}#follow/{actor_2.fullname}',
             'type': 'Follow',
             'actor': actor_1.activitypub_id,
             'object': actor_2.activitypub_id,
         }
-        assert {**activity_object, **expected_object_subset} == activity_object
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 6c7e5682d..4709429ec 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -5,7 +5,7 @@
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import User
 
-from ..utils import get_remote_user_object, random_domain
+from ..utils import RandomActor, get_remote_user_object, random_domain
 
 
 @pytest.fixture()
@@ -66,11 +66,15 @@ def remote_domain(app_with_federation: Flask) -> Domain:
 
 @pytest.fixture()
 def remote_actor(
-    user_2: User, app_with_federation: Flask, remote_domain: Domain
+    user_2: User,
+    app_with_federation: Flask,
+    remote_domain: Domain,
 ) -> Actor:
     domain = f'https://{remote_domain.name}'
     remote_user_object = get_remote_user_object(
-        username=user_2.username, domain_with_scheme=domain
+        username=user_2.username,
+        preferred_username=user_2.username,
+        domain=domain,
     )
     actor = Actor(
         preferred_username=user_2.username,
@@ -83,3 +87,13 @@ def remote_actor(
     user_2.actor_id = actor.id
     db.session.commit()
     return actor
+
+
+@pytest.fixture()
+def random_actor() -> RandomActor:
+    return RandomActor()
+
+
+@pytest.fixture()
+def random_actor_2() -> RandomActor:
+    return RandomActor()
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 8e3ecd948..97260ff9a 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -1,5 +1,6 @@
 import random
 import string
+from dataclasses import dataclass
 from datetime import datetime
 from json import dumps
 from typing import Dict, Optional, Union
@@ -40,6 +41,57 @@ def get_date_string(date: Optional[datetime] = None) -> str:
     return date.strftime(VALID_DATE_FORMAT)
 
 
+def get_remote_user_object(
+    username: str,
+    preferred_username: str,
+    domain: str,
+) -> Dict:
+    user_url = f'{domain}/users/{username}'
+    return {
+        '@context': [
+            'https://www.w3.org/ns/activitystreams',
+            'https://w3id.org/security/v1',
+        ],
+        'id': user_url,
+        'type': 'Person',
+        'following': f'{user_url}/following',
+        'followers': f'{user_url}/followers',
+        'inbox': f'{user_url}/inbox',
+        'outbox': f'{user_url}/outbox',
+        'name': username,
+        'preferredUsername': preferred_username,
+        'manuallyApprovesFollowers': True,
+        'publicKey': {
+            'id': f'{user_url}#main-key',
+            'owner': user_url,
+            'publicKeyPem': random_string(),
+        },
+        'endpoints': {'sharedInbox': f'{domain}/inbox'},
+    }
+
+
+@dataclass
+class RandomActor:
+    name: str = random_string()
+    preferred_username: str = random_string()
+    domain: str = random_domain_with_scheme()
+
+    @property
+    def fullname(self) -> str:
+        return (
+            f'{self.preferred_username}@{self.domain.replace("https://", "")}'
+        )
+
+    @property
+    def activitypub_id(self) -> str:
+        return f'{self.domain}/users/{self.preferred_username}'
+
+    def get_remote_user_object(self) -> Dict:
+        return get_remote_user_object(
+            self.name, self.preferred_username, self.domain
+        )
+
+
 def generate_response(
     content: Optional[Union[str, Dict]] = None,
     status_code: Optional[int] = None,
@@ -55,10 +107,6 @@ def generate_response(
     return response
 
 
-def random_full_username() -> str:
-    return f'{random_string()}@{random_domain()}'
-
-
 def random_actor_url(
     username: Optional[str] = None, domain_with_scheme: Optional[str] = None
 ) -> str:
@@ -69,41 +117,3 @@ def random_actor_url(
         else random_domain_with_scheme()
     )
     return f'{remote_domain}/users/{username}'
-
-
-def get_remote_user_object(
-    username: Optional[str] = None,
-    preferred_username: Optional[str] = None,
-    domain_with_scheme: Optional[str] = None,
-) -> Dict:
-    username = username if username else random_string()
-    preferred_username = (
-        preferred_username if preferred_username else random_string()
-    )
-    remote_domain = (
-        domain_with_scheme
-        if domain_with_scheme
-        else random_domain_with_scheme()
-    )
-    user_url = random_actor_url(username, remote_domain)
-    return {
-        '@context': [
-            'https://www.w3.org/ns/activitystreams',
-            'https://w3id.org/security/v1',
-        ],
-        'id': user_url,
-        'type': 'Person',
-        'following': f'{user_url}/following',
-        'followers': f'{user_url}/followers',
-        'inbox': f'{user_url}/inbox',
-        'outbox': f'{user_url}/outbox',
-        'name': username,
-        'preferredUsername': preferred_username,
-        'manuallyApprovesFollowers': True,
-        'publicKey': {
-            'id': f'{user_url}#main-key',
-            'owner': user_url,
-            'publicKeyPem': random_string(),
-        },
-        'endpoints': {'sharedInbox': f'{remote_domain}/inbox'},
-    }
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index e484cdeaf..79a07ec6e 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -13,7 +13,6 @@
 from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
-from fittrackee.federation.utils import generate_activity_id
 from fittrackee.workouts.models import Workout
 
 from .exceptions import (
@@ -72,7 +71,10 @@ def get_activity(self) -> Dict:
             raise FederationDisabledException()
         return {
             '@context': AP_CTX,
-            'id': generate_activity_id(),
+            'id': (
+                f'{self.from_user.actor.activitypub_id}#follow/'
+                f'{self.to_user.actor.fullname}'
+            ),
             'type': ActivityType.FOLLOW.value,
             'actor': self.from_user.actor.activitypub_id,
             'object': self.to_user.actor.activitypub_id,

From 821589de9c22775fb0058a1cfc019a5a4f879afe Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:29:30 +0100
Subject: [PATCH 041/238] API - add Accept and Reject activities in response to
 Follow activity

---
 fittrackee/federation/activities.py           | 107 +++++--
 fittrackee/federation/enums.py                |   2 +
 fittrackee/federation/exceptions.py           |   8 +
 fittrackee/federation/tasks/activity.py       |   3 +-
 fittrackee/federation/utils.py                |  21 +-
 fittrackee/federation/utils_user.py           |  33 ++
 .../federation/test_federation_activities.py  | 289 ++++++++++++++++--
 .../federation/users/test_users_follow_api.py |  24 +-
 .../users/test_users_follow_request_api.py    | 272 ++++++++++++++++-
 .../federation/users/test_users_model.py      |  58 +++-
 .../fixtures/fixtures_federation_users.py     |  39 +++
 fittrackee/tests/test_case_mixins.py          |  45 +++
 fittrackee/tests/users/test_auth_api.py       |   4 +-
 .../tests/users/test_users_follow_api.py      |   2 +-
 .../users/test_users_follow_request_api.py    | 160 ++++++++++
 fittrackee/tests/users/test_users_model.py    |   4 +-
 fittrackee/tests/workouts/test_stats_api.py   |   2 +-
 .../workouts/test_workouts_api_1_post.py      |   2 +-
 .../workouts/test_workouts_api_2_patch.py     |   4 +-
 fittrackee/users/follow_requests.py           |  74 ++++-
 fittrackee/users/models.py                    |  42 ++-
 fittrackee/users/users.py                     |  50 ++-
 fittrackee/users/utils/follow.py              |  15 -
 23 files changed, 1121 insertions(+), 139 deletions(-)
 create mode 100644 fittrackee/federation/utils_user.py
 delete mode 100644 fittrackee/users/utils/follow.py

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
index 953ee250a..8ab14c2a9 100644
--- a/fittrackee/federation/activities.py
+++ b/fittrackee/federation/activities.py
@@ -1,45 +1,118 @@
 from abc import ABC, abstractmethod
-from typing import Dict
+from importlib import import_module
+from typing import Callable, Dict, Tuple
 
 from fittrackee import appLog
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
-from fittrackee.users.exceptions import FollowRequestAlreadyRejectedError
-from fittrackee.users.utils.follow import create_follow_request
+from fittrackee.users.exceptions import (
+    FollowRequestAlreadyProcessedError,
+    FollowRequestAlreadyRejectedError,
+    NotExistingFollowRequestError,
+)
+
+from .exceptions import UnsupportedActivityException
+
+
+def get_activity_instance(activity_dict: Dict) -> Callable:
+    activity_type = activity_dict['type']
+    try:
+        Activity = getattr(
+            import_module('fittrackee.federation.activities'),
+            f'{activity_type}Activity',
+        )
+    except AttributeError:
+        raise UnsupportedActivityException(activity_type)
+    return Activity
 
 
 class AbstractActivity(ABC):
     def __init__(self, activity_dict: Dict) -> None:
         self.activity = activity_dict
 
+    def activity_name(self) -> str:
+        return self.__class__.__name__
+
     @abstractmethod
     def process_activity(self) -> None:
         pass
 
 
-class FollowActivity(AbstractActivity):
-    def process_activity(self) -> None:
-        followed_actor = Actor.query.filter_by(
-            activitypub_id=self.activity['object']
+class FollowBaseActivity(AbstractActivity):
+    def get_actors(self) -> Tuple[Actor, Actor]:
+        """
+        return actors from activity 'actor' and 'object'
+        """
+        actor = Actor.query.filter_by(
+            activitypub_id=self.activity['actor']
         ).first()
-        if not followed_actor:
+        if not actor:
             raise ActorNotFoundException(
-                message='followed actor not found for Follow Activity'
+                message=f'actor not found for {self.activity_name()}'
             )
 
-        follower_actor = Actor.query.filter_by(
-            activitypub_id=self.activity['actor']
+        object_actor_activitypub_id = (
+            self.activity['object']
+            if isinstance(self.activity['object'], str)
+            else self.activity['object']['actor']
+        )
+        object_actor = Actor.query.filter_by(
+            activitypub_id=object_actor_activitypub_id
         ).first()
-        if not follower_actor:
+        if not object_actor:
             raise ActorNotFoundException(
-                message='followed actor not found for Follow Activity'
+                message=f'object actor not found for {self.activity_name()}'
             )
+        return actor, object_actor
+
+    @abstractmethod
+    def process_activity(self) -> None:
+        pass
+
 
+class FollowActivity(FollowBaseActivity):
+    def process_activity(self) -> None:
+        follower_actor, followed_actor = self.get_actors()
         try:
-            create_follow_request(
-                follower_user_id=follower_actor.user.id,
-                followed_user=followed_actor.user,
-            )
+            follower_actor.user.send_follow_request_to(followed_actor.user)
         except FollowRequestAlreadyRejectedError as e:
             appLog.error('Follow activity: follow request already rejected.')
             raise e
+
+
+class AcceptActivity(FollowBaseActivity):
+    def process_activity(self) -> None:
+        followed_actor, follower_actor = self.get_actors()
+        try:
+            followed_actor.user.approves_follow_request_from(
+                follower_actor.user
+            )
+        except NotExistingFollowRequestError as e:
+            appLog.error(
+                f'{self.activity_name()}: follow request does not exist.'
+            )
+            raise e
+        except FollowRequestAlreadyProcessedError as e:
+            appLog.error(
+                f'{self.activity_name()}: follow request already processed.'
+            )
+            raise e
+
+
+class RejectActivity(FollowBaseActivity):
+    def process_activity(self) -> None:
+        followed_actor, follower_actor = self.get_actors()
+        try:
+            followed_actor.user.rejects_follow_request_from(
+                follower_actor.user
+            )
+        except NotExistingFollowRequestError as e:
+            appLog.error(
+                f'{self.activity_name()}: follow request does not exist.'
+            )
+            raise e
+        except FollowRequestAlreadyProcessedError as e:
+            appLog.error(
+                f'{self.activity_name()}: follow request already processed.'
+            )
+            raise e
diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index bf950af56..831188339 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -2,7 +2,9 @@
 
 
 class ActivityType(Enum):
+    ACCEPT = 'Accept'
     FOLLOW = 'Follow'
+    REJECT = 'Reject'
 
 
 class ActorType(Enum):
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index 78f8f44e5..85bcb9da5 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -11,6 +11,14 @@ def __init__(self, message: Optional[str] = None) -> None:
         )
 
 
+class DomainNotFoundException(GenericException):
+    def __init__(self, domain: str) -> None:
+        super().__init__(
+            status='error',
+            message=f"Domain '{domain}' not found.",
+        )
+
+
 class FederationDisabledException(GenericException):
     def __init__(self) -> None:
         super().__init__(
diff --git a/fittrackee/federation/tasks/activity.py b/fittrackee/federation/tasks/activity.py
index 2d081ff04..e09f878b7 100644
--- a/fittrackee/federation/tasks/activity.py
+++ b/fittrackee/federation/tasks/activity.py
@@ -1,7 +1,8 @@
 from typing import Dict
 
 from fittrackee import dramatiq
-from fittrackee.federation.utils import get_activity_instance
+
+from ..activities import get_activity_instance
 
 
 @dramatiq.actor(queue_name='fittrackee_activities')
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 6b56df2ab..02b2a7624 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -1,12 +1,10 @@
 import re
-from importlib import import_module
-from typing import Callable, Dict, Optional, Tuple
+from typing import Dict, Tuple
 
 from Crypto.PublicKey import RSA
 from flask import current_app
 
 from .enums import ActivityType
-from .exceptions import UnsupportedActivityException
 
 
 def generate_keys() -> Tuple[str, str]:
@@ -46,26 +44,9 @@ def remove_url_scheme(url: str) -> str:
     return re.sub(r'https?://', '', url)
 
 
-def get_username_and_domain(full_name: str) -> Optional[re.Match]:
-    full_name_pattern = r'([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
-    return re.match(full_name_pattern, full_name)
-
-
 def is_invalid_activity_data(activity_data: Dict) -> bool:
     return (
         'type' not in activity_data
         or 'object' not in activity_data
         or activity_data['type'] not in [a.value for a in ActivityType]
     )
-
-
-def get_activity_instance(activity_dict: Dict) -> Callable:
-    activity_type = activity_dict["type"]
-    try:
-        Activity = getattr(
-            import_module('fittrackee.federation.activities'),
-            f'{activity_type}Activity',
-        )
-    except AttributeError:
-        raise UnsupportedActivityException(activity_type)
-    return Activity
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
new file mode 100644
index 000000000..7c0fe7180
--- /dev/null
+++ b/fittrackee/federation/utils_user.py
@@ -0,0 +1,33 @@
+import re
+from typing import Optional
+
+from fittrackee.federation.models import Actor, Domain
+from fittrackee.users.exceptions import UserNotFoundException
+from fittrackee.users.models import User
+
+from .exceptions import ActorNotFoundException, DomainNotFoundException
+
+
+def get_username_and_domain(full_name: str) -> Optional[re.Match]:
+    full_name_pattern = r'([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
+    return re.match(full_name_pattern, full_name)
+
+
+def get_user_from_username(user_name: str) -> User:
+    user_name_and_domain = get_username_and_domain(user_name)
+    if user_name_and_domain is None:  # local actor
+        user = User.query.filter_by(username=user_name).first()
+    else:  # remote actor
+        name, domain_name = user_name_and_domain.groups()
+        domain = Domain.query.filter_by(name=domain_name).first()
+        if not domain:
+            raise DomainNotFoundException(domain_name)
+        actor = Actor.query.filter_by(
+            preferred_username=name, domain_id=domain.id
+        ).first()
+        if not actor:
+            raise ActorNotFoundException()
+        user = actor.user
+    if not user:
+        raise UserNotFoundException()
+    return user
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index 9a0685146..8890bf1ca 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -3,6 +3,7 @@
 import pytest
 from flask import Flask
 
+from fittrackee.federation.activities import get_activity_instance
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
@@ -10,8 +11,11 @@
     UnsupportedActivityException,
 )
 from fittrackee.federation.models import Actor
-from fittrackee.federation.utils import get_activity_instance
-from fittrackee.users.exceptions import FollowRequestAlreadyRejectedError
+from fittrackee.users.exceptions import (
+    FollowRequestAlreadyProcessedError,
+    FollowRequestAlreadyRejectedError,
+    NotExistingFollowRequestError,
+)
 from fittrackee.users.models import FollowRequest
 
 from ...utils import RandomActor, random_string
@@ -35,43 +39,94 @@ def test_it_raises_exception_if_activity_type_is_invalid(self) -> None:
             get_activity_instance({'type': random_string()})
 
 
-class TestFollowActivity:
+class FollowRequestActivitiesTestCase:
     @staticmethod
     def generate_follow_activity(
-        actor_id: Optional[str] = None,
-        object_actor: Optional[Union[Actor, RandomActor]] = None,
+        follower_actor_id: Optional[str] = None,
+        followed_actor: Optional[Union[Actor, RandomActor]] = None,
     ) -> Dict:
-        if object_actor is None:
-            object_actor = RandomActor()
+        if follower_actor_id is None:
+            follower_actor_id = RandomActor().activitypub_id
+        if followed_actor is None:
+            followed_actor = RandomActor()
         return {
             '@context': AP_CTX,
-            'id': f'{actor_id}#follow/{object_actor.fullname}',
+            'id': f'{follower_actor_id}#follows/{followed_actor.fullname}',
             'type': ActivityType.FOLLOW.value,
-            'actor': actor_id if actor_id else RandomActor().activitypub_id,
-            'object': object_actor.activitypub_id,
+            'actor': follower_actor_id,
+            'object': followed_actor.activitypub_id,
         }
 
-    def test_it_raises_error_if_target_actor_does_not_exists(
+    @staticmethod
+    def generate_accept_or_reject_activity(
+        activity_type: ActivityType,
+        follower_actor: Optional[Union[Actor, RandomActor]] = None,
+        followed_actor: Optional[Union[Actor, RandomActor]] = None,
+    ) -> Dict:
+        if follower_actor is None:
+            follower_actor = RandomActor()
+        if followed_actor is None:
+            followed_actor = RandomActor()
+        return {
+            '@context': AP_CTX,
+            'id': (
+                f'{followed_actor.activitypub_id}#'
+                f'{activity_type.value.lower()}s/follow/'
+                f'{follower_actor.fullname}'
+            ),
+            'type': activity_type.value,
+            'actor': followed_actor.activitypub_id,
+            'object': {
+                'id': (
+                    f'{follower_actor.activitypub_id}#follows/'
+                    f'{followed_actor.fullname}'
+                ),
+                'type': ActivityType.FOLLOW.value,
+                'actor': follower_actor.activitypub_id,
+                'object': followed_actor.activitypub_id,
+            },
+        }
+
+    def generate_accept_activity(
+        self,
+        follower_actor: Optional[Union[Actor, RandomActor]] = None,
+        followed_actor: Optional[Union[Actor, RandomActor]] = None,
+    ) -> Dict:
+        return self.generate_accept_or_reject_activity(
+            ActivityType.ACCEPT, follower_actor, followed_actor
+        )
+
+    def generate_reject_activity(
+        self,
+        follower_actor: Optional[Union[Actor, RandomActor]] = None,
+        followed_actor: Optional[Union[Actor, RandomActor]] = None,
+    ) -> Dict:
+        return self.generate_accept_or_reject_activity(
+            ActivityType.REJECT, follower_actor, followed_actor
+        )
+
+
+class TestFollowActivity(FollowRequestActivitiesTestCase):
+    def test_it_raises_error_if_followed_actor_does_not_exist(
         self, app_with_federation: Flask, remote_actor: Actor
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            actor_id=remote_actor.activitypub_id
+            follower_actor_id=remote_actor.activitypub_id
         )
-
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
 
         with pytest.raises(
             ActorNotFoundException,
-            match='followed actor not found for Follow Activity',
+            match='object actor not found for FollowActivity',
         ):
             activity.process_activity()
 
-    def test_it_raises_error_if_remote_actor_does_not_exists(
+    def test_it_raises_error_if_remote_actor_does_not_exist(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
-        follow_activity = self.generate_follow_activity(object_actor=actor_1)
+        follow_activity = self.generate_follow_activity(followed_actor=actor_1)
 
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -79,7 +134,7 @@ def test_it_raises_error_if_remote_actor_does_not_exists(
 
         with pytest.raises(
             ActorNotFoundException,
-            match='followed actor not found for Follow Activity',
+            match='actor not found for FollowActivity',
         ):
             activity.process_activity()
 
@@ -88,13 +143,13 @@ def test_it_raises_error_if_follow_request_already_rejected(
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
-        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.refuses_follow_request_from(remote_actor.user)
+        actor_1.user.rejects_follow_request_from(remote_actor.user)
         follow_activity = self.generate_follow_activity(
-            actor_id=remote_actor.activitypub_id, object_actor=actor_1
+            follower_actor_id=remote_actor.activitypub_id,
+            followed_actor=actor_1,
         )
-
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
@@ -106,11 +161,13 @@ def test_it_creates_follow_request(
         self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            actor_id=remote_actor.activitypub_id, object_actor=actor_1
+            follower_actor_id=remote_actor.activitypub_id,
+            followed_actor=actor_1,
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
+
         activity.process_activity()
 
         follow_request = FollowRequest.query.filter_by(
@@ -119,19 +176,21 @@ def test_it_creates_follow_request(
         ).first()
         assert follow_request is not None
 
-    def test_it_does_raise_error_if_pending_follow_request_already_exist(
+    def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
         self,
         app_with_federation: Flask,
         actor_1: Actor,
         remote_actor: Actor,
-        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            actor_id=remote_actor.activitypub_id, object_actor=actor_1
+            follower_actor_id=remote_actor.activitypub_id,
+            followed_actor=actor_1,
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
+
         activity.process_activity()
 
         follow_request = FollowRequest.query.filter_by(
@@ -139,3 +198,183 @@ def test_it_does_raise_error_if_pending_follow_request_already_exist(
             followed_user_id=actor_1.user.id,
         ).first()
         assert follow_request.updated_at is None
+
+
+class TestAcceptActivity(FollowRequestActivitiesTestCase):
+    def test_it_raises_error_if_follower_actor_does_not_exist(
+        self, app_with_federation: Flask, remote_actor: Actor
+    ) -> None:
+        accept_activity = self.generate_accept_activity(
+            followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='object actor not found for AcceptActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_followed_actor_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        accept_activity = self.generate_accept_activity(follower_actor=actor_1)
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for AcceptActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        accept_activity = self.generate_accept_activity(
+            follower_actor=actor_1, followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(NotExistingFollowRequestError):
+            activity.process_activity()
+
+    def test_it_raises_error_if_follow_request_already_rejected(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_1_to_remote_actor: FollowRequest,
+    ) -> None:
+        remote_actor.user.rejects_follow_request_from(actor_1.user)
+        accept_activity = self.generate_accept_activity(
+            follower_actor=actor_1, followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(FollowRequestAlreadyProcessedError):
+            activity.process_activity()
+
+    def test_it_accepts_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_1_to_remote_actor: FollowRequest,
+    ) -> None:
+        accept_activity = self.generate_accept_activity(
+            follower_actor=actor_1, followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        activity.process_activity()
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=actor_1.user.id,
+            followed_user_id=remote_actor.user.id,
+        ).first()
+
+        assert follow_request.is_approved
+        assert follow_request.updated_at is not None
+
+
+class TestRejectActivity(FollowRequestActivitiesTestCase):
+    def test_it_raises_error_if_follower_actor_does_not_exist(
+        self, app_with_federation: Flask, remote_actor: Actor
+    ) -> None:
+        accept_activity = self.generate_reject_activity(
+            followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='object actor not found for RejectActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_followed_actor_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        accept_activity = self.generate_reject_activity(follower_actor=actor_1)
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for RejectActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        accept_activity = self.generate_reject_activity(
+            follower_actor=actor_1, followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(NotExistingFollowRequestError):
+            activity.process_activity()
+
+    def test_it_raises_error_if_follow_request_already_rejected(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_1_to_remote_actor: FollowRequest,
+    ) -> None:
+        remote_actor.user.rejects_follow_request_from(actor_1.user)
+        accept_activity = self.generate_reject_activity(
+            follower_actor=actor_1, followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        with pytest.raises(FollowRequestAlreadyProcessedError):
+            activity.process_activity()
+
+    def test_it_rejects_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_user_1_to_remote_actor: FollowRequest,
+    ) -> None:
+        accept_activity = self.generate_reject_activity(
+            follower_actor=actor_1, followed_actor=remote_actor
+        )
+        activity = get_activity_instance({'type': accept_activity['type']})(
+            activity_dict=accept_activity
+        )
+
+        activity.process_activity()
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=actor_1.user.id,
+            followed_user_id=remote_actor.user.id,
+        ).first()
+
+        assert follow_request.is_approved is False
+        assert follow_request.updated_at is not None
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index e38b2b21c..957cb7d0e 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -7,7 +7,7 @@
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import FollowRequest
 
-from ...test_case_mixins import ApiTestCaseMixin, BaseTestMixin
+from ...test_case_mixins import ApiTestCaseMixin, UserInboxTestMixin
 from ...utils import RandomActor, random_string
 
 
@@ -107,7 +107,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
-    def test_it_does_not_call_send_to_inbox(
+    def test_it_does_not_call_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
@@ -127,7 +127,7 @@ def test_it_does_not_call_send_to_inbox(
         send_to_users_inbox_mock.send.assert_not_called()
 
 
-class TestRemoteFollowWithFederation(BaseTestMixin, ApiTestCaseMixin):
+class TestRemoteFollowWithFederation(ApiTestCaseMixin, UserInboxTestMixin):
     """Follow user from another instance"""
 
     def test_it_raise_error_if_remote_actor_does_not_exist(
@@ -225,7 +225,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
-    def test_it_calls_send_to_inbox(
+    def test_it_calls_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
@@ -242,17 +242,13 @@ def test_it_calls_send_to_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_called_once()
-        self.assert_call_args_keys_equal(
-            send_to_users_inbox_mock.send,
-            ['sender_id', 'activity', 'recipients'],
-        )
-        call_args = self.get_call_kwargs(send_to_users_inbox_mock.send)
-        assert call_args['sender_id'] == actor_1.id
-        assert call_args['recipients'] == [remote_actor.inbox_url]
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=actor_1.user.id,
             followed_user_id=remote_actor.user.id,
         ).first()
-        activity = follow_request.get_activity()
-        assert call_args['activity'] == activity
+        self.assert_send_to_users_inbox_called_once(
+            send_to_users_inbox_mock,
+            local_actor=actor_1,
+            remote_actor=remote_actor,
+            base_object=follow_request,
+        )
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index 4d976585d..b0fba7bc4 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -1,12 +1,15 @@
 import json
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 from flask import Flask
 
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import FollowRequest
 
-from ...test_case_mixins import ApiTestCaseMixin
+from ...test_case_mixins import ApiTestCaseMixin, UserInboxTestMixin
+from ...users.test_users_follow_request_api import FollowRequestTestCase
+from ...utils import random_string
 
 
 class TestGetFollowRequestWithFederation(ApiTestCaseMixin):
@@ -55,3 +58,270 @@ def test_it_returns_current_user_follow_requests_with_actors(
         assert len(data['data']['follow_requests']) == 1
         assert data['data']['follow_requests'][0]['name'] == 'toto'
         assert '@context' in data['data']['follow_requests'][0]
+
+
+class TestAcceptLocalFollowRequestWithFederation(FollowRequestTestCase):
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_return_user_not_found(
+            f'/api/follow_requests/{random_string()}/accept',
+            client,
+            auth_token,
+        )
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_not_found(
+            client, auth_token, actor_2.user.username, 'accept'
+        )
+
+    def test_it_raises_error_if_follow_request_already_accepted(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1_with_federation.is_approved = True
+        follow_request_from_user_2_to_user_1_with_federation.updated_at = (
+            datetime.utcnow()
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_already_processed(
+            client, auth_token, actor_2.user.username, 'accept'
+        )
+
+    def test_it_accepts_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_processed(
+            client, auth_token, actor_2.user.username, 'accept'
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        client.post(
+            f'/api/follow_requests/{actor_2.user.username}/accept',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_not_called()
+
+
+class TestAcceptRemoteFollowRequestWithFederation(
+    FollowRequestTestCase, UserInboxTestMixin
+):
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_accepts_follow_request(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_processed(
+            client, auth_token, remote_actor.fullname, 'accept'  # type: ignore
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_calls_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        client.post(
+            f'/api/follow_requests/{remote_actor.fullname}/accept',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=remote_actor.user.id,
+            followed_user_id=actor_1.user.id,
+        ).first()
+        self.assert_send_to_users_inbox_called_once(
+            send_to_users_inbox_mock,
+            local_actor=actor_1,
+            remote_actor=remote_actor,
+            base_object=follow_request,
+        )
+
+
+class TestRejectLocalFollowRequestWithFederation(FollowRequestTestCase):
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_return_user_not_found(
+            f'/api/follow_requests/{random_string()}/reject',
+            client,
+            auth_token,
+        )
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_not_found(
+            client, auth_token, actor_2.user.username, 'reject'
+        )
+
+    def test_it_raises_error_if_follow_request_already_accepted(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1_with_federation.updated_at = (
+            datetime.utcnow()
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_already_processed(
+            client, auth_token, actor_2.user.username, 'reject'
+        )
+
+    def test_it_rejects_follow_request(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_processed(
+            client, auth_token, actor_2.user.username, 'reject'
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        client.post(
+            f'/api/follow_requests/{actor_2.user.username}/reject',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_not_called()
+
+
+class TestRejectRemoteFollowRequestWithFederation(
+    FollowRequestTestCase, UserInboxTestMixin
+):
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_accepts_follow_request(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        self.assert_it_returns_follow_request_processed(
+            client, auth_token, remote_actor.fullname, 'reject'  # type: ignore
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_calls_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation
+        )
+
+        client.post(
+            f'/api/follow_requests/{remote_actor.fullname}/reject',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=remote_actor.user.id,
+            followed_user_id=actor_1.user.id,
+        ).first()
+        self.assert_send_to_users_inbox_called_once(
+            send_to_users_inbox_mock,
+            local_actor=actor_1,
+            remote_actor=remote_actor,
+            base_object=follow_request,
+        )
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index ca3c466f3..220088882 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -1,3 +1,5 @@
+from datetime import datetime
+
 from flask import Flask
 
 from fittrackee.federation.constants import AP_CTX
@@ -23,7 +25,7 @@ def test_follow_request_model(
         assert serialized_follow_request['from_user'] == actor_1.serialize()
         assert serialized_follow_request['to_user'] == actor_2.serialize()
 
-    def test_it_returns_activity_object_when_federation_is_enabled(
+    def test_it_returns_follow_activity_object(
         self,
         app_with_federation: Flask,
         actor_1: Actor,
@@ -34,8 +36,60 @@ def test_it_returns_activity_object_when_federation_is_enabled(
 
         assert activity_object == {
             '@context': AP_CTX,
-            'id': f'{actor_1.activitypub_id}#follow/{actor_2.fullname}',
+            'id': f'{actor_1.activitypub_id}#follows/{actor_2.fullname}',
             'type': 'Follow',
             'actor': actor_1.activitypub_id,
             'object': actor_2.activitypub_id,
         }
+
+    def test_it_returns_accept_activity_object_when_follow_request_is_accepted(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = True
+        follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
+        activity_object = follow_request_from_user_1_to_user_2.get_activity()
+
+        assert activity_object == {
+            '@context': AP_CTX,
+            'id': (
+                f'{actor_2.activitypub_id}#accepts/follow/{actor_1.fullname}'
+            ),
+            'type': 'Accept',
+            'actor': actor_2.activitypub_id,
+            'object': {
+                'id': f'{actor_1.activitypub_id}#follows/{actor_2.fullname}',
+                'type': 'Follow',
+                'actor': actor_1.activitypub_id,
+                'object': actor_2.activitypub_id,
+            },
+        }
+
+    def test_it_returns_reject_activity_object_when_follow_request_is_rejected(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = False
+        follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
+        activity_object = follow_request_from_user_1_to_user_2.get_activity()
+
+        assert activity_object == {
+            '@context': AP_CTX,
+            'id': (
+                f'{actor_2.activitypub_id}#rejects/follow/{actor_1.fullname}'
+            ),
+            'type': 'Reject',
+            'actor': actor_2.activitypub_id,
+            'object': {
+                'id': f'{actor_1.activitypub_id}#follows/{actor_2.fullname}',
+                'type': 'Follow',
+                'actor': actor_1.activitypub_id,
+                'object': actor_2.activitypub_id,
+            },
+        }
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index 39c8eff99..47c866829 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -16,3 +16,42 @@ def follow_request_from_user_1_to_user_2_with_federation(
     db.session.add(follow_request)
     db.session.commit()
     return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_user_2_to_user_1_with_federation(
+    actor_1: Actor,
+    actor_2: Actor,
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=actor_2.user.id, followed_user_id=actor_1.user.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_remote_user_to_user_1(
+    actor_1: Actor,
+    remote_actor: Actor,
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=remote_actor.user.id, followed_user_id=actor_1.user.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_user_1_to_remote_actor(
+    actor_1: Actor,
+    remote_actor: Actor,
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=actor_1.user.id, followed_user_id=remote_actor.user.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
diff --git a/fittrackee/tests/test_case_mixins.py b/fittrackee/tests/test_case_mixins.py
index d485bfd66..50e809206 100644
--- a/fittrackee/tests/test_case_mixins.py
+++ b/fittrackee/tests/test_case_mixins.py
@@ -6,6 +6,8 @@
 from flask import Flask
 from flask.testing import FlaskClient
 
+from fittrackee.federation.models import Actor
+
 
 class BaseTestMixin:
     @staticmethod
@@ -46,6 +48,49 @@ def get_test_client_and_auth_token(
         auth_token = json.loads(resp_login.data.decode())['auth_token']
         return client, auth_token
 
+    @staticmethod
+    def assert_return_not_found(
+        url: str, client: FlaskClient, auth_token: str, message: str
+    ) -> None:
+        response = client.post(
+            url,
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == message
+
+    def assert_return_user_not_found(
+        self, url: str, client: FlaskClient, auth_token: str
+    ) -> None:
+        self.assert_return_not_found(
+            url, client, auth_token, 'user does not exist'
+        )
+
+
+class UserInboxTestMixin(BaseTestMixin):
+    def assert_send_to_users_inbox_called_once(
+        self,
+        send_to_users_inbox_mock: Mock,
+        local_actor: Actor,
+        remote_actor: Actor,
+        base_object: Any,
+    ) -> None:
+        send_to_users_inbox_mock.send.assert_called_once()
+        self.assert_call_args_keys_equal(
+            send_to_users_inbox_mock.send,
+            ['sender_id', 'activity', 'recipients'],
+        )
+        call_args = self.get_call_kwargs(send_to_users_inbox_mock.send)
+        assert call_args['sender_id'] == local_actor.id
+        assert call_args['recipients'] == [remote_actor.inbox_url]
+        activity = base_object.get_activity()
+        del activity['id']
+        self.assert_dict_contains_subset(call_args['activity'], activity)
+
 
 class CallArgsMixin:
     @staticmethod
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index e71660650..9307635b6 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -372,9 +372,7 @@ def test_user_can_login_when_user_email_is_uppercase(
         assert data['message'] == 'successfully logged in'
         assert data['auth_token']
 
-    def test_it_returns_error_if_user_does_not_exists(
-        self, app: Flask
-    ) -> None:
+    def test_it_returns_error_if_user_does_not_exist(self, app: Flask) -> None:
         client = app.test_client()
 
         response = client.post(
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index 5163ea6d2..a05fe4203 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -92,7 +92,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
-    def test_it_does_not_call_send_to_inbox(
+    def test_it_does_not_call_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app: Flask,
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
index c0b929809..92b9de979 100644
--- a/fittrackee/tests/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -3,10 +3,12 @@
 from unittest.mock import patch
 
 from flask import Flask
+from flask.testing import FlaskClient
 
 from fittrackee.users.models import FollowRequest, User
 
 from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import random_string
 
 
 class TestGetFollowRequestWithoutFederation(ApiTestCaseMixin):
@@ -214,3 +216,161 @@ def test_it_returns_second_page_with_one_request_per_page_with_descending_order(
             'pages': 2,
             'total': 2,
         }
+
+
+class FollowRequestTestCase(ApiTestCaseMixin):
+    def assert_it_returns_follow_request_not_found(
+        self,
+        client: FlaskClient,
+        auth_token: str,
+        user_name: str,
+        action: str,
+    ) -> None:
+        url = f'/api/follow_requests/{user_name}/{action}'
+        self.assert_return_not_found(
+            url, client, auth_token, 'Follow request does not exist.'
+        )
+
+    @staticmethod
+    def assert_it_returns_follow_request_already_processed(
+        client: FlaskClient,
+        auth_token: str,
+        user_name: str,
+        action: str,
+    ) -> None:
+        url = f'/api/follow_requests/{user_name}/{action}'
+        response = client.post(
+            url,
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'error'
+        assert data['message'] == (
+            f"Follow request from user '{user_name}' already {action}ed."
+        )
+
+    @staticmethod
+    def assert_it_returns_follow_request_processed(
+        client: FlaskClient,
+        auth_token: str,
+        user_name: str,
+        action: str,
+    ) -> None:
+        url = f'/api/follow_requests/{user_name}/{action}'
+        response = client.post(
+            url,
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == (
+            f"Follow request from user '{user_name}' is {action}ed."
+        )
+
+
+class TestAcceptFollowRequestWithoutFederation(FollowRequestTestCase):
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_return_user_not_found(
+            f'/api/follow_requests/{random_string()}/accept',
+            client,
+            auth_token,
+        )
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_it_returns_follow_request_not_found(
+            client, auth_token, user_2.username, 'accept'
+        )
+
+    def test_it_raises_error_if_follow_request_already_accepted(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_it_returns_follow_request_already_processed(
+            client, auth_token, user_2.username, 'accept'
+        )
+
+    def test_it_accepts_follow_request(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_it_returns_follow_request_processed(
+            client, auth_token, user_2.username, 'accept'
+        )
+
+
+class TestRejectFollowRequestWithoutFederation(FollowRequestTestCase):
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_return_user_not_found(
+            f'/api/follow_requests/{random_string()}/reject',
+            client,
+            auth_token,
+        )
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_it_returns_follow_request_not_found(
+            client, auth_token, user_2.username, 'reject'
+        )
+
+    def test_it_raises_error_if_follow_request_already_rejected(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_it_returns_follow_request_already_processed(
+            client, auth_token, user_2.username, 'reject'
+        )
+
+    def test_it_rejects_follow_request(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(app)
+
+        self.assert_it_returns_follow_request_processed(
+            client, auth_token, user_2.username, 'reject'
+        )
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 08a2e36b2..e3f7d6b06 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -179,12 +179,12 @@ def test_user_refuses_follow_request(
         user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        follow_request = user_1.refuses_follow_request_from(user_2)
+        follow_request = user_1.rejects_follow_request_from(user_2)
 
         assert not follow_request.is_approved
         assert user_1.pending_follow_requests == []
 
-    def test_it_raises_error_if_follow_request_does_not_exists(
+    def test_it_raises_error_if_follow_request_does_not_exist(
         self,
         app: Flask,
         user_1: User,
diff --git a/fittrackee/tests/workouts/test_stats_api.py b/fittrackee/tests/workouts/test_stats_api.py
index 7d0bf79d1..1e22131d5 100644
--- a/fittrackee/tests/workouts/test_stats_api.py
+++ b/fittrackee/tests/workouts/test_stats_api.py
@@ -24,7 +24,7 @@ def test_it_gets_no_stats_when_user_has_no_workouts(
         assert 'success' in data['status']
         assert data['data']['statistics'] == {}
 
-    def test_it_returns_error_when_user_does_not_exists(
+    def test_it_returns_error_when_user_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(app)
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 38f015e49..18f30fd5c 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -491,7 +491,7 @@ def test_it_returns_400_if_sport_id_is_not_provided(
         assert data['status'] == 'error'
         assert data['message'] == 'invalid payload'
 
-    def test_it_returns_500_if_sport_id_does_not_exists(
+    def test_it_returns_500_if_sport_id_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(app)
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 34ecc38fb..09c192d43 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -218,7 +218,7 @@ def test_it_returns_400_if_payload_is_empty(
         assert 'error' in data['status']
         assert 'invalid payload' in data['message']
 
-    def test_it_raises_500_if_sport_does_not_exists(
+    def test_it_raises_500_if_sport_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         token, workout_short_id = post_an_workout(app, gpx_file)
@@ -596,7 +596,7 @@ def test_it_returns_500_if_date_format_is_invalid(
             in data['message']
         )
 
-    def test_it_returns_404_if_edited_workout_does_not_exists(
+    def test_it_returns_404_if_edited_workout_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(app)
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index a54ea943c..ea41d8ce5 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -1,8 +1,26 @@
-from typing import Dict
+from typing import Dict, Union
 
 from flask import Blueprint, request
 
+from fittrackee import appLog
+from fittrackee.federation.exceptions import (
+    ActorNotFoundException,
+    DomainNotFoundException,
+)
+from fittrackee.federation.utils_user import get_user_from_username
+from fittrackee.responses import (
+    HttpResponse,
+    InvalidPayloadErrorResponse,
+    NotFoundErrorResponse,
+    UserNotFoundErrorResponse,
+)
+
 from .decorators import authenticate
+from .exceptions import (
+    FollowRequestAlreadyProcessedError,
+    NotExistingFollowRequestError,
+    UserNotFoundException,
+)
 from .models import FollowRequest, User
 
 follow_requests_blueprint = Blueprint('follow_requests', __name__)
@@ -48,3 +66,57 @@ def get_follow_requests(auth_user: User) -> Dict:
             'total': follow_requests_pagination.total,
         },
     }
+
+
+def process_follow_request(
+    auth_user: User, user_name: str, action: str
+) -> Union[Dict, HttpResponse]:
+    try:
+        from_user = get_user_from_username(user_name)
+    except (
+        ActorNotFoundException,
+        DomainNotFoundException,
+        UserNotFoundException,
+    ) as e:
+        appLog.error(f'Error when accepting follow request: {e}')
+        return UserNotFoundErrorResponse()
+
+    current_user = User.query.filter_by(id=auth_user.id).first()
+    try:
+        if action == 'accept':
+            current_user.approves_follow_request_from(from_user)
+        else:  # action == 'reject'
+            current_user.rejects_follow_request_from(from_user)
+    except NotExistingFollowRequestError:
+        return NotFoundErrorResponse(message='Follow request does not exist.')
+    except FollowRequestAlreadyProcessedError:
+        return InvalidPayloadErrorResponse(
+            message=(
+                f"Follow request from user '{user_name}' already {action}ed."
+            )
+        )
+
+    return {
+        'status': 'success',
+        'message': f"Follow request from user '{user_name}' is {action}ed.",
+    }
+
+
+@follow_requests_blueprint.route(
+    '/follow_requests/<user_name>/accept', methods=['POST']
+)
+@authenticate
+def accept_follow_request(
+    auth_user: User, user_name: str
+) -> Union[Dict, HttpResponse]:
+    return process_follow_request(auth_user, user_name, 'accept')
+
+
+@follow_requests_blueprint.route(
+    '/follow_requests/<user_name>/reject', methods=['POST']
+)
+@authenticate
+def reject_follow_request(
+    auth_user: User, user_name: str
+) -> Union[Dict, HttpResponse]:
+    return process_follow_request(auth_user, user_name, 'reject')
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 79a07ec6e..c10fd7323 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -17,6 +17,7 @@
 
 from .exceptions import (
     FollowRequestAlreadyProcessedError,
+    FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
 from .utils.token import decode_user_token, get_user_token
@@ -69,16 +70,34 @@ def serialize(self) -> Dict:
     def get_activity(self) -> Dict:
         if not current_app.config['federation_enabled']:
             raise FederationDisabledException()
-        return {
-            '@context': AP_CTX,
+        follow_activity = {
             'id': (
-                f'{self.from_user.actor.activitypub_id}#follow/'
+                f'{self.from_user.actor.activitypub_id}#follows/'
                 f'{self.to_user.actor.fullname}'
             ),
             'type': ActivityType.FOLLOW.value,
             'actor': self.from_user.actor.activitypub_id,
             'object': self.to_user.actor.activitypub_id,
         }
+        if self.updated_at is None:
+            activity = follow_activity.copy()
+        else:
+            activity = {
+                'id': (
+                    f'{self.to_user.actor.activitypub_id}#'
+                    f'{"accept" if self.is_approved else "reject"}s/'
+                    f'follow/{self.from_user.actor.fullname}'
+                ),
+                'type': (
+                    ActivityType.ACCEPT.value
+                    if self.is_approved
+                    else ActivityType.REJECT.value
+                ),
+                'actor': self.to_user.actor.activitypub_id,
+                'object': follow_activity,
+            }
+        activity['@context'] = AP_CTX
+        return activity
 
 
 class User(BaseModel):
@@ -204,6 +223,14 @@ def pending_follow_requests(self) -> FollowRequest:
         return self.received_follow_requests.filter_by(updated_at=None).all()
 
     def send_follow_request_to(self, target: 'User') -> FollowRequest:
+        existing_follow_request = FollowRequest.query.filter_by(
+            follower_user_id=self.id, followed_user_id=target.id
+        ).first()
+        if existing_follow_request:
+            if existing_follow_request.is_rejected():
+                raise FollowRequestAlreadyRejectedError()
+            return existing_follow_request
+
         follow_request = FollowRequest(
             follower_user_id=self.id, followed_user_id=target.id
         )
@@ -232,6 +259,13 @@ def _processes_follow_request_from(
         follow_request.is_approved = approved
         follow_request.updated_at = datetime.now()
         db.session.commit()
+
+        if current_app.config['federation_enabled'] and user.actor.is_remote:
+            send_to_users_inbox.send(
+                sender_id=self.actor.id,
+                activity=follow_request.get_activity(),
+                recipients=[user.actor.inbox_url],
+            )
         return follow_request
 
     def approves_follow_request_from(self, user: 'User') -> FollowRequest:
@@ -240,7 +274,7 @@ def approves_follow_request_from(self, user: 'User') -> FollowRequest:
         )
         return follow_request
 
-    def refuses_follow_request_from(self, user: 'User') -> FollowRequest:
+    def rejects_follow_request_from(self, user: 'User') -> FollowRequest:
         follow_request = self._processes_follow_request_from(
             user=user, approved=False
         )
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 73ede8882..3a30216ce 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -6,9 +6,12 @@
 from flask import Blueprint, request, send_file
 from sqlalchemy import exc
 
-from fittrackee import db
-from fittrackee.federation.models import Actor, Domain
-from fittrackee.federation.utils import get_username_and_domain
+from fittrackee import appLog, db
+from fittrackee.federation.exceptions import (
+    ActorNotFoundException,
+    DomainNotFoundException,
+)
+from fittrackee.federation.utils_user import get_user_from_username
 from fittrackee.files import get_absolute_file_path
 from fittrackee.responses import (
     ForbiddenErrorResponse,
@@ -27,7 +30,6 @@
 )
 from .models import User, UserSportPreference
 from .utils.admin import set_admin_rights
-from .utils.follow import create_follow_request
 
 users_blueprint = Blueprint('users', __name__)
 
@@ -613,29 +615,19 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         'message': f"Follow request to user '{user_name}' is sent.",
     }
 
-    user_name_and_domain = get_username_and_domain(user_name)
-    if user_name_and_domain is None:  # local actor
-        target_user = User.query.filter_by(username=user_name).first()
-    else:  # remote actor
-        name, domain_name = user_name_and_domain.groups()
-        domain = Domain.query.filter_by(name=domain_name).first()
-        if not domain:
-            return UserNotFoundErrorResponse()
-        actor = Actor.query.filter_by(
-            preferred_username=name, domain_id=domain.id
-        ).first()
-        if not actor:
-            return UserNotFoundErrorResponse()
-        target_user = actor.user
-
-    if target_user:
-        try:
-            create_follow_request(
-                follower_user_id=auth_user.id,
-                followed_user=target_user,
-            )
-        except FollowRequestAlreadyRejectedError:
-            return ForbiddenErrorResponse()
-        return successful_response_dict
+    try:
+        target_user = get_user_from_username(user_name)
+    except (
+        ActorNotFoundException,
+        DomainNotFoundException,
+        UserNotFoundException,
+    ) as e:
+        appLog.error(f'Error when following a user: {e}')
+        return UserNotFoundErrorResponse()
 
-    return UserNotFoundErrorResponse()
+    follower_user = User.query.filter_by(id=auth_user.id).first()
+    try:
+        follower_user.send_follow_request_to(target_user)
+    except FollowRequestAlreadyRejectedError:
+        return ForbiddenErrorResponse()
+    return successful_response_dict
diff --git a/fittrackee/users/utils/follow.py b/fittrackee/users/utils/follow.py
deleted file mode 100644
index ef4193e86..000000000
--- a/fittrackee/users/utils/follow.py
+++ /dev/null
@@ -1,15 +0,0 @@
-from ..exceptions import FollowRequestAlreadyRejectedError
-from ..models import FollowRequest, User
-
-
-def create_follow_request(follower_user_id: int, followed_user: User) -> None:
-    existing_follow_request = FollowRequest.query.filter_by(
-        follower_user_id=follower_user_id, followed_user_id=followed_user.id
-    ).first()
-    if existing_follow_request:
-        if existing_follow_request.is_rejected():
-            raise FollowRequestAlreadyRejectedError()
-        return
-
-    auth_user = User.query.filter_by(id=follower_user_id).first()
-    auth_user.send_follow_request_to(followed_user)

From f7b5e1c92dffd591828d7e4d62aa0a440b412283 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 11:26:51 +0100
Subject: [PATCH 042/238] API - add profile url to Actor

---
 fittrackee/federation/federation.py           |  2 ++
 fittrackee/federation/models.py               |  4 +++
 fittrackee/federation/utils.py                |  2 ++
 fittrackee/federation/webfinger.py            | 12 ++++++++-
 .../23_8842c351a2d8_init_federation.py        |  6 +++--
 .../federation/test_federation_models.py      | 18 ++++++++++---
 .../federation/test_federation_webfinger.py   | 20 ++++++++++----
 .../tests/fixtures/fixtures_federation.py     | 26 +++++++++++++++++++
 fittrackee/tests/utils.py                     | 12 +++++++--
 9 files changed, 89 insertions(+), 13 deletions(-)

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index d1cfed513..0e09d137f 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -52,6 +52,7 @@ def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
         "type": "Person",
         "preferredUsername": "Sam",
         "name": "Sam",
+        "url": "https://example.com/users/Sam",
         "inbox": "https://example.com/federation/user/Sam/inbox",
         "outbox": "https://example.com/federation/user/Sam/outbox",
         "followers": "https://example.com/federation/user/Sam/followers",
@@ -120,6 +121,7 @@ def remote_actor(
         "type": "Person",
         "preferredUsername": "Sam",
         "name": "Sam",
+        "url": "https://remote-instance.social/@Sam",
         "inbox": "https://remote-instance.social/user/Sam/inbox",
         "outbox": "https://remote-instance.social/user/Sam/outbox",
         "followers": "https://remote-instance.social/user/Sam/followers",
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index d89e8bd09..7623be1b5 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -65,6 +65,7 @@ class Actor(BaseModel):
     preferred_username = db.Column(db.String(255), nullable=False)
     public_key = db.Column(db.String(5000), nullable=True)
     private_key = db.Column(db.String(5000), nullable=True)
+    profile_url = db.Column(db.String(255), nullable=False)
     inbox_url = db.Column(db.String(255), nullable=False)
     outbox_url = db.Column(db.String(255), nullable=False)
     followers_url = db.Column(db.String(255), nullable=False)
@@ -98,6 +99,7 @@ def __init__(
             self.activitypub_id = get_ap_url(preferred_username, 'user_url')
             self.followers_url = get_ap_url(preferred_username, 'followers')
             self.following_url = get_ap_url(preferred_username, 'following')
+            self.profile_url = get_ap_url(preferred_username, 'profile_url')
             self.inbox_url = get_ap_url(preferred_username, 'inbox')
             self.outbox_url = get_ap_url(preferred_username, 'outbox')
             self.shared_inbox_url = get_ap_url(
@@ -132,6 +134,7 @@ def update_remote_data(self, remote_user_data: Dict) -> None:
         ]
         self.followers_url = remote_user_data['followers']
         self.following_url = remote_user_data['following']
+        self.profile_url = remote_user_data.get('url', remote_user_data['id'])
         self.inbox_url = remote_user_data['inbox']
         self.outbox_url = remote_user_data['outbox']
         self.shared_inbox_url = remote_user_data.get('endpoints', {}).get(
@@ -147,6 +150,7 @@ def serialize(self) -> Dict:
             'type': self.type.value,
             'preferredUsername': self.preferred_username,
             'name': self.name,
+            'url': self.profile_url,
             'inbox': self.inbox_url,
             'outbox': self.outbox_url,
             'followers': self.followers_url,
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils.py
index 02b2a7624..458d8de5b 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils.py
@@ -37,6 +37,8 @@ def get_ap_url(username: str, url_type: str) -> str:
         return f'{ap_url_user}/{url_type}'
     if url_type == 'shared_inbox':
         return f'{ap_url}inbox'
+    if url_type == 'profile_url':
+        return f"https://{current_app.config['AP_DOMAIN']}/users/{username}"
     raise Exception('Invalid \'url_type\'.')
 
 
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index 5802d87af..1ac8108fa 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -35,6 +35,11 @@ def webfinger(app_domain: Domain) -> HttpResponse:
       {
         "subject": "acct:Sam@example.com",
         "links": [
+          {
+            "href": "https://example.com/user/Sam",
+            "rel": "http://webfinger.net/rel/profile-page",
+            "type": "text/html"
+          },
           {
             "href": "https://example.com/federation/user/Sam",
             "rel": "self",
@@ -75,11 +80,16 @@ def webfinger(app_domain: Domain) -> HttpResponse:
     response = {
         'subject': f'acct:{actor.fullname}',
         'links': [
+            {
+                'href': f'{actor.profile_url}',
+                'rel': 'http://webfinger.net/rel/profile-page',
+                'type': 'text/html',
+            },
             {
                 'href': actor.activitypub_id,
                 'rel': 'self',
                 'type': 'application/activity+json',
-            }
+            },
         ],
     }
     return HttpResponse(
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 532d51bf9..2461506e6 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -63,6 +63,7 @@ def upgrade():
         sa.Column('preferred_username', sa.String(length=255), nullable=False),
         sa.Column('public_key', sa.String(length=5000), nullable=True),
         sa.Column('private_key', sa.String(length=5000), nullable=True),
+        sa.Column('profile_url', sa.String(length=255), nullable=False),
         sa.Column('inbox_url', sa.String(length=255), nullable=False),
         sa.Column('outbox_url', sa.String(length=255), nullable=False),
         sa.Column('followers_url', sa.String(length=255), nullable=False),
@@ -115,8 +116,8 @@ def upgrade():
         op.execute(
             "INSERT INTO actors ("
             "activitypub_id, domain_id, preferred_username, public_key, "
-            "private_key, followers_url, following_url, inbox_url, "
-            "outbox_url, shared_inbox_url, created_at, "
+            "private_key, followers_url, following_url, profile_url, "
+            "inbox_url, outbox_url, shared_inbox_url, created_at, "
             "manually_approves_followers) "
             "VALUES ("
             f"'{get_ap_url(user.username, 'user_url')}', "
@@ -124,6 +125,7 @@ def upgrade():
             f"'{public_key}', '{private_key}', "
             f"'{get_ap_url(user.username, 'followers')}', "
             f"'{get_ap_url(user.username, 'following')}', "
+            f"'{get_ap_url(user.username, 'profile_url')}', "
             f"'{get_ap_url(user.username, 'inbox')}', "
             f"'{get_ap_url(user.username, 'outbox')}', "
             f"'{get_ap_url(user.username, 'shared_inbox')}', "
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 27265b9c5..5aec26c1a 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -90,6 +90,7 @@ def test_it_returns_serialized_object(
             serialized_actor['preferredUsername'] == actor_1.preferred_username
         )
         assert serialized_actor['name'] == actor_1.user.username
+        assert serialized_actor['url'] == actor_1.profile_url
         assert serialized_actor['inbox'] == (
             f'https://{ap_url}/federation/user/'
             f'{actor_1.preferred_username}/inbox'
@@ -136,11 +137,21 @@ def test_actor_is_remote(
         assert remote_actor.is_remote
 
     def test_it_returns_fullname(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, remote_actor: Actor
     ) -> None:
         assert (
-            actor_1.fullname
-            == f'{actor_1.preferred_username}@{actor_1.domain.name}'
+            remote_actor.fullname
+            == f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
+        )
+
+    def test_it_returns_ap_id_if_no_profile_url_provided(
+        self,
+        app_with_federation: Flask,
+        remote_actor_without_profile_page: Actor,
+    ) -> None:
+        assert (
+            remote_actor_without_profile_page.profile_url
+            == remote_actor_without_profile_page.activitypub_id
         )
 
     def test_it_returns_serialized_object(
@@ -162,6 +173,7 @@ def test_it_returns_serialized_object(
             == remote_actor.preferred_username
         )
         assert serialized_actor['name'] == remote_actor.user.username
+        assert serialized_actor['url'] == remote_actor.profile_url
         assert serialized_actor['inbox'] == f'{user_url}/inbox'
         assert serialized_actor['outbox'] == f'{user_url}/outbox'
         assert serialized_actor['followers'] == f'{user_url}/followers'
diff --git a/fittrackee/tests/federation/federation/test_federation_webfinger.py b/fittrackee/tests/federation/federation/test_federation_webfinger.py
index 34a1cbf03..2dd9cedd0 100644
--- a/fittrackee/tests/federation/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/federation/test_federation_webfinger.py
@@ -115,11 +115,21 @@ def test_it_returns_user_links(
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
-        assert data['links'][0] == {
-            'href': actor_1.activitypub_id,
-            'rel': 'self',
-            'type': 'application/activity+json',
-        }
+        assert data['links'] == [
+            {
+                'href': (
+                    f'https://{actor_1.domain.name}/users/'
+                    f'{actor_1.user.username}'
+                ),
+                'rel': 'http://webfinger.net/rel/profile-page',
+                'type': 'text/html',
+            },
+            {
+                'href': actor_1.activitypub_id,
+                'rel': 'self',
+                'type': 'application/activity+json',
+            },
+        ]
 
     def test_it_returns_error_if_federation_is_disabled(
         self, app: Flask, app_actor: Actor
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 4709429ec..23e594765 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -69,6 +69,32 @@ def remote_actor(
     user_2: User,
     app_with_federation: Flask,
     remote_domain: Domain,
+) -> Actor:
+    domain = f'https://{remote_domain.name}'
+    remote_user_object = get_remote_user_object(
+        username=user_2.username,
+        preferred_username=user_2.username,
+        domain=domain,
+        profile_url=f'{domain}/{user_2.username}',
+    )
+    actor = Actor(
+        preferred_username=user_2.username,
+        domain_id=remote_domain.id,
+        remote_user_data=remote_user_object,
+    )
+    db.session.add(actor)
+    db.session.flush()
+    user_2.name = user_2.username.capitalize()
+    user_2.actor_id = actor.id
+    db.session.commit()
+    return actor
+
+
+@pytest.fixture()
+def remote_actor_without_profile_page(
+    user_2: User,
+    app_with_federation: Flask,
+    remote_domain: Domain,
 ) -> Actor:
     domain = f'https://{remote_domain.name}'
     remote_user_object = get_remote_user_object(
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 97260ff9a..01949c535 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -45,9 +45,10 @@ def get_remote_user_object(
     username: str,
     preferred_username: str,
     domain: str,
+    profile_url: Optional[str] = None,
 ) -> Dict:
     user_url = f'{domain}/users/{username}'
-    return {
+    user_object = {
         '@context': [
             'https://www.w3.org/ns/activitystreams',
             'https://w3id.org/security/v1',
@@ -68,6 +69,9 @@ def get_remote_user_object(
         },
         'endpoints': {'sharedInbox': f'{domain}/inbox'},
     }
+    if profile_url:
+        user_object['url'] = profile_url
+    return user_object
 
 
 @dataclass
@@ -86,9 +90,13 @@ def fullname(self) -> str:
     def activitypub_id(self) -> str:
         return f'{self.domain}/users/{self.preferred_username}'
 
+    @property
+    def profile_url(self) -> str:
+        return f'{self.domain}/{self.preferred_username}'
+
     def get_remote_user_object(self) -> Dict:
         return get_remote_user_object(
-            self.name, self.preferred_username, self.domain
+            self.name, self.preferred_username, self.domain, self.profile_url
         )
 
 

From 40a244844b8fb3373c63deac74a11ec7f4c6beb3 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 21 Jul 2021 13:53:09 +0200
Subject: [PATCH 043/238] API - update rollback migration

---
 .../migrations/versions/23_8842c351a2d8_init_federation.py    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 2461506e6..8a2aa5852 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -165,6 +165,10 @@ def upgrade():
 def downgrade():
     op.drop_table('follow_requests')
 
+    # remove remote users (for which password is NULL)
+    op.execute(
+        "DELETE FROM users WHERE password IS NULL;"
+    )
     op.drop_constraint('username_actor_id_unique', 'users', type_='unique')
     op.alter_column(
         'users', 'username', existing_type=sa.String(length=50),

From efa2e805405087c15eec98071f4366482d598c18 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 21 Jul 2021 14:51:26 +0200
Subject: [PATCH 044/238] API - fix testing config

---
 fittrackee/config.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fittrackee/config.py b/fittrackee/config.py
index ccc9d9137..4cbf0adb3 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -77,6 +77,7 @@ class TestingConfig(BaseConfig):
     UPLOAD_FOLDER = '/tmp/fitTrackee/uploads'
     UI_URL = 'http://0.0.0.0:5000'
     SENDER_EMAIL = 'fittrackee@example.com'
+    AP_DOMAIN = '0.0.0.0:5000'
 
 
 class ProductionConfig(BaseConfig):

From 93d179332cc7f6da358742f3c1792c7c6b071ec4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:37:07 +0100
Subject: [PATCH 045/238] API - create remote user on Follow Activity if not
 existing + refacto

---
 fittrackee/federation/activities.py           |  35 ++--
 fittrackee/federation/exceptions.py           |  10 +
 fittrackee/federation/federation.py           |  66 +-----
 .../{remote_user.py => remote_actor.py}       |   2 +-
 fittrackee/federation/tasks/activity.py       |  17 +-
 fittrackee/federation/utils_user.py           |  60 ++++++
 .../federation/test_federation_activities.py  |  32 ++-
 .../federation/test_federation_federation.py  | 196 +-----------------
 .../federation/test_federation_utils_user.py  | 176 ++++++++++++++++
 ...st_remote_user.py => test_remote_actor.py} |   8 +-
 fittrackee/tests/utils.py                     |   2 +-
 11 files changed, 318 insertions(+), 286 deletions(-)
 rename fittrackee/federation/{remote_user.py => remote_actor.py} (87%)
 create mode 100644 fittrackee/tests/federation/federation/test_federation_utils_user.py
 rename fittrackee/tests/federation/federation/{test_remote_user.py => test_remote_actor.py} (80%)

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
index 8ab14c2a9..f60f53f2a 100644
--- a/fittrackee/federation/activities.py
+++ b/fittrackee/federation/activities.py
@@ -1,30 +1,16 @@
 from abc import ABC, abstractmethod
-from importlib import import_module
-from typing import Callable, Dict, Tuple
+from typing import Dict, Tuple
 
 from fittrackee import appLog
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
+from fittrackee.federation.utils_user import create_remote_user
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
 
-from .exceptions import UnsupportedActivityException
-
-
-def get_activity_instance(activity_dict: Dict) -> Callable:
-    activity_type = activity_dict['type']
-    try:
-        Activity = getattr(
-            import_module('fittrackee.federation.activities'),
-            f'{activity_type}Activity',
-        )
-    except AttributeError:
-        raise UnsupportedActivityException(activity_type)
-    return Activity
-
 
 class AbstractActivity(ABC):
     def __init__(self, activity_dict: Dict) -> None:
@@ -39,7 +25,9 @@ def process_activity(self) -> None:
 
 
 class FollowBaseActivity(AbstractActivity):
-    def get_actors(self) -> Tuple[Actor, Actor]:
+    def get_actors(
+        self, create_remote_actor: bool = False
+    ) -> Tuple[Actor, Actor]:
         """
         return actors from activity 'actor' and 'object'
         """
@@ -47,9 +35,12 @@ def get_actors(self) -> Tuple[Actor, Actor]:
             activitypub_id=self.activity['actor']
         ).first()
         if not actor:
-            raise ActorNotFoundException(
-                message=f'actor not found for {self.activity_name()}'
-            )
+            if create_remote_actor:
+                actor = create_remote_user(self.activity['actor'])
+            else:
+                raise ActorNotFoundException(
+                    f'actor not found for {self.activity_name()}'
+                )
 
         object_actor_activitypub_id = (
             self.activity['object']
@@ -72,7 +63,9 @@ def process_activity(self) -> None:
 
 class FollowActivity(FollowBaseActivity):
     def process_activity(self) -> None:
-        follower_actor, followed_actor = self.get_actors()
+        follower_actor, followed_actor = self.get_actors(
+            create_remote_actor=True
+        )
         try:
             follower_actor.user.send_follow_request_to(followed_actor.user)
         except FollowRequestAlreadyRejectedError as e:
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index 85bcb9da5..dba521aa2 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -43,6 +43,16 @@ def __init__(self) -> None:
         )
 
 
+class RemoteActorException(GenericException):
+    def __init__(self, message: Optional[str] = None) -> None:
+        super().__init__(
+            status='error',
+            message=(
+                f'Invalid remote actor{ f": {message}" if message else ""}.'
+            ),
+        )
+
+
 class UnsupportedActivityException(GenericException):
     def __init__(self, activity_type: str) -> None:
         super().__init__(
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 0e09d137f..810d19450 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -1,11 +1,9 @@
 from typing import Dict, Union
-from urllib.parse import urlparse
 
 from flask import Blueprint, request
 
-from fittrackee import db
-from fittrackee.federation.exceptions import ActorNotFoundException
-from fittrackee.federation.remote_user import get_remote_user
+from fittrackee.federation.exceptions import RemoteActorException
+from fittrackee.federation.utils_user import create_remote_user
 from fittrackee.responses import (
     HttpResponse,
     InvalidPayloadErrorResponse,
@@ -161,64 +159,10 @@ def remote_actor(
         if request.get_json(silent=True) is not None
         else None
     )
-    if not remote_actor_url:
-        return InvalidPayloadErrorResponse()
-
-    # check if domain already exists
-    remote_domain_name = urlparse(remote_actor_url).netloc
-    remote_domain = Domain.query.filter_by(name=remote_domain_name).first()
-    if not remote_domain:
-        remote_domain = Domain(name=remote_domain_name)
-        db.session.add(remote_domain)
-        db.session.flush()
-
-    if not remote_domain.is_remote:
-        return InvalidPayloadErrorResponse(
-            message='The provided account is not a remote account.'
-        )
-
-    try:
-        remote_actor_object = get_remote_user(remote_actor_url)
-    except ActorNotFoundException:
-        return InvalidPayloadErrorResponse(
-            message='Can not fetch remote actor.'
-        )
-
-    # check if actor already exists
     try:
-        actor = Actor.query.filter_by(
-            preferred_username=remote_actor_object['preferredUsername'],
-            domain_id=remote_domain.id,
-        ).first()
-    except KeyError:
-        return InvalidPayloadErrorResponse(
-            message='Invalid remote actor object.'
-        )
-    if not actor:
-        try:
-            actor = Actor(
-                preferred_username=remote_actor_object['preferredUsername'],
-                domain_id=remote_domain.id,
-                remote_user_data=remote_actor_object,
-            )
-        except KeyError:
-            return InvalidPayloadErrorResponse(
-                message='Invalid remote actor object.'
-            )
-        db.session.add(actor)
-        db.session.flush()
-        user = User(
-            username=remote_actor_object['name'],
-            email=None,
-            password=None,
-        )
-        db.session.add(user)
-        user.actor_id = actor.id
-    else:
-        actor.update_remote_data(remote_actor_object)
-        actor.user.username = remote_actor_object['name']
-    db.session.commit()
-
+        actor = create_remote_user(remote_actor_url)
+    except RemoteActorException as e:
+        return InvalidPayloadErrorResponse(e.message)
     return HttpResponse(
         response=actor.serialize(),
         content_type='application/jrd+json; charset=utf-8',
diff --git a/fittrackee/federation/remote_user.py b/fittrackee/federation/remote_actor.py
similarity index 87%
rename from fittrackee/federation/remote_user.py
rename to fittrackee/federation/remote_actor.py
index 675b0f377..573eef8dc 100644
--- a/fittrackee/federation/remote_user.py
+++ b/fittrackee/federation/remote_actor.py
@@ -5,7 +5,7 @@
 from fittrackee.federation.exceptions import ActorNotFoundException
 
 
-def get_remote_user(actor_url: str) -> Dict:
+def get_remote_actor(actor_url: str) -> Dict:
     response = requests.get(
         actor_url,
         headers={'Accept': 'application/activity+json'},
diff --git a/fittrackee/federation/tasks/activity.py b/fittrackee/federation/tasks/activity.py
index e09f878b7..fab21b071 100644
--- a/fittrackee/federation/tasks/activity.py
+++ b/fittrackee/federation/tasks/activity.py
@@ -1,8 +1,21 @@
-from typing import Dict
+from importlib import import_module
+from typing import Callable, Dict
 
 from fittrackee import dramatiq
 
-from ..activities import get_activity_instance
+from ..exceptions import UnsupportedActivityException
+
+
+def get_activity_instance(activity_dict: Dict) -> Callable:
+    activity_type = activity_dict['type']
+    try:
+        Activity = getattr(
+            import_module('fittrackee.federation.activities'),
+            f'{activity_type}Activity',
+        )
+    except AttributeError:
+        raise UnsupportedActivityException(activity_type)
+    return Activity
 
 
 @dramatiq.actor(queue_name='fittrackee_activities')
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 7c0fe7180..ec68ade23 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -1,7 +1,11 @@
 import re
 from typing import Optional
+from urllib.parse import urlparse
 
+from fittrackee import db
+from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.remote_actor import get_remote_actor
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
@@ -31,3 +35,59 @@ def get_user_from_username(user_name: str) -> User:
     if not user:
         raise UserNotFoundException()
     return user
+
+
+def create_remote_user(remote_actor_url: Optional[str]) -> Actor:
+    if not remote_actor_url:
+        raise RemoteActorException('invalid remote actor url')
+
+    # check if domain already exists
+    remote_domain_name = urlparse(remote_actor_url).netloc
+    remote_domain = Domain.query.filter_by(name=remote_domain_name).first()
+    if not remote_domain:
+        remote_domain = Domain(name=remote_domain_name)
+        db.session.add(remote_domain)
+        db.session.flush()
+
+    if not remote_domain.is_remote:
+        raise RemoteActorException(
+            'the provided account is not a remote account'
+        )
+
+    try:
+        remote_actor_object = get_remote_actor(remote_actor_url)
+    except ActorNotFoundException:
+        raise RemoteActorException('can not fetch remote actor')
+
+    # check if actor already exists
+    try:
+        actor = Actor.query.filter_by(
+            preferred_username=remote_actor_object['preferredUsername'],
+            domain_id=remote_domain.id,
+        ).first()
+    except KeyError:
+        raise RemoteActorException('invalid remote actor object')
+
+    if not actor:
+        try:
+            actor = Actor(
+                preferred_username=remote_actor_object['preferredUsername'],
+                domain_id=remote_domain.id,
+                remote_user_data=remote_actor_object,
+            )
+        except KeyError:
+            raise RemoteActorException('invalid remote actor object')
+        db.session.add(actor)
+        db.session.flush()
+        user = User(
+            username=remote_actor_object['name'],
+            email=None,
+            password=None,
+        )
+        db.session.add(user)
+        user.actor_id = actor.id
+    else:
+        actor.update_remote_data(remote_actor_object)
+        actor.user.username = remote_actor_object['name']
+    db.session.commit()
+    return actor
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index 8890bf1ca..d9bf19a49 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -1,9 +1,9 @@
 from typing import Dict, Optional, Union
+from unittest.mock import patch
 
 import pytest
 from flask import Flask
 
-from fittrackee.federation.activities import get_activity_instance
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
@@ -11,6 +11,7 @@
     UnsupportedActivityException,
 )
 from fittrackee.federation.models import Actor
+from fittrackee.federation.tasks.activity import get_activity_instance
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
@@ -123,21 +124,32 @@ def test_it_raises_error_if_followed_actor_does_not_exist(
         ):
             activity.process_activity()
 
-    def test_it_raises_error_if_remote_actor_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+    def test_it_creates_actor_if_remote_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
     ) -> None:
-        follow_activity = self.generate_follow_activity(followed_actor=actor_1)
-
+        follow_activity = self.generate_follow_activity(
+            follower_actor_id=random_actor.activitypub_id,
+            followed_actor=actor_1,
+        )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
         )
-
-        with pytest.raises(
-            ActorNotFoundException,
-            match='actor not found for FollowActivity',
-        ):
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = (
+                random_actor.get_remote_user_object()
+            )
             activity.process_activity()
 
+        remote_actor = Actor.query.filter_by(
+            activitypub_id=follow_activity['actor']
+        )
+        assert remote_actor is not None
+
     def test_it_raises_error_if_follow_request_already_rejected(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index cf9a74881..7b6ad74db 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -5,11 +5,11 @@
 from flask import Flask
 
 from fittrackee.federation.exceptions import ActorNotFoundException
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.models import Actor
 from fittrackee.users.models import User
 
 from ...test_case_mixins import ApiTestCaseMixin
-from ...utils import RandomActor, random_string
+from ...utils import RandomActor
 
 
 class TestFederationUser:
@@ -115,104 +115,24 @@ def test_it_returns_400_if_remote_user_url_is_missing(
         assert response.status_code == 400
         data = json.loads(response.data.decode())
         assert 'error' in data['status']
-        assert 'invalid payload' in data['message']
-
-    def test_it_returns_error_if_remote_instance_returns_error(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        random_actor: RandomActor,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-        with patch(
-            'fittrackee.federation.federation.get_remote_user'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.side_effect = ActorNotFoundException()
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 400
-            data = json.loads(response.data.decode())
-            assert 'error' in data['status']
-            assert 'Can not fetch remote actor.' in data['message']
-
-    def test_it_returns_error_if_remote_actor_object_is_invalid(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        random_actor: RandomActor,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-        with patch(
-            'fittrackee.federation.federation.get_remote_user'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = {}
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 400
-            data = json.loads(response.data.decode())
-            assert 'error' in data['status']
-            assert 'Invalid remote actor object.' in data['message']
-
-    def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        remote_domain: Domain,
-        random_actor: RandomActor,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+        assert (
+            'Invalid remote actor: invalid remote actor url.'
+            in data['message']
         )
-        with patch(
-            'fittrackee.federation.federation.get_remote_user'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = {
-                'preferredUsername': random_actor.preferred_username,
-            }
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
 
-            assert response.status_code == 400
-            data = json.loads(response.data.decode())
-            assert 'error' in data['status']
-            assert 'Invalid remote actor object.' in data['message']
-
-    def test_it_returns_error_if_remote_domain_is_local_domain(
+    def test_it_returns_error_if_create_remote_user_returns_error(
         self,
         app_with_federation: Flask,
         actor_1: Actor,
         random_actor: RandomActor,
     ) -> None:
-        random_actor.domain = (
-            f"https://{ app_with_federation.config['AP_DOMAIN']}"
-        )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation
         )
         with patch(
-            'fittrackee.federation.federation.get_remote_user'
+            'fittrackee.federation.utils_user.get_remote_actor'
         ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = (
-                random_actor.get_remote_user_object()
-            )
+            get_remote_user_mock.side_effect = ActorNotFoundException()
             response = client.post(
                 '/federation/remote-user',
                 content_type='application/json',
@@ -224,37 +144,10 @@ def test_it_returns_error_if_remote_domain_is_local_domain(
             data = json.loads(response.data.decode())
             assert 'error' in data['status']
             assert (
-                'The provided account is not a remote account.'
+                'Invalid remote actor: can not fetch remote actor.'
                 in data['message']
             )
 
-    def test_it_creates_remote_actor_if_actor_does_not_exist(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        remote_domain: Domain,
-        random_actor: RandomActor,
-    ) -> None:
-        random_actor.domain = f'https://{remote_domain.name}'
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-        remote_user_object = random_actor.get_remote_user_object()
-        with patch(
-            'fittrackee.federation.federation.get_remote_user'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 200
-            data = json.loads(response.data.decode())
-            assert data == remote_user_object
-
     def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
         self,
         app_with_federation: Flask,
@@ -266,64 +159,8 @@ def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
             app_with_federation
         )
         with patch(
-            'fittrackee.federation.federation.get_remote_user'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 200
-            data = json.loads(response.data.decode())
-            assert data == remote_user_object
-
-    def test_it_returns_updated_remote_actor_if_remote_actor_exists(
-        self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
-    ) -> None:
-        remote_user_object = remote_actor.serialize()
-        updated_name = random_string()
-        remote_user_object['name'] = updated_name
-        last_fetched = remote_actor.last_fetch_date
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-        with patch(
-            'fittrackee.federation.federation.get_remote_user'
+            'fittrackee.federation.utils_user.get_remote_actor'
         ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': remote_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 200
-            data = json.loads(response.data.decode())
-            assert data == remote_user_object
-            assert remote_actor.name == updated_name
-            assert remote_actor.last_fetch_date != last_fetched
-
-    def test_it_creates_several_remote_actors(
-        self,
-        app_with_federation: Flask,
-        actor_1: Actor,
-        random_actor: RandomActor,
-        random_actor_2: RandomActor,
-    ) -> None:
-        """
-        check constrains on User model (especially empty password and email)
-        """
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
-        )
-        with patch(
-            'fittrackee.federation.federation.get_remote_user'
-        ) as get_remote_user_mock:
-            remote_user_object = random_actor.get_remote_user_object()
             get_remote_user_mock.return_value = remote_user_object
             response = client.post(
                 '/federation/remote-user',
@@ -335,16 +172,3 @@ def test_it_creates_several_remote_actors(
             assert response.status_code == 200
             data = json.loads(response.data.decode())
             assert data == remote_user_object
-
-            remote_user_object = random_actor_2.get_remote_user_object()
-            get_remote_user_mock.return_value = remote_user_object
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor_2.activitypub_id}),
-            )
-
-            assert response.status_code == 200
-            data = json.loads(response.data.decode())
-            assert data == remote_user_object
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
new file mode 100644
index 000000000..f0e931cd0
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -0,0 +1,176 @@
+from typing import Union
+from unittest.mock import patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.federation.exceptions import (
+    ActorNotFoundException,
+    RemoteActorException,
+)
+from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.utils_user import create_remote_user
+
+from ...utils import RandomActor, random_string
+
+
+class TestCreateRemoteUser:
+    @pytest.mark.parametrize(
+        'input_description, input_actor_url',
+        [('none', None), ('empty string', '')],
+    )
+    def test_it_returns_error_if_remote_actor_url_is_invalid(
+        self, input_description: str, input_actor_url: Union[str, None]
+    ) -> None:
+        with pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: invalid remote actor url.',
+        ):
+            create_remote_user(input_actor_url)
+
+    def test_it_returns_error_if_remote_actor_domain_is_local(
+        self, app_with_federation: Flask
+    ) -> None:
+        with pytest.raises(
+            RemoteActorException,
+            match=(
+                'Invalid remote actor: '
+                'the provided account is not a remote account.'
+            ),
+        ):
+            create_remote_user(f'{app_with_federation.config["UI_URL"]}')
+
+    def test_it_returns_error_if_preferred_username_is_missing_in_remote_actor_object(  # noqa
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        random_actor.domain = f'https://{remote_domain.name}'
+        remote_user_object = random_actor.get_remote_user_object()
+        del remote_user_object['preferredUsername']
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+            with pytest.raises(
+                RemoteActorException,
+                match='Invalid remote actor: invalid remote actor object.',
+            ):
+                create_remote_user(random_actor.activitypub_id)
+
+    def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = {
+                'preferredUsername': random_actor.preferred_username,
+            }
+            with pytest.raises(
+                RemoteActorException,
+                match='Invalid remote actor: invalid remote actor object.',
+            ):
+                create_remote_user(random_actor.activitypub_id)
+
+    def test_it_returns_error_if_fetching_remote_user_returns_error(
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.side_effect = ActorNotFoundException()
+            with pytest.raises(
+                RemoteActorException,
+                match='Invalid remote actor: can not fetch remote actor.',
+            ):
+                create_remote_user(random_actor.activitypub_id)
+
+    def test_it_creates_remote_actor_if_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        random_actor.domain = f'https://{remote_domain.name}'
+        remote_user_object = random_actor.get_remote_user_object()
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+
+            actor = create_remote_user(random_actor.activitypub_id)
+
+            expected_actor = Actor.query.filter_by(
+                activitypub_id=random_actor.activitypub_id
+            ).first()
+            assert actor == expected_actor
+
+    def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
+    ) -> None:
+        remote_user_object = random_actor.get_remote_user_object()
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+
+            actor = create_remote_user(random_actor.activitypub_id)
+
+            expected_actor = Actor.query.filter_by(
+                activitypub_id=random_actor.activitypub_id
+            ).first()
+            assert actor == expected_actor
+
+    def test_it_returns_updated_remote_actor_if_remote_actor_exists(
+        self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
+    ) -> None:
+        remote_user_object = remote_actor.serialize()
+        updated_name = random_string()
+        remote_user_object['name'] = updated_name
+        last_fetched = remote_actor.last_fetch_date
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            get_remote_user_mock.return_value = remote_user_object
+
+            create_remote_user(remote_actor.activitypub_id)
+
+            updated_actor = Actor.query.filter_by(id=remote_actor.id).first()
+            assert updated_actor.name == updated_name
+            assert updated_actor.last_fetch_date != last_fetched
+
+    def test_it_creates_several_remote_actors(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        random_actor: RandomActor,
+        random_actor_2: RandomActor,
+    ) -> None:
+        """
+        check constrains on User model (especially empty password and email)
+        """
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor'
+        ) as get_remote_user_mock:
+            remote_user_object = random_actor.get_remote_user_object()
+            get_remote_user_mock.return_value = remote_user_object
+            actor = create_remote_user(random_actor.activitypub_id)
+
+            assert actor.activitypub_id == random_actor.activitypub_id
+
+            remote_user_object = random_actor_2.get_remote_user_object()
+            get_remote_user_mock.return_value = remote_user_object
+            actor = create_remote_user(random_actor_2.activitypub_id)
+
+            assert actor.activitypub_id == random_actor_2.activitypub_id
diff --git a/fittrackee/tests/federation/federation/test_remote_user.py b/fittrackee/tests/federation/federation/test_remote_actor.py
similarity index 80%
rename from fittrackee/tests/federation/federation/test_remote_user.py
rename to fittrackee/tests/federation/federation/test_remote_actor.py
index 997c199bd..e0b464c4c 100644
--- a/fittrackee/tests/federation/federation/test_remote_user.py
+++ b/fittrackee/tests/federation/federation/test_remote_actor.py
@@ -4,18 +4,18 @@
 import requests
 
 from fittrackee.federation.exceptions import ActorNotFoundException
-from fittrackee.federation.remote_user import get_remote_user
+from fittrackee.federation.remote_actor import get_remote_actor
 
 from ...utils import RandomActor, generate_response, random_actor_url
 
 
-class TestGetRemoteUser:
+class TestGetRemoteActor:
     def test_it_returns_error_if_remote_instance_returns_error(self) -> None:
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(status_code=404)
 
             with pytest.raises(ActorNotFoundException):
-                get_remote_user(random_actor_url())
+                get_remote_actor(random_actor_url())
 
     def test_it_returns_user_object_if_remote_response_is_successful(
         self, random_actor: RandomActor
@@ -26,6 +26,6 @@ def test_it_returns_user_object_if_remote_response_is_successful(
                 status_code=200, content=remote_user
             )
 
-            expected_user = get_remote_user(random_actor.activitypub_id)
+            expected_user = get_remote_actor(random_actor.activitypub_id)
 
             assert remote_user == expected_user
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 01949c535..cf5b39296 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -47,7 +47,7 @@ def get_remote_user_object(
     domain: str,
     profile_url: Optional[str] = None,
 ) -> Dict:
-    user_url = f'{domain}/users/{username}'
+    user_url = f'{domain}/users/{preferred_username}'
     user_object = {
         '@context': [
             'https://www.w3.org/ns/activitystreams',

From cc59b403cd2bcacf7fa85271bd322ac29a432d4e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 21 Jul 2021 19:36:36 +0200
Subject: [PATCH 046/238] API - handle automatic follow requests approval

---
 fittrackee/federation/models.py               | 12 +++---
 fittrackee/federation/utils_user.py           |  3 ++
 .../23_8842c351a2d8_init_federation.py        | 17 ++++++--
 .../federation/test_federation_utils_user.py  |  8 ++++
 .../federation/users/test_users_model.py      | 42 +++++++++++++++++++
 fittrackee/tests/users/test_users_model.py    | 26 ++++++++++++
 fittrackee/tests/utils.py                     | 10 ++++-
 fittrackee/users/models.py                    | 30 ++++++++++---
 8 files changed, 130 insertions(+), 18 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 7623be1b5..af719b689 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -72,9 +72,6 @@ class Actor(BaseModel):
     following_url = db.Column(db.String(255), nullable=False)
     shared_inbox_url = db.Column(db.String(255), nullable=False)
     created_at = db.Column(db.DateTime, nullable=False)
-    manually_approves_followers = db.Column(
-        db.Boolean, default=True, nullable=False
-    )
     last_fetch_date = db.Column(db.DateTime, nullable=True)
 
     domain = db.relationship('Domain', back_populates='actors')
@@ -126,12 +123,15 @@ def fullname(self) -> Optional[str]:
             return f'{self.preferred_username}@{self.domain.name}'
         return None
 
+    @property
+    def manually_approves_followers(self) -> Optional[bool]:
+        if self.type == ActorType.PERSON and self.user:
+            return self.user.manually_approves_followers
+        return None
+
     def update_remote_data(self, remote_user_data: Dict) -> None:
         self.activitypub_id = remote_user_data['id']
         self.type = ActorType(remote_user_data['type'])
-        self.manually_approves_followers = remote_user_data[
-            'manuallyApprovesFollowers'
-        ]
         self.followers_url = remote_user_data['followers']
         self.following_url = remote_user_data['following']
         self.profile_url = remote_user_data.get('url', remote_user_data['id'])
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index ec68ade23..39c6fdb98 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -89,5 +89,8 @@ def create_remote_user(remote_actor_url: Optional[str]) -> Actor:
     else:
         actor.update_remote_data(remote_actor_object)
         actor.user.username = remote_actor_object['name']
+    actor.user.manually_approves_followers = remote_actor_object[
+        'manuallyApprovesFollowers'
+    ]
     db.session.commit()
     return actor
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 8a2aa5852..3826ff43f 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -70,7 +70,6 @@ def upgrade():
         sa.Column('following_url', sa.String(length=255), nullable=False),
         sa.Column('shared_inbox_url', sa.String(length=255), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
-        sa.Column('manually_approves_followers', sa.Boolean(), nullable=False),
         sa.Column('last_fetch_date', sa.DateTime(), nullable=True),
         sa.ForeignKeyConstraint(
             ['domain_id'],
@@ -83,6 +82,11 @@ def upgrade():
         ),
     )
 
+    op.add_column(
+        'users',
+        sa.Column('manually_approves_followers', sa.Boolean(),
+        nullable=True)
+    )
     op.add_column('users', sa.Column('actor_id', sa.Integer(), nullable=True))
     op.create_unique_constraint('users_actor_id_key', 'users', ['actor_id'])
     op.create_foreign_key(
@@ -111,14 +115,17 @@ def upgrade():
     connection = op.get_bind()
     domain = connection.execute(domain_table.select()).fetchone()
     for user in connection.execute(user_helper.select()):
+        op.execute(
+            "UPDATE users SET manually_approves_followers = True "
+            f"WHERE users.id = {user.id}"
+        )
         created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
         public_key, private_key = generate_keys()
         op.execute(
             "INSERT INTO actors ("
             "activitypub_id, domain_id, preferred_username, public_key, "
             "private_key, followers_url, following_url, profile_url, "
-            "inbox_url, outbox_url, shared_inbox_url, created_at, "
-            "manually_approves_followers) "
+            "inbox_url, outbox_url, shared_inbox_url, created_at) "
             "VALUES ("
             f"'{get_ap_url(user.username, 'user_url')}', "
             f"{domain.id}, '{user.username}', "
@@ -129,7 +136,7 @@ def upgrade():
             f"'{get_ap_url(user.username, 'inbox')}', "
             f"'{get_ap_url(user.username, 'outbox')}', "
             f"'{get_ap_url(user.username, 'shared_inbox')}', "
-            f"'{created_at}'::timestamp, {True}) RETURNING id"
+            f"'{created_at}'::timestamp) RETURNING id"
         )
         actor = connection.execute(
             actors_table.select().where(
@@ -139,6 +146,7 @@ def upgrade():
         op.execute(
             f'UPDATE users SET actor_id = {actor.id} WHERE users.id = {user.id}'
         )
+    op.alter_column('users', 'manually_approves_followers', nullable=False)
     op.create_unique_constraint(
         'username_actor_id_unique', 'users', ['username', 'actor_id']
     )
@@ -183,6 +191,7 @@ def downgrade():
     )
     op.drop_constraint('users_actor_id_fkey', 'users', type_='foreignkey')
     op.drop_constraint('users_actor_id_key', 'users', type_='unique')
+    op.drop_column('users', 'manually_approves_followers')
     op.drop_column('users', 'actor_id')
 
     op.drop_table('actors')
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index f0e931cd0..ee6f55126 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -100,6 +100,7 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
         random_actor: RandomActor,
     ) -> None:
         random_actor.domain = f'https://{remote_domain.name}'
+        random_actor.manually_approves_followers = False
         remote_user_object = random_actor.get_remote_user_object()
         with patch(
             'fittrackee.federation.utils_user.get_remote_actor'
@@ -112,6 +113,11 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
                 activitypub_id=random_actor.activitypub_id
             ).first()
             assert actor == expected_actor
+            assert actor.user.username == random_actor.name
+            assert (
+                actor.user.manually_approves_followers
+                == random_actor.manually_approves_followers
+            )
 
     def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
         self,
@@ -138,6 +144,7 @@ def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         remote_user_object = remote_actor.serialize()
         updated_name = random_string()
         remote_user_object['name'] = updated_name
+        remote_user_object['manuallyApprovesFollowers'] = False
         last_fetched = remote_actor.last_fetch_date
         with patch(
             'fittrackee.federation.utils_user.get_remote_actor'
@@ -149,6 +156,7 @@ def test_it_returns_updated_remote_actor_if_remote_actor_exists(
             updated_actor = Actor.query.filter_by(id=remote_actor.id).first()
             assert updated_actor.name == updated_name
             assert updated_actor.last_fetch_date != last_fetched
+            assert updated_actor.user.manually_approves_followers is False
 
     def test_it_creates_several_remote_actors(
         self,
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 220088882..3ab4b90ba 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 from flask import Flask
 
@@ -93,3 +94,44 @@ def test_it_returns_reject_activity_object_when_follow_request_is_rejected(
                 'object': actor_2.activitypub_id,
             },
         }
+
+
+class TestUserFollowingModelWithFederation:
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_local_actor_sends_follow_requests_to_remote_actor(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        follow_request = actor_1.user.send_follow_request_to(remote_actor.user)
+
+        assert follow_request in actor_1.user.sent_follow_requests.all()
+        assert follow_request.is_approved is False
+        assert follow_request.updated_at is None
+        send_to_users_inbox_mock.send.assert_called_with(
+            sender_id=actor_1.id,
+            activity=follow_request.get_activity(),
+            recipients=[remote_actor.inbox_url],
+        )
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(  # noqa
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        remote_actor: Actor,
+    ) -> None:
+        actor_1.user.manually_approves_followers = False
+        follow_request = remote_actor.user.send_follow_request_to(actor_1.user)
+
+        assert follow_request in remote_actor.user.sent_follow_requests.all()
+        assert follow_request.is_approved is True
+        assert follow_request.updated_at is not None
+        send_to_users_inbox_mock.send.assert_called_with(
+            sender_id=actor_1.id,
+            activity=follow_request.get_activity(),
+            recipients=[remote_actor.inbox_url],
+        )
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index e3f7d6b06..33c6f8310 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 import pytest
 from flask import Flask
@@ -127,6 +128,18 @@ def test_user_2_sends_follow_requests_to_user_1(
 
         assert follow_request in user_2.sent_follow_requests.all()
 
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_user_inbox_when_federation_is_disabled(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        user_2.send_follow_request_to(user_1)
+
+        send_to_users_inbox_mock.send.assert_not_called()
+
     def test_user_1_receives_follow_requests_from_user_2(
         self,
         app: Flask,
@@ -204,3 +217,16 @@ def test_it_raises_error_if_user_approves_follow_request_already_processed(  # n
 
         with pytest.raises(FollowRequestAlreadyProcessedError):
             user_1.approves_follow_request_from(user_2)
+
+    def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        user_1.manually_approves_followers = False
+        follow_request = user_2.send_follow_request_to(user_1)
+
+        assert follow_request in user_2.sent_follow_requests.all()
+        assert follow_request.is_approved is True
+        assert follow_request.updated_at is not None
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index cf5b39296..c2cf1ce46 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -46,6 +46,7 @@ def get_remote_user_object(
     preferred_username: str,
     domain: str,
     profile_url: Optional[str] = None,
+    manually_approves_followers: bool = True,
 ) -> Dict:
     user_url = f'{domain}/users/{preferred_username}'
     user_object = {
@@ -61,7 +62,7 @@ def get_remote_user_object(
         'outbox': f'{user_url}/outbox',
         'name': username,
         'preferredUsername': preferred_username,
-        'manuallyApprovesFollowers': True,
+        'manuallyApprovesFollowers': manually_approves_followers,
         'publicKey': {
             'id': f'{user_url}#main-key',
             'owner': user_url,
@@ -79,6 +80,7 @@ class RandomActor:
     name: str = random_string()
     preferred_username: str = random_string()
     domain: str = random_domain_with_scheme()
+    manually_approves_followers: bool = True
 
     @property
     def fullname(self) -> str:
@@ -96,7 +98,11 @@ def profile_url(self) -> str:
 
     def get_remote_user_object(self) -> Dict:
         return get_remote_user_object(
-            self.name, self.preferred_username, self.domain, self.profile_url
+            self.name,
+            self.preferred_username,
+            self.domain,
+            self.profile_url,
+            self.manually_approves_followers,
         )
 
 
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index c10fd7323..c6f66f7c8 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -152,6 +152,9 @@ class User(BaseModel):
         primaryjoin=id == FollowRequest.follower_user_id,
         lazy='dynamic',
     )
+    manually_approves_followers = db.Column(
+        db.Boolean, default=True, nullable=False
+    )
 
     def __repr__(self) -> str:
         return f'<User {self.username!r}>'
@@ -235,14 +238,28 @@ def send_follow_request_to(self, target: 'User') -> FollowRequest:
             follower_user_id=self.id, followed_user_id=target.id
         )
         db.session.add(follow_request)
+        if not target.manually_approves_followers:
+            follow_request.is_approved = True
+            follow_request.updated_at = datetime.utcnow()
         db.session.commit()
 
-        if current_app.config['federation_enabled'] and target.actor.is_remote:
-            send_to_users_inbox.send(
-                sender_id=self.actor.id,
-                activity=follow_request.get_activity(),
-                recipients=[target.actor.inbox_url],
-            )
+        if current_app.config['federation_enabled']:
+            # send Follow activity to remote followed user
+            if target.actor.is_remote:
+                send_to_users_inbox.send(
+                    sender_id=self.actor.id,
+                    activity=follow_request.get_activity(),
+                    recipients=[target.actor.inbox_url],
+                )
+
+            # send Accept activity to remote follower user if local followed
+            # user accepts follow requests automatically
+            if self.actor.is_remote and not target.manually_approves_followers:
+                send_to_users_inbox.send(
+                    sender_id=target.actor.id,
+                    activity=follow_request.get_activity(),
+                    recipients=[self.actor.inbox_url],
+                )
 
         return follow_request
 
@@ -266,6 +283,7 @@ def _processes_follow_request_from(
                 activity=follow_request.get_activity(),
                 recipients=[user.actor.inbox_url],
             )
+
         return follow_request
 
     def approves_follow_request_from(self, user: 'User') -> FollowRequest:

From ef1deffacd987b1874907a4cf627ba4a81edd61f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:49:53 +0100
Subject: [PATCH 047/238] API - update config

---
 fittrackee/application/models.py  | 4 ++--
 fittrackee/federation/nodeinfo.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fittrackee/application/models.py b/fittrackee/application/models.py
index b97fda882..e77ae8958 100644
--- a/fittrackee/application/models.py
+++ b/fittrackee/application/models.py
@@ -7,7 +7,7 @@
 from sqlalchemy.orm.mapper import Mapper
 from sqlalchemy.orm.session import Session
 
-from fittrackee import VERSION, BaseModel, db
+from fittrackee import BaseModel, db
 from fittrackee.users.models import User
 
 
@@ -48,7 +48,7 @@ def serialize(self) -> Dict:
             'max_zip_file_size': self.max_zip_file_size,
             'max_users': self.max_users,
             'map_attribution': self.map_attribution,
-            'version': VERSION,
+            'version': current_app.config['VERSION'],
         }
 
 
diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
index ab9b2184c..767d0bccf 100644
--- a/fittrackee/federation/nodeinfo.py
+++ b/fittrackee/federation/nodeinfo.py
@@ -81,7 +81,7 @@ def get_nodeinfo(app_domain: Domain) -> HttpResponse:
         "version": "2.0",
         "software": {
           "name": "fittrackee",
-          "version": "0.4.8"
+          "version": "0.5.7"
         },
         "protocols": [
           "activitypub"

From d405dc3524879a5ff68871f07018133b7be3c47d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 14:51:24 +0100
Subject: [PATCH 048/238] API - fix endpoints after authentication decorator
 update (rebase)

---
 fittrackee/federation/federation.py | 2 --
 fittrackee/users/follow_requests.py | 5 ++---
 fittrackee/users/users.py           | 3 +--
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 810d19450..84d691325 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -135,8 +135,6 @@ def remote_actor(
         }
       }
 
-    :param integer auth_user_id: authenticate user id (from JSON Web Token)
-
     :<json string actor_url: remote actor activitypub id
 
     :reqheader Authorization: OAuth 2.0 Bearer Token
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index ea41d8ce5..23cc818ab 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -81,12 +81,11 @@ def process_follow_request(
         appLog.error(f'Error when accepting follow request: {e}')
         return UserNotFoundErrorResponse()
 
-    current_user = User.query.filter_by(id=auth_user.id).first()
     try:
         if action == 'accept':
-            current_user.approves_follow_request_from(from_user)
+            auth_user.approves_follow_request_from(from_user)
         else:  # action == 'reject'
-            current_user.rejects_follow_request_from(from_user)
+            auth_user.rejects_follow_request_from(from_user)
     except NotExistingFollowRequestError:
         return NotFoundErrorResponse(message='Follow request does not exist.')
     except FollowRequestAlreadyProcessedError:
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 3a30216ce..f53170efd 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -625,9 +625,8 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         appLog.error(f'Error when following a user: {e}')
         return UserNotFoundErrorResponse()
 
-    follower_user = User.query.filter_by(id=auth_user.id).first()
     try:
-        follower_user.send_follow_request_to(target_user)
+        auth_user.send_follow_request_to(target_user)
     except FollowRequestAlreadyRejectedError:
         return ForbiddenErrorResponse()
     return successful_response_dict

From 5a9255650b58f19fae30dfab72cb4a0439921823 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 2 Dec 2021 09:42:47 +0100
Subject: [PATCH 049/238] API - init follower/following model

---
 fittrackee/tests/users/test_users_model.py | 58 ++++++++++++++++++++++
 fittrackee/users/models.py                 | 28 ++++++++++-
 2 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 33c6f8310..5e961c3ce 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -230,3 +230,61 @@ def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(
         assert follow_request in user_2.sent_follow_requests.all()
         assert follow_request.is_approved is True
         assert follow_request.updated_at is not None
+
+
+class TestUserFollowers:
+    def test_it_returns_empty_list_if_no_followers(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        assert user_1.followers.all() == []
+
+    def test_it_returns_empty_list_if_follow_request_is_not_approved(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        assert user_1.followers.all() == []
+
+    def test_it_returns_follower_if_follow_request_is_approved(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.is_approved = True
+        follow_request_from_user_2_to_user_1.updated_at = datetime.now()
+
+        assert user_1.followers.all() == [user_2]
+
+
+class TestUserFollowing:
+    def test_it_returns_empty_list_if_no_followers(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        assert user_1.following.all() == []
+
+    def test_it_returns_empty_list_if_follow_request_is_not_approved(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        assert user_1.following.all() == []
+
+    def test_it_returns_follower_if_follow_request_is_approved(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = True
+        follow_request_from_user_1_to_user_2.updated_at = datetime.now()
+
+        assert user_1.following.all() == [user_2]
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index c6f66f7c8..f0a9c676c 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -3,7 +3,7 @@
 
 import jwt
 from flask import current_app
-from sqlalchemy import func
+from sqlalchemy import and_, func
 from sqlalchemy.ext.hybrid import hybrid_property
 from sqlalchemy.sql.expression import select
 
@@ -155,6 +155,32 @@ class User(BaseModel):
     manually_approves_followers = db.Column(
         db.Boolean, default=True, nullable=False
     )
+    followers = db.relationship(
+        'User',
+        secondary='follow_requests',
+        primaryjoin=and_(
+            id == FollowRequest.followed_user_id,
+            FollowRequest.is_approved == True,  # noqa
+        ),
+        secondaryjoin=and_(
+            id == FollowRequest.follower_user_id,
+        ),
+        lazy='dynamic',
+        viewonly=True,
+    )
+    following = db.relationship(
+        'User',
+        secondary='follow_requests',
+        primaryjoin=and_(
+            id == FollowRequest.follower_user_id,
+            FollowRequest.is_approved == True,  # noqa
+        ),
+        secondaryjoin=and_(
+            id == FollowRequest.followed_user_id,
+        ),
+        lazy='dynamic',
+        viewonly=True,
+    )
 
     def __repr__(self) -> str:
         return f'<User {self.username!r}>'

From 3ac93ec9d31dd356cd19170ae5c79bdcb903e828 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 16:36:49 +0100
Subject: [PATCH 050/238] API - test refacto

---
 .../tests/application/test_app_config_api.py  |  28 +--
 .../federation/test_federation_federation.py  |  10 +-
 .../federation/users/test_users_follow_api.py |  20 +--
 .../users/test_users_follow_request_api.py    |  32 ++--
 fittrackee/tests/test_case_mixins.py          |   5 +-
 fittrackee/tests/users/test_auth_api.py       | 116 +++++++++----
 fittrackee/tests/users/test_users_api.py      | 134 ++++++++++-----
 .../tests/users/test_users_follow_api.py      |  20 ++-
 .../users/test_users_follow_request_api.py    |  64 +++++--
 fittrackee/tests/workouts/test_records_api.py |  20 ++-
 fittrackee/tests/workouts/test_sports_api.py  |  50 ++++--
 fittrackee/tests/workouts/test_stats_api.py   |  96 ++++++++---
 .../tests/workouts/test_workouts_api_0_get.py | 160 +++++++++++++-----
 .../workouts/test_workouts_api_1_post.py      | 132 +++++++++++----
 .../workouts/test_workouts_api_2_patch.py     |  36 +++-
 .../workouts/test_workouts_api_3_delete.py    |   8 +-
 16 files changed, 660 insertions(+), 271 deletions(-)

diff --git a/fittrackee/tests/application/test_app_config_api.py b/fittrackee/tests/application/test_app_config_api.py
index c7da3fed8..d5eef2858 100644
--- a/fittrackee/tests/application/test_app_config_api.py
+++ b/fittrackee/tests/application/test_app_config_api.py
@@ -12,7 +12,9 @@ class TestGetConfig(ApiTestCaseMixin):
     def test_it_gets_application_config(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/config',
@@ -38,7 +40,7 @@ def test_it_returns_error_if_application_has_no_config(
         self, app_no_config: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_no_config, as_admin=True
+            app_no_config, user_1_admin.email
         )
 
         response = client.get(
@@ -56,7 +58,7 @@ def test_it_returns_error_if_application_has_several_config(
         self, app: Flask, app_config: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -76,7 +78,7 @@ def test_it_updates_config_when_user_is_admin(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
         response = client.patch(
             '/api/config',
@@ -98,7 +100,7 @@ def test_it_updates_all_config(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -129,7 +131,9 @@ def test_it_updates_all_config(
     def test_it_returns_403_when_user_is_not_an_admin(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             '/api/config',
@@ -148,7 +152,7 @@ def test_it_returns_400_if_invalid_is_payload(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -167,7 +171,7 @@ def test_it_returns_error_on_update_if_application_has_no_config(
         self, app_no_config: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_no_config, as_admin=True
+            app_no_config, user_1_admin.email
         )
 
         response = client.patch(
@@ -186,7 +190,7 @@ def test_it_raises_error_if_archive_max_size_is_below_files_max_size(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -215,7 +219,7 @@ def test_it_raises_error_if_archive_max_size_equals_0(
         self, app_with_max_file_size_equals_0: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_max_file_size_equals_0, as_admin=True
+            app_with_max_file_size_equals_0, user_1_admin.email
         )
 
         response = client.patch(
@@ -241,7 +245,7 @@ def test_it_raises_error_if_files_max_size_equals_0(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -267,7 +271,7 @@ def test_it_raises_error_if_gpx_limit_import_equals_0(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index 7b6ad74db..df76c3a83 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -69,7 +69,9 @@ class TestRemoteUser(ApiTestCaseMixin):
     def test_it_returns_error_if_federation_is_disabled(
         self, app: Flask, user_1: User, random_actor: RandomActor
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.post(
             '/federation/remote-user',
             content_type='application/json',
@@ -104,7 +106,7 @@ def test_it_returns_400_if_remote_user_url_is_missing(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
         response = client.post(
             '/federation/remote-user',
@@ -127,7 +129,7 @@ def test_it_returns_error_if_create_remote_user_returns_error(
         random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
         with patch(
             'fittrackee.federation.utils_user.get_remote_actor'
@@ -156,7 +158,7 @@ def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
     ) -> None:
         remote_user_object = random_actor.get_remote_user_object()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
         with patch(
             'fittrackee.federation.utils_user.get_remote_actor'
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index 957cb7d0e..e77ac555b 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -20,7 +20,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         actor_1: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -44,7 +44,7 @@ def test_it_raises_error_if_target_user_has_already_rejected_request(
         follow_request_from_user_1_to_user_2.is_approved = False
         follow_request_from_user_1_to_user_2.updated_at = datetime.now()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -62,7 +62,7 @@ def test_it_creates_follow_request(
         self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -88,7 +88,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -115,7 +115,7 @@ def test_it_does_not_call_send_to_user_inbox(
         actor_2: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         client.post(
@@ -137,7 +137,7 @@ def test_it_raise_error_if_remote_actor_does_not_exist(
         random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -159,7 +159,7 @@ def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domai
         random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -182,7 +182,7 @@ def test_it_creates_follow_request(
         remote_actor: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -207,7 +207,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.post(
@@ -233,7 +233,7 @@ def test_it_calls_send_to_user_inbox(
         remote_actor: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         client.post(
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index b0fba7bc4..55ae0c635 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -17,7 +17,7 @@ def test_it_returns_empty_list_if_no_follow_request(
         self, app_with_federation: Flask, actor_1: Actor
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.get(
@@ -43,7 +43,7 @@ def test_it_returns_current_user_follow_requests_with_actors(
     ) -> None:
         follow_request_from_user_3_to_user_1.updated_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         response = client.get(
@@ -67,7 +67,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         actor_1: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_return_user_not_found(
@@ -80,7 +80,7 @@ def test_it_raises_error_if_follow_request_does_not_exist(
         self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_not_found(
@@ -99,7 +99,7 @@ def test_it_raises_error_if_follow_request_already_accepted(
             datetime.utcnow()
         )
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_already_processed(
@@ -114,7 +114,7 @@ def test_it_accepts_follow_request(
         follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_processed(
@@ -131,7 +131,7 @@ def test_it_does_not_call_send_to_user_inbox(
         follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         client.post(
@@ -156,7 +156,7 @@ def test_it_accepts_follow_request(
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_processed(
@@ -173,7 +173,7 @@ def test_it_calls_send_to_user_inbox(
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         client.post(
@@ -201,7 +201,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         actor_1: Actor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_return_user_not_found(
@@ -214,7 +214,7 @@ def test_it_raises_error_if_follow_request_does_not_exist(
         self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_not_found(
@@ -232,7 +232,7 @@ def test_it_raises_error_if_follow_request_already_accepted(
             datetime.utcnow()
         )
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_already_processed(
@@ -247,7 +247,7 @@ def test_it_rejects_follow_request(
         follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_processed(
@@ -264,7 +264,7 @@ def test_it_does_not_call_send_to_user_inbox(
         follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         client.post(
@@ -289,7 +289,7 @@ def test_it_accepts_follow_request(
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         self.assert_it_returns_follow_request_processed(
@@ -306,7 +306,7 @@ def test_it_calls_send_to_user_inbox(
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation
+            app_with_federation, actor_1.user.email
         )
 
         client.post(
diff --git a/fittrackee/tests/test_case_mixins.py b/fittrackee/tests/test_case_mixins.py
index 50e809206..5e077e3a3 100644
--- a/fittrackee/tests/test_case_mixins.py
+++ b/fittrackee/tests/test_case_mixins.py
@@ -32,14 +32,15 @@ def assert_dict_contains_subset(container: Dict, subset: Dict) -> None:
 class ApiTestCaseMixin:
     @staticmethod
     def get_test_client_and_auth_token(
-        app: Flask, as_admin: bool = False
+        app: Flask, user_email: str
     ) -> Tuple[FlaskClient, str]:
+        """user_email must be user 1 email"""
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
             data=json.dumps(
                 dict(
-                    email='admin@example.com' if as_admin else 'test@test.com',
+                    email=user_email,
                     password='12345678',
                 )
             ),
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 9307635b6..3788d06df 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -423,7 +423,9 @@ def test_it_returns_error_if_password_is_invalid(
 class TestUserLogout(ApiTestCaseMixin):
     def test_user_can_logout(self, app: Flask, user_1: User) -> None:
 
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/auth/logout',
@@ -439,7 +441,9 @@ def test_it_returns_error_with_expired_token(
         self, app: Flask, user_1: User
     ) -> None:
         now = datetime.utcnow()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         with freeze_time(now + timedelta(seconds=4)):
             response = client.get(
@@ -474,7 +478,9 @@ class TestUserProfile(ApiTestCaseMixin):
     def test_it_returns_user_minimal_profile(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/auth/profile',
@@ -503,7 +509,9 @@ def test_it_returns_user_minimal_profile(
     def test_it_returns_user_full_profile(
         self, app: Flask, user_1_full: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_full.email
+        )
 
         response = client.get(
             '/api/auth/profile',
@@ -543,7 +551,9 @@ def test_it_returns_user_profile_with_workouts(
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/auth/profile',
@@ -580,7 +590,9 @@ def test_it_returns_error_if_headers_are_invalid(self, app: Flask) -> None:
 
 class TestUserProfileUpdate(ApiTestCaseMixin):
     def test_it_updates_user_profile(self, app: Flask, user_1: User) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit',
@@ -626,7 +638,9 @@ def test_it_updates_user_profile(self, app: Flask, user_1: User) -> None:
     def test_it_updates_user_profile_without_password(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit',
@@ -670,7 +684,9 @@ def test_it_updates_user_profile_without_password(
     def test_it_returns_error_if_fields_are_missing(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit',
@@ -687,7 +703,9 @@ def test_it_returns_error_if_fields_are_missing(
     def test_it_returns_error_if_payload_is_empty(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit',
@@ -704,7 +722,9 @@ def test_it_returns_error_if_payload_is_empty(
     def test_it_returns_error_if_passwords_mismatch(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit',
@@ -734,7 +754,9 @@ def test_it_returns_error_if_passwords_mismatch(
     def test_it_returns_error_if_password_confirmation_is_missing(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit',
@@ -765,7 +787,9 @@ class TestUserPreferencesUpdate(ApiTestCaseMixin):
     def test_it_updates_user_preferences(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/preferences',
@@ -808,7 +832,9 @@ def test_it_updates_user_preferences(
     def test_it_returns_error_if_fields_are_missing(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/preferences',
@@ -825,7 +851,9 @@ def test_it_returns_error_if_fields_are_missing(
     def test_it_returns_error_if_payload_is_empty(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/preferences',
@@ -844,7 +872,9 @@ class TestUserSportPreferencesUpdate(ApiTestCaseMixin):
     def test_it_returns_error_if_payload_is_empty(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -861,7 +891,9 @@ def test_it_returns_error_if_payload_is_empty(
     def test_it_returns_error_if_sport_id_is_missing(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -878,7 +910,9 @@ def test_it_returns_error_if_sport_id_is_missing(
     def test_it_returns_error_if_sport_not_found(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -895,7 +929,9 @@ def test_it_returns_error_if_sport_not_found(
     def test_it_returns_error_if_payload_contains_only_sport_id(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -912,7 +948,9 @@ def test_it_returns_error_if_payload_contains_only_sport_id(
     def test_it_returns_error_if_color_is_invalid(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -942,7 +980,9 @@ def test_it_updates_sport_color_for_auth_user(
         sport_2_running: Sport,
         input_color: str,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -969,7 +1009,9 @@ def test_it_updates_sport_color_for_auth_user(
     def test_it_disables_sport_for_auth_user(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -996,7 +1038,9 @@ def test_it_disables_sport_for_auth_user(
     def test_it_updates_stopped_speed_threshold_for_auth_user(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/profile/edit/sports',
@@ -1025,7 +1069,9 @@ class TestUserSportPreferencesReset(ApiTestCaseMixin):
     def test_it_returns_error_if_sport_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             '/api/auth/profile/reset/sports/1',
@@ -1044,7 +1090,9 @@ def test_it_resets_sport_preferences(
         sport_1_cycling: Sport,
         user_sport_1_preference: UserSportPreference,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             f'/api/auth/profile/reset/sports/{sport_1_cycling.id}',
@@ -1063,7 +1111,9 @@ def test_it_resets_sport_preferences(
     def test_it_does_not_raise_error_if_sport_preferences_do_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             f'/api/auth/profile/reset/sports/{sport_1_cycling.id}',
@@ -1075,7 +1125,9 @@ def test_it_does_not_raise_error_if_sport_preferences_do_not_exist(
 
 class TestUserPicture(ApiTestCaseMixin):
     def test_it_updates_user_picture(self, app: Flask, user_1: User) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/picture',
@@ -1111,7 +1163,9 @@ def test_it_updates_user_picture(self, app: Flask, user_1: User) -> None:
     def test_it_returns_error_if_file_is_missing(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/picture',
@@ -1129,7 +1183,9 @@ def test_it_returns_error_if_file_is_missing(
     def test_it_returns_error_if_file_is_invalid(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/auth/picture',
@@ -1153,7 +1209,7 @@ def test_it_returns_error_if_image_size_exceeds_file_limit(
         gpx_file: str,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_max_file_size
+            app_with_max_file_size, user_1.email
         )
 
         response = client.post(
@@ -1184,7 +1240,7 @@ def test_it_returns_error_if_image_size_exceeds_archive_limit(
         gpx_file: str,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_max_zip_file_size
+            app_with_max_zip_file_size, user_1.email
         )
 
         response = client.post(
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index d75cd5ad8..4f719e643 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -15,7 +15,9 @@ class TestGetUser(ApiTestCaseMixin):
     def test_it_gets_single_user_without_workouts(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/users/{user_2.username}',
@@ -57,7 +59,9 @@ def test_it_gets_single_user_with_workouts(
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/users/{user_1.username}',
@@ -93,7 +97,9 @@ def test_it_gets_single_user_with_workouts(
     def test_it_returns_error_if_user_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users/not_existing',
@@ -111,7 +117,9 @@ class TestGetUsers(ApiTestCaseMixin):
     def test_it_get_users_list(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users',
@@ -181,7 +189,9 @@ def test_it_gets_users_list_with_workouts(
         workout_running_user_1: Workout,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users',
@@ -244,7 +254,9 @@ def test_it_gets_first_page_on_users_list(
         user_2: User,
         user_3: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?page=1',
@@ -271,7 +283,9 @@ def test_it_gets_next_page_on_users_list(
         user_2: User,
         user_3: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?page=2',
@@ -297,7 +311,9 @@ def test_it_gets_empty_next_page_on_users_list(
         user_2: User,
         user_3: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?page=2',
@@ -323,7 +339,9 @@ def test_it_gets_user_list_with_2_per_page(
         user_2: User,
         user_3: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?per_page=2',
@@ -349,7 +367,9 @@ def test_it_gets_next_page_on_user_list_with_2_per_page(
         user_2: User,
         user_3: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?page=2&per_page=2',
@@ -371,7 +391,9 @@ def test_it_gets_next_page_on_user_list_with_2_per_page(
     def test_it_gets_users_list_ordered_by_username(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=username',
@@ -396,7 +418,9 @@ def test_it_gets_users_list_ordered_by_username(
     def test_it_gets_users_list_ordered_by_username_ascending(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=username&order=asc',
@@ -421,7 +445,9 @@ def test_it_gets_users_list_ordered_by_username_ascending(
     def test_it_gets_users_list_ordered_by_username_descending(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=username&order=desc',
@@ -450,7 +476,7 @@ def test_it_gets_users_list_ordered_by_creation_date(
         user_3.created_at = datetime.utcnow() - timedelta(hours=1)
         user_1_admin.created_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -480,7 +506,7 @@ def test_it_gets_users_list_ordered_by_creation_date_ascending(
         user_3.created_at = datetime.utcnow() - timedelta(hours=1)
         user_1_admin.created_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -510,7 +536,7 @@ def test_it_gets_users_list_ordered_by_creation_date_descending(
         user_3.created_at = datetime.utcnow() - timedelta(hours=1)
         user_1_admin.created_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -537,7 +563,7 @@ def test_it_gets_users_list_ordered_by_admin_rights(
         self, app: Flask, user_2: User, user_1_admin: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -564,7 +590,7 @@ def test_it_gets_users_list_ordered_by_admin_rights_ascending(
         self, app: Flask, user_2: User, user_1_admin: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -591,7 +617,7 @@ def test_it_gets_users_list_ordered_by_admin_rights_descending(
         self, app: Flask, user_2: User, user_3: User, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -623,7 +649,9 @@ def test_it_gets_users_list_ordered_by_workouts_count(
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=workouts_count',
@@ -657,7 +685,9 @@ def test_it_gets_users_list_ordered_by_workouts_count_ascending(
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=workouts_count&order=asc',
@@ -691,7 +721,9 @@ def test_it_gets_users_list_ordered_by_workouts_count_descending(
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=workouts_count&order=desc',
@@ -719,7 +751,9 @@ def test_it_gets_users_list_ordered_by_workouts_count_descending(
     def test_it_gets_users_list_filtering_on_username(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?q=toto',
@@ -742,7 +776,9 @@ def test_it_gets_users_list_filtering_on_username(
     def test_it_returns_empty_users_list_filtering_on_username(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?q=not_existing',
@@ -764,7 +800,9 @@ def test_it_returns_empty_users_list_filtering_on_username(
     def test_it_users_list_with_complex_query(
         self, app: Flask, user_1: User, user_2: User, user_3: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/users?order_by=username&order=desc&page=2&per_page=2',
@@ -816,7 +854,7 @@ def test_it_adds_admin_rights_to_a_user(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -838,7 +876,7 @@ def test_it_removes_admin_rights_to_a_user(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -861,7 +899,7 @@ def test_it_returns_error_if_payload_for_admin_rights_is_empty(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -880,7 +918,7 @@ def test_it_returns_error_if_payload_for_admin_rights_is_invalid(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -901,7 +939,9 @@ def test_it_returns_error_if_payload_for_admin_rights_is_invalid(
     def test_it_returns_error_if_user_can_not_change_admin_rights(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             '/api/users/toto',
@@ -920,7 +960,9 @@ class TestDeleteUser(ApiTestCaseMixin):
     def test_user_can_delete_its_own_account(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             '/api/users/test',
@@ -932,7 +974,9 @@ def test_user_can_delete_its_own_account(
     def test_user_with_workout_can_delete_its_own_account(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         client.post(
             '/api/workouts',
             data=dict(
@@ -959,7 +1003,9 @@ def test_user_with_preferences_can_delete_its_own_account(
         sport_1_cycling: Sport,
         user_sport_1_preference: UserSportPreference,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             '/api/users/test',
@@ -971,7 +1017,9 @@ def test_user_with_preferences_can_delete_its_own_account(
     def test_user_with_picture_can_delete_its_own_account(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         client.post(
             '/api/auth/picture',
             data=dict(file=(BytesIO(b'avatar'), 'avatar.png')),
@@ -991,7 +1039,9 @@ def test_user_with_picture_can_delete_its_own_account(
     def test_user_can_not_delete_another_user_account(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             '/api/users/toto',
@@ -1006,7 +1056,9 @@ def test_user_can_not_delete_another_user_account(
     def test_it_returns_error_when_deleting_non_existing_user(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.delete(
             '/api/users/not_existing',
@@ -1022,7 +1074,7 @@ def test_admin_can_delete_another_user_account(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.delete(
@@ -1036,7 +1088,7 @@ def test_admin_can_delete_its_own_account(
         self, app: Flask, user_1_admin: User, user_2_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.delete(
@@ -1050,7 +1102,7 @@ def test_admin_can_not_delete_its_own_account_if_no_other_admin(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.delete(
@@ -1074,7 +1126,7 @@ def test_it_enables_registration_on_user_delete(
         user_3: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_3_users_max, as_admin=True
+            app_with_3_users_max, user_1_admin.email
         )
         client.delete(
             '/api/users/toto',
@@ -1104,7 +1156,7 @@ def test_it_does_not_enable_registration_on_user_delete(
         user_1_paris: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_3_users_max, as_admin=True
+            app_with_3_users_max, user_1_admin.email
         )
 
         client.delete(
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index a05fe4203..96773ba6c 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -14,7 +14,9 @@ class TestFollowWithoutFederation(ApiTestCaseMixin):
     def test_it_raises_error_if_target_user_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             f'/api/users/{random_string()}/follow',
@@ -36,7 +38,9 @@ def test_it_raises_error_if_target_user_has_already_rejected_request(
     ) -> None:
         follow_request_from_user_1_to_user_2.is_approved = False
         follow_request_from_user_1_to_user_2.updated_at = datetime.now()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             f'/api/users/{user_2.username}/follow',
@@ -52,7 +56,9 @@ def test_it_raises_error_if_target_user_has_already_rejected_request(
     def test_it_creates_follow_request(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             f'/api/users/{user_2.username}/follow',
@@ -75,7 +81,9 @@ def test_it_returns_success_if_follow_request_already_exists(
         user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             f'/api/users/{user_2.username}/follow',
@@ -99,7 +107,9 @@ def test_it_does_not_call_send_to_user_inbox(
         user_1: User,
         user_2: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         client.post(
             f'/api/users/{user_2.username}/follow',
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
index 92b9de979..e7c379f1f 100644
--- a/fittrackee/tests/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -15,7 +15,9 @@ class TestGetFollowRequestWithoutFederation(ApiTestCaseMixin):
     def test_it_returns_empty_list_if_no_follow_request(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests',
@@ -37,7 +39,9 @@ def test_it_returns_current_user_pending_follow_requests(
         follow_request_from_user_3_to_user_2: FollowRequest,
     ) -> None:
         follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests',
@@ -61,7 +65,9 @@ def test_it_returns_pagination(
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests',
@@ -89,7 +95,9 @@ def test_it_returns_second_page(
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests?page=2',
@@ -118,7 +126,9 @@ def test_it_returns_max_follow_request_per_page(
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests?per_page=10',
@@ -146,7 +156,9 @@ def test_it_returns_follow_requests_with_descending_order(
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests?order=desc',
@@ -168,7 +180,9 @@ def test_it_returns_one_request_per_page(
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests?per_page=1',
@@ -196,7 +210,9 @@ def test_it_returns_second_page_with_one_request_per_page_with_descending_order(
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/follow_requests?page=2&per_page=1&order=desc',
@@ -280,7 +296,9 @@ def test_it_raises_error_if_target_user_does_not_exist(
         app: Flask,
         user_1: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_return_user_not_found(
             f'/api/follow_requests/{random_string()}/accept',
@@ -291,7 +309,9 @@ def test_it_raises_error_if_target_user_does_not_exist(
     def test_it_raises_error_if_follow_request_does_not_exist(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_it_returns_follow_request_not_found(
             client, auth_token, user_2.username, 'accept'
@@ -305,7 +325,9 @@ def test_it_raises_error_if_follow_request_already_accepted(
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_it_returns_follow_request_already_processed(
             client, auth_token, user_2.username, 'accept'
@@ -318,7 +340,9 @@ def test_it_accepts_follow_request(
         user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_it_returns_follow_request_processed(
             client, auth_token, user_2.username, 'accept'
@@ -331,7 +355,9 @@ def test_it_raises_error_if_target_user_does_not_exist(
         app: Flask,
         user_1: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_return_user_not_found(
             f'/api/follow_requests/{random_string()}/reject',
@@ -342,7 +368,9 @@ def test_it_raises_error_if_target_user_does_not_exist(
     def test_it_raises_error_if_follow_request_does_not_exist(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_it_returns_follow_request_not_found(
             client, auth_token, user_2.username, 'reject'
@@ -356,7 +384,9 @@ def test_it_raises_error_if_follow_request_already_rejected(
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_it_returns_follow_request_already_processed(
             client, auth_token, user_2.username, 'reject'
@@ -369,7 +399,9 @@ def test_it_rejects_follow_request(
         user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         self.assert_it_returns_follow_request_processed(
             client, auth_token, user_2.username, 'reject'
diff --git a/fittrackee/tests/workouts/test_records_api.py b/fittrackee/tests/workouts/test_records_api.py
index 361e082f4..549cd19f7 100644
--- a/fittrackee/tests/workouts/test_records_api.py
+++ b/fittrackee/tests/workouts/test_records_api.py
@@ -19,7 +19,9 @@ def test_it_gets_records_for_authenticated_user(
         workout_cycling_user_1: Workout,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/records',
@@ -92,7 +94,9 @@ def test_it_gets_no_records_if_user_has_no_workout(
         sport_2_running: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/records',
@@ -111,7 +115,9 @@ def test_it_gets_no_records_if_workout_has_zero_value(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         client.post(
             '/api/workouts/no_gpx',
@@ -141,7 +147,9 @@ def test_it_gets_no_records_if_workout_has_zero_value(
     def test_it_gets_updated_records_after_workouts_post_and_patch(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.post(
             '/api/workouts/no_gpx',
             content_type='application/json',
@@ -628,7 +636,9 @@ def test_it_gets_updated_records_after_sport_change(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
diff --git a/fittrackee/tests/workouts/test_sports_api.py b/fittrackee/tests/workouts/test_sports_api.py
index b55045602..df3f311b1 100644
--- a/fittrackee/tests/workouts/test_sports_api.py
+++ b/fittrackee/tests/workouts/test_sports_api.py
@@ -52,7 +52,9 @@ def test_it_gets_all_sports(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/sports',
@@ -73,7 +75,9 @@ def test_it_gets_all_sports_with_inactive_one(
         sport_1_cycling_inactive: Sport,
         sport_2_running: Sport,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/sports',
@@ -98,7 +102,7 @@ def test_it_gets_all_sports_with_admin_rights(
         sport_2_running: Sport,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -132,7 +136,7 @@ def test_it_gets_sports_with_auth_user_preferences(
         db.session.commit()
 
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -156,7 +160,9 @@ class TestGetSport(ApiTestCaseMixin):
     def test_it_gets_a_sport(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/sports/1',
@@ -176,7 +182,9 @@ def test_it_gets_a_sport_with_preferences(
         sport_1_cycling: Sport,
         user_sport_1_preference: UserSportPreference,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/sports/1',
@@ -192,7 +200,9 @@ def test_it_gets_a_sport_with_preferences(
     def test_it_returns_404_if_sport_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/sports/1',
@@ -207,7 +217,9 @@ def test_it_returns_404_if_sport_does_not_exist(
     def test_it_gets_a_inactive_sport(
         self, app: Flask, user_1: User, sport_1_cycling_inactive: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/sports/1',
@@ -227,7 +239,7 @@ def test_it_get_an_inactive_sport_with_admin_rights(
         self, app: Flask, user_1_admin: User, sport_1_cycling_inactive: Sport
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -250,7 +262,7 @@ def test_it_disables_a_sport(
         self, app: Flask, user_1_admin: User, sport_1_cycling: Sport
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -273,7 +285,7 @@ def test_it_enables_a_sport(
     ) -> None:
         sport_1_cycling.is_active = False
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -299,7 +311,7 @@ def test_it_disables_a_sport_with_workouts(
         workout_cycling_user_1: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -326,7 +338,7 @@ def test_it_enables_a_sport_with_workouts(
     ) -> None:
         sport_1_cycling.is_active = False
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -352,7 +364,7 @@ def test_it_disables_a_sport_with_preferences(
         user_admin_sport_1_preference: UserSportPreference,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -380,7 +392,7 @@ def test_it_enables_a_sport_with_preferences(
     ) -> None:
         sport_1_cycling.is_active = False
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -401,7 +413,9 @@ def test_it_enables_a_sport_with_preferences(
     def test_returns_error_if_user_has_no_admin_rights(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             '/api/sports/1',
@@ -420,7 +434,7 @@ def test_returns_error_if_payload_is_invalid(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
@@ -439,7 +453,7 @@ def test_it_returns_error_if_sport_does_not_exist(
         self, app: Flask, user_1_admin: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.patch(
diff --git a/fittrackee/tests/workouts/test_stats_api.py b/fittrackee/tests/workouts/test_stats_api.py
index 1e22131d5..b4bd949ba 100644
--- a/fittrackee/tests/workouts/test_stats_api.py
+++ b/fittrackee/tests/workouts/test_stats_api.py
@@ -12,7 +12,9 @@ class TestGetStatsByTime(ApiTestCaseMixin):
     def test_it_gets_no_stats_when_user_has_no_workouts(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time',
@@ -27,7 +29,9 @@ def test_it_gets_no_stats_when_user_has_no_workouts(
     def test_it_returns_error_when_user_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/stats/1000/by_time',
@@ -48,7 +52,9 @@ def test_it_returns_error_if_date_format_is_invalid(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             (
@@ -75,7 +81,9 @@ def test_it_returns_error_if_period_is_invalid(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?from=2018-04-01&to=2018-04-30&time=day',  # noqa
@@ -96,7 +104,9 @@ def test_it_gets_stats_by_time_all_workouts(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time',
@@ -146,7 +156,9 @@ def test_it_gets_stats_for_april_2018(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?from=2018-04-01&to=2018-04-30',  # noqa
@@ -186,7 +198,9 @@ def test_it_gets_stats_for_april_2018_with_paris_timezone(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_paris.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1_paris.username}/by_time?'
@@ -227,7 +241,9 @@ def test_it_gets_stats_by_year(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?time=year',
@@ -277,7 +293,9 @@ def test_it_gets_stats_by_year_for_april_2018(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?from=2018-04-01&to=2018-04-30&time=year',  # noqa
@@ -318,7 +336,9 @@ def test_it_gets_stats_by_year_for_april_2018_with_paris_timezone(
         workout_running_user_1: Workout,
     ) -> None:
 
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_paris.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1_paris.username}/by_time?from=2018-04-01&to=2018-04-30&time=year',  # noqa
@@ -358,7 +378,9 @@ def test_it_gets_stats_by_month(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?time=month',
@@ -448,7 +470,9 @@ def test_it_gets_stats_by_month_with_new_york_timezone(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_full.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1_full.username}/by_time?time=month',
@@ -538,7 +562,9 @@ def test_it_gets_stats_by_month_for_april_2018(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?from=2018-04-01&to=2018-04-30&time=month',  # noqa
@@ -578,7 +604,9 @@ def test_it_gets_stats_by_week(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_full.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1_full.username}/by_time?time=week',
@@ -668,7 +696,9 @@ def test_it_gets_stats_by_week_for_week_13(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?from=2018-04-01&to=2018-04-30&time=week',  # noqa
@@ -708,7 +738,9 @@ def test_if_get_stats_by_week_starting_with_monday(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?time=weekm',
@@ -798,7 +830,9 @@ def test_it_gets_stats_by_week_starting_with_monday_for_week_13(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_time?from=2018-04-01&to=2018-04-30&time=weekm',  # noqa
@@ -840,7 +874,9 @@ def test_it_gets_stats_by_sport(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_sport',
@@ -878,7 +914,9 @@ def test_it_get_stats_for_sport_1(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_sport?sport_id=1',
@@ -908,7 +946,9 @@ def test_it_returns_errors_if_user_does_not_exist(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/stats/1000/by_sport?sport_id=1',
@@ -929,7 +969,9 @@ def test_it_returns_error_if_sport_does_not_exist(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_sport?sport_id=999',
@@ -950,7 +992,9 @@ def test_it_returns_error_if_sport_id_is_invalid(
         seven_workouts_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/stats/{user_1.username}/by_sport?sport_id="999',
@@ -971,7 +1015,7 @@ def test_it_returns_all_stats_when_users_have_no_workouts(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -1000,7 +1044,7 @@ def test_it_gets_app_all_stats_with_workouts(
         workout_running_user_1: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, as_admin=True
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -1028,7 +1072,9 @@ def test_it_returns_error_if_user_has_no_admin_rights(
         workout_cycling_user_2: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/stats/all',
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get.py b/fittrackee/tests/workouts/test_workouts_api_0_get.py
index f7266652e..9228c80af 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get.py
@@ -23,7 +23,9 @@ def test_it_gets_all_workouts_for_authenticated_user(
         workout_cycling_user_2: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts',
@@ -119,7 +121,9 @@ def test_it_gets_workouts_with_default_pagination(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts',
@@ -157,7 +161,9 @@ def test_it_gets_first_page(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?page=1',
@@ -195,7 +201,9 @@ def test_it_gets_second_page(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?page=2',
@@ -233,7 +241,9 @@ def test_it_gets_empty_third_page(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?page=3',
@@ -259,7 +269,9 @@ def test_it_returns_error_on_invalid_page_value(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?page=A',
@@ -282,7 +294,9 @@ def test_it_gets_max_workouts_per_page_if_per_page_exceeds_max(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?per_page=10',
@@ -317,7 +331,9 @@ def test_it_gets_given_number_of_workouts_per_page(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?per_page=3',
@@ -353,7 +369,9 @@ def test_it_gets_workouts_with_default_order(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts',
@@ -387,7 +405,9 @@ def test_it_gets_workouts_with_ascending_order(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?order=asc',
@@ -421,7 +441,9 @@ def test_it_gets_workouts_with_descending_order(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?order=desc',
@@ -457,7 +479,9 @@ def test_it_gets_workouts_ordered_by_workout_date(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?order_by=workout_date',
@@ -491,7 +515,9 @@ def test_it_gets_workouts_ordered_by_distance(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?order_by=distance',
@@ -519,7 +545,9 @@ def test_it_gets_workouts_ordered_by_duration(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?order_by=duration',
@@ -547,7 +575,9 @@ def test_it_gets_workouts_ordered_by_average_speed(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?order_by=ave_speed',
@@ -577,7 +607,9 @@ def test_it_gets_workouts_with_date_filter(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?from=2018-02-01&to=2018-02-28',
@@ -615,7 +647,9 @@ def test_it_gets_no_workouts_with_date_filter(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?from=2018-03-01&to=2018-03-30',
@@ -641,7 +675,9 @@ def test_if_gets_workouts_with_date_filter_from(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?from=2018-04-01',
@@ -676,7 +712,9 @@ def test_it_gets_workouts_with_date_filter_to(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?to=2017-12-31',
@@ -710,7 +748,9 @@ def test_it_gets_workouts_with_distance_filter(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?distance_from=5&distance_to=8.1',
@@ -744,7 +784,9 @@ def test_it_gets_workouts_with_duration_filter(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?duration_from=00:52&duration_to=01:20',
@@ -774,7 +816,9 @@ def test_it_gets_workouts_with_average_speed_filter(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?ave_speed_from=5&ave_speed_to=10',
@@ -808,7 +852,9 @@ def test_it_gets_workouts_with_max_speed_filter(
     ) -> None:
         workout_cycling_user_1.max_speed = 25
         workout_running_user_1.max_speed = 11
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?max_speed_from=10&max_speed_to=20',
@@ -840,7 +886,9 @@ def test_it_gets_workouts_with_sport_filter(
         sport_2_running: Sport,
         workout_running_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?sport_id=2',
@@ -872,7 +920,9 @@ def test_it_gets_page_2_with_date_filter(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?from=2017-01-01&page=2',
@@ -906,7 +956,9 @@ def test_it_get_page_2_with_date_filter_and_ascending_order(
         sport_1_cycling: Sport,
         seven_workouts_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             '/api/workouts?from=2017-01-01&page=2&order=asc',
@@ -942,7 +994,9 @@ def test_it_gets_an_workout(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_cycling_user_1.short_id}',
@@ -971,7 +1025,9 @@ def test_it_returns_403_if_workout_belongs_to_a_different_user(
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_cycling_user_2.short_id}',
@@ -986,7 +1042,9 @@ def test_it_returns_403_if_workout_belongs_to_a_different_user(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{get_random_short_id()}',
@@ -1002,7 +1060,9 @@ def test_it_returns_404_on_getting_gpx_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
         random_short_id = get_random_short_id()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{random_short_id}/gpx',
@@ -1019,7 +1079,9 @@ def test_it_returns_404_on_getting_chart_data_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
         random_short_id = get_random_short_id()
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{random_short_id}/chart_data',
@@ -1040,7 +1102,9 @@ def test_it_returns_404_on_getting_gpx_if_workout_have_no_gpx(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_short_id}/gpx',
@@ -1063,7 +1127,9 @@ def test_it_returns_404_if_workout_have_no_chart_data(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_short_id}/chart_data',
@@ -1086,7 +1152,9 @@ def test_it_returns_500_on_getting_gpx_if_an_workout_has_invalid_gpx_pathname(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.gpx = "some path"
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_cycling_user_1.short_id}/gpx',
@@ -1110,7 +1178,9 @@ def test_it_returns_500_on_getting_chart_data_if_an_workout_has_invalid_gpx_path
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.gpx = 'some path'
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_cycling_user_1.short_id}/chart_data',
@@ -1129,7 +1199,9 @@ def test_it_returns_500_on_getting_chart_data_if_an_workout_has_invalid_gpx_path
     def test_it_returns_404_if_workout_has_no_map(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.get(
             f'/api/workouts/map/{uuid4().hex}',
             headers=dict(Authorization=f'Bearer {auth_token}'),
@@ -1147,7 +1219,9 @@ def test_it_returns_404_if_workout_does_not_exist(
         app: Flask,
         user_1: User,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{get_random_short_id()}/gpx/download',
@@ -1166,7 +1240,9 @@ def test_it_returns_404_if_workout_does_not_have_gpx(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_cycling_user_1.short_id}/gpx/download',
@@ -1186,7 +1262,9 @@ def test_it_returns_404_if_workout_belongs_to_a_different_user(
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.get(
             f'/api/workouts/{workout_cycling_user_2.short_id}/gpx/download',
@@ -1209,7 +1287,9 @@ def test_it_calls_send_from_directory_if_workout_has_gpx(
         workout_cycling_user_1.gpx = gpx_file_path
         with patch('fittrackee.workouts.workouts.send_from_directory') as mock:
             mock.return_value = 'file'
-            client, auth_token = self.get_test_client_and_auth_token(app)
+            client, auth_token = self.get_test_client_and_auth_token(
+                app, user_1.email
+            )
 
             client.get(
                 (
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 18f30fd5c..eca0672f6 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -210,7 +210,9 @@ class TestPostWorkoutWithGpx(ApiTestCaseMixin, CallArgsMixin):
     def test_it_adds_an_workout_with_gpx_file(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -238,7 +240,9 @@ def test_it_adds_an_workout_with_gpx_without_name(
         sport_1_cycling: Sport,
         gpx_file_wo_name: str,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -270,7 +274,9 @@ def test_it_adds_an_workout_with_gpx_without_name_timezone(
         gpx_file_wo_name: str,
     ) -> None:
         user_1.timezone = 'Europe/Paris'
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -311,7 +317,9 @@ def test_it_adds_a_workout_with_gpx_notes(
         sport_1_cycling: Sport,
         gpx_file: str,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -339,7 +347,9 @@ def test_it_calls_configured_tile_server_for_static_map(
         gpx_file: str,
         static_map_get_mock: Mock,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         client.post(
             '/api/workouts',
             data=dict(
@@ -369,7 +379,7 @@ def test_it_calls_default_tile_server_for_static_map(
         static_map_get_mock: Mock,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_default_static_map
+            app_default_static_map, user_1.email
         )
         client.post(
             '/api/workouts',
@@ -398,7 +408,9 @@ def test_it_returns_500_if_gpx_file_has_not_tracks(
         sport_1_cycling: Sport,
         gpx_file_wo_track: str,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -425,7 +437,9 @@ def test_it_returns_500_if_gpx_has_invalid_xml(
         sport_1_cycling: Sport,
         gpx_file_invalid_xml: str,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -451,7 +465,9 @@ def test_it_returns_500_if_gpx_has_invalid_xml(
     def test_it_returns_400_if_workout_gpx_has_invalid_extension(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -473,7 +489,9 @@ def test_it_returns_400_if_workout_gpx_has_invalid_extension(
     def test_it_returns_400_if_sport_id_is_not_provided(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -494,7 +512,9 @@ def test_it_returns_400_if_sport_id_is_not_provided(
     def test_it_returns_500_if_sport_id_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -516,7 +536,9 @@ def test_it_returns_500_if_sport_id_does_not_exist(
     def test_returns_400_if_no_gpx_file_is_provided(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -540,7 +562,7 @@ def test_it_returns_error_if_file_size_exceeds_limit(
         gpx_file: str,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_max_file_size
+            app_with_max_file_size, user_1.email
         )
 
         response = client.post(
@@ -568,7 +590,9 @@ class TestPostWorkoutWithoutGpx(ApiTestCaseMixin):
     def test_it_adds_an_workout_without_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -593,7 +617,9 @@ def test_it_adds_an_workout_without_gpx(
     def test_it_returns_400_if_workout_date_is_missing(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -610,7 +636,9 @@ def test_it_returns_400_if_workout_date_is_missing(
     def test_it_returns_500_if_workout_format_is_invalid(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -638,7 +666,9 @@ def test_it_adds_workout_with_zero_value(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -690,7 +720,9 @@ def test_it_adds_workouts_with_zip_archive(
         file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
         # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(app)
+            client, auth_token = self.get_test_client_and_auth_token(
+                app, user_1.email
+            )
 
             response = client.post(
                 '/api/workouts',
@@ -719,7 +751,9 @@ def test_it_returns_400_if_folder_is_present_in_zip_archive(
         # 'gpx_test_folder.zip' contains 3 gpx files (same data) and 1 non-gpx
         # file in a folder
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(app)
+            client, auth_token = self.get_test_client_and_auth_token(
+                app, user_1.email
+            )
 
             response = client.post(
                 '/api/workouts',
@@ -746,7 +780,9 @@ def test_it_returns_500_if_one_file_in_zip_archive_is_invalid(
         )
         # 'gpx_test_incorrect.zip' contains 2 gpx files, one is incorrect
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(app)
+            client, auth_token = self.get_test_client_and_auth_token(
+                app, user_1.email
+            )
 
             response = client.post(
                 '/api/workouts',
@@ -778,7 +814,7 @@ def test_it_imports_only_max_number_of_files(
         # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
         with open(file_path, 'rb') as zip_file:
             client, auth_token = self.get_test_client_and_auth_token(
-                app_with_max_workouts
+                app_with_max_workouts, user_1.email
             )
 
             client.post(
@@ -811,7 +847,7 @@ def test_it_returns_error_if_archive_size_exceeds_limit(
         # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
         with open(file_path, 'rb') as zip_file:
             client, auth_token = self.get_test_client_and_auth_token(
-                app_with_max_zip_file_size
+                app_with_max_zip_file_size, user_1.email
             )
 
             response = client.post(
@@ -836,9 +872,11 @@ def test_it_returns_error_if_archive_size_exceeds_limit(
 
 class TestPostAndGetWorkoutWithGpx(ApiTestCaseMixin):
     def workout_assertion(
-        self, app: Flask, gpx_file: str, with_segments: bool
+        self, app: Flask, user_1: User, gpx_file: str, with_segments: bool
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.post(
             '/api/workouts',
             data=dict(
@@ -917,7 +955,7 @@ def workout_assertion(
     def test_it_gets_an_workout_created_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        return self.workout_assertion(app, gpx_file, False)
+        return self.workout_assertion(app, user_1, gpx_file, False)
 
     def test_it_gets_an_workout_created_with_gpx_with_segments(
         self,
@@ -926,12 +964,16 @@ def test_it_gets_an_workout_created_with_gpx_with_segments(
         sport_1_cycling: Sport,
         gpx_file_with_segments: str,
     ) -> None:
-        return self.workout_assertion(app, gpx_file_with_segments, True)
+        return self.workout_assertion(
+            app, user_1, gpx_file_with_segments, True
+        )
 
     def test_it_gets_chart_data_for_an_workout_created_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -960,7 +1002,9 @@ def test_it_gets_chart_data_for_an_workout_created_with_gpx(
     def test_it_gets_segment_chart_data_for_an_workout_created_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -994,7 +1038,9 @@ def test_it_returns_403_on_getting_chart_data_if_workout_belongs_to_another_user
         sport_1_cycling: Sport,
         gpx_file: str,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.post(
             '/api/workouts',
             data=dict(
@@ -1030,7 +1076,9 @@ def test_it_returns_403_on_getting_chart_data_if_workout_belongs_to_another_user
     def test_it_returns_500_on_invalid_segment_id(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -1059,7 +1107,9 @@ def test_it_returns_500_on_invalid_segment_id(
     def test_it_returns_404_if_segment_id_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts',
@@ -1090,7 +1140,9 @@ class TestPostAndGetWorkoutWithoutGpx(ApiTestCaseMixin):
     def test_it_add_and_gets_an_workout_wo_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -1121,7 +1173,9 @@ def test_it_add_and_gets_an_workout_wo_gpx(
     def test_it_adds_and_gets_an_workout_wo_gpx_notes(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -1156,7 +1210,9 @@ def test_it_add_and_gets_an_workout_wo_gpx_with_timezone(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
         user_1.timezone = 'Europe/Paris'
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.post(
             '/api/workouts/no_gpx',
@@ -1194,7 +1250,9 @@ def test_it_add_and_gets_an_workout_wo_gpx_with_timezone(
     def test_it_adds_and_gets_workouts_date_filter_with_timezone_new_york(
         self, app: Flask, user_1_full: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_full.email
+        )
 
         client.post(
             '/api/workouts/no_gpx',
@@ -1234,7 +1292,9 @@ def test_it_adds_and_gets_workouts_date_filter_with_timezone_paris(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_paris.email
+        )
 
         client.post(
             '/api/workouts/no_gpx',
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 09c192d43..10f0515ed 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -250,7 +250,9 @@ def test_it_updates_an_workout_wo_gpx(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_short_id}',
@@ -337,7 +339,9 @@ def test_it_adds_notes_to_a_workout_wo_gpx(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_short_id}',
@@ -361,7 +365,9 @@ def test_it_empties_workout_notes(
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
         workout_cycling_user_1.notes = uuid4().hex
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_short_id}',
@@ -384,7 +390,9 @@ def test_returns_403_when_editing_an_workout_wo_gpx_from_different_user(
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_cycling_user_2.short_id}',
@@ -415,7 +423,9 @@ def test_it_updates_an_workout_wo_gpx_with_timezone(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_paris.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_short_id}',
@@ -488,7 +498,9 @@ def test_it_updates_only_sport_and_distance_an_workout_wo_gpx(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_short_id}',
@@ -551,7 +563,9 @@ def test_it_returns_400_if_payload_is_empty(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
 
         response = client.patch(
             f'/api/workouts/{workout_cycling_user_1.short_id}',
@@ -572,7 +586,9 @@ def test_it_returns_500_if_date_format_is_invalid(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.patch(
             f'/api/workouts/{workout_cycling_user_1.short_id}',
             content_type='application/json',
@@ -599,7 +615,9 @@ def test_it_returns_500_if_date_format_is_invalid(
     def test_it_returns_404_if_edited_workout_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.patch(
             f'/api/workouts/{get_random_short_id()}',
             content_type='application/json',
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index f393cccfc..101df6142 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -63,7 +63,9 @@ def test_it_returns_403_when_deleting_an_workout_from_different_user(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.delete(
             f'/api/workouts/{get_random_short_id()}',
             headers=dict(Authorization=f'Bearer {auth_token}'),
@@ -104,7 +106,9 @@ def test_it_deletes_an_workout_wo_gpx(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(app)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         response = client.delete(
             f'/api/workouts/{workout_cycling_user_1.short_id}',
             headers=dict(Authorization=f'Bearer {auth_token}'),

From 7169e68bfc4b8ee7a5161e1ef75f3f21c1adc6a0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 16:52:22 +0100
Subject: [PATCH 051/238] API - init role management on getting user infos

---
 fittrackee/tests/users/test_auth_api.py    |   4 +-
 fittrackee/tests/users/test_users_api.py   | 295 +++++++++++++--------
 fittrackee/tests/users/test_users_model.py |  60 ++++-
 fittrackee/users/auth.py                   |  10 +-
 fittrackee/users/models.py                 |  26 +-
 fittrackee/users/roles.py                  |   7 +
 fittrackee/users/users.py                  |   9 +-
 7 files changed, 280 insertions(+), 131 deletions(-)
 create mode 100644 fittrackee/users/roles.py

diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 3788d06df..e06f23ada 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -475,7 +475,7 @@ def test_it_returns_error_with_invalid_headers(self, app: Flask) -> None:
 
 
 class TestUserProfile(ApiTestCaseMixin):
-    def test_it_returns_user_minimal_profile(
+    def test_it_returns_user_profile_when_no_workouts_and_no_preferences(
         self, app: Flask, user_1: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -506,7 +506,7 @@ def test_it_returns_user_minimal_profile(
         assert data['data']['total_duration'] == '0:00:00'
         assert response.status_code == 200
 
-    def test_it_returns_user_full_profile(
+    def test_it_returns_user_profile_with_updated_fields(
         self, app: Flask, user_1_full: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 4f719e643..4dddedf7d 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -1,6 +1,7 @@
 import json
 from datetime import datetime, timedelta
 from io import BytesIO
+from typing import Dict
 from unittest.mock import patch
 
 from flask import Flask
@@ -11,7 +12,114 @@
 from ..test_case_mixins import ApiTestCaseMixin
 
 
-class TestGetUser(ApiTestCaseMixin):
+class GetUserTestCase(ApiTestCaseMixin):
+    @staticmethod
+    def assert_user(user_dict: Dict, user: User) -> None:
+        assert user_dict['username'] == user.username
+        assert user_dict['created_at'] == user.created_at.strftime(
+            '%a, %d %b %Y %H:%M:%S GMT'
+        )
+        assert user_dict['admin'] == user.admin
+        assert user_dict['first_name'] is None
+        assert user_dict['last_name'] is None
+        assert user_dict['birth_date'] is None
+        assert user_dict['bio'] is None
+        assert user_dict['location'] is None
+        assert 'imperial_units' not in user_dict
+        assert 'language' not in user_dict
+        assert 'timezone' not in user_dict
+        assert 'weekm' not in user_dict
+
+    @staticmethod
+    def assert_user_2_without_workouts(user_dict: Dict) -> None:
+        assert user_dict['nb_sports'] == 0
+        assert user_dict['nb_workouts'] == 0
+        assert user_dict['records'] == []
+        assert user_dict['sports_list'] == []
+        assert user_dict['total_distance'] == 0
+        assert user_dict['total_duration'] == '0:00:00'
+
+    @staticmethod
+    def assert_user_1_with_workouts(user_dict: Dict) -> None:
+        assert user_dict['nb_sports'] == 2
+        assert user_dict['nb_workouts'] == 2
+        assert len(user_dict['records']) == 8
+        assert user_dict['sports_list'] == [1, 2]
+        assert user_dict['total_distance'] == 22
+        assert user_dict['total_duration'] == '2:40:00'
+
+
+class TestGetUserAsAdmin(GetUserTestCase):
+    def test_it_gets_single_user_without_workouts(
+        self, app: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        user = data['data']['users'][0]
+        self.assert_user(user, user_2)
+        self.assert_user_2_without_workouts(user)
+        assert user['email'] == user_2.email
+
+    def test_it_gets_single_user_with_workouts(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1_admin.username}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        user = data['data']['users'][0]
+        self.assert_user(user, user_1_admin)
+        self.assert_user_1_with_workouts(user)
+        assert user['email'] == user_1_admin.email
+
+    def test_it_returns_error_if_user_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/users/not_existing',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+        data = json.loads(response.data.decode())
+
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+
+class TestGetUserAsUser(GetUserTestCase):
     def test_it_gets_single_user_without_workouts(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
@@ -30,25 +138,9 @@ def test_it_gets_single_user_without_workouts(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         user = data['data']['users'][0]
-        assert user['username'] == 'toto'
-        assert user['email'] == 'toto@toto.com'
-        assert user['created_at']
-        assert not user['admin']
-        assert user['first_name'] is None
-        assert user['last_name'] is None
-        assert user['birth_date'] is None
-        assert user['bio'] is None
-        assert user['imperial_units'] is False
-        assert user['location'] is None
-        assert user['timezone'] is None
-        assert user['weekm'] is False
-        assert user['language'] is None
-        assert user['nb_sports'] == 0
-        assert user['nb_workouts'] == 0
-        assert user['records'] == []
-        assert user['sports_list'] == []
-        assert user['total_distance'] == 0
-        assert user['total_duration'] == '0:00:00'
+        self.assert_user(user, user_2)
+        self.assert_user_2_without_workouts(user)
+        assert 'email' not in user
 
     def test_it_gets_single_user_with_workouts(
         self,
@@ -74,25 +166,9 @@ def test_it_gets_single_user_with_workouts(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         user = data['data']['users'][0]
-        assert user['username'] == 'test'
-        assert user['email'] == 'test@test.com'
-        assert user['created_at']
-        assert not user['admin']
-        assert user['first_name'] is None
-        assert user['last_name'] is None
-        assert user['birth_date'] is None
-        assert user['bio'] is None
-        assert user['imperial_units'] is False
-        assert user['location'] is None
-        assert user['timezone'] is None
-        assert user['weekm'] is False
-        assert user['language'] is None
-        assert len(user['records']) == 8
-        assert user['nb_sports'] == 2
-        assert user['nb_workouts'] == 2
-        assert user['sports_list'] == [1, 2]
-        assert user['total_distance'] == 22
-        assert user['total_duration'] == '2:40:00'
+        self.assert_user(user, user_1)
+        self.assert_user_1_with_workouts(user)
+        assert 'email' not in user
 
     def test_it_returns_error_if_user_does_not_exist(
         self, app: Flask, user_1: User
@@ -113,12 +189,12 @@ def test_it_returns_error_if_user_does_not_exist(
         assert 'user does not exist' in data['message']
 
 
-class TestGetUsers(ApiTestCaseMixin):
-    def test_it_get_users_list(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+class TestGetUsersAsAdmin(GetUserTestCase):
+    def test_it_gets_users_list(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -133,42 +209,42 @@ def test_it_get_users_list(
         assert 'created_at' in data['data']['users'][0]
         assert 'created_at' in data['data']['users'][1]
         assert 'created_at' in data['data']['users'][2]
-        assert 'test' in data['data']['users'][0]['username']
+        assert 'admin' in data['data']['users'][0]['username']
         assert 'toto' in data['data']['users'][1]['username']
         assert 'sam' in data['data']['users'][2]['username']
-        assert 'test@test.com' in data['data']['users'][0]['email']
+        assert 'admin@example.com' in data['data']['users'][0]['email']
         assert 'toto@toto.com' in data['data']['users'][1]['email']
         assert 'sam@test.com' in data['data']['users'][2]['email']
-        assert data['data']['users'][0]['imperial_units'] is False
-        assert data['data']['users'][0]['timezone'] is None
-        assert data['data']['users'][0]['weekm'] is False
-        assert data['data']['users'][0]['language'] is None
         assert data['data']['users'][0]['nb_sports'] == 0
         assert data['data']['users'][0]['nb_workouts'] == 0
         assert data['data']['users'][0]['records'] == []
         assert data['data']['users'][0]['sports_list'] == []
         assert data['data']['users'][0]['total_distance'] == 0
         assert data['data']['users'][0]['total_duration'] == '0:00:00'
-        assert data['data']['users'][1]['imperial_units'] is False
-        assert data['data']['users'][1]['timezone'] is None
-        assert data['data']['users'][1]['weekm'] is False
-        assert data['data']['users'][1]['language'] is None
         assert data['data']['users'][1]['nb_sports'] == 0
         assert data['data']['users'][1]['nb_workouts'] == 0
         assert data['data']['users'][1]['records'] == []
         assert data['data']['users'][1]['sports_list'] == []
         assert data['data']['users'][1]['total_distance'] == 0
         assert data['data']['users'][1]['total_duration'] == '0:00:00'
-        assert data['data']['users'][2]['imperial_units'] is False
-        assert data['data']['users'][2]['timezone'] is None
-        assert data['data']['users'][2]['weekm'] is True
-        assert data['data']['users'][2]['language'] is None
         assert data['data']['users'][2]['records'] == []
         assert data['data']['users'][2]['nb_sports'] == 0
         assert data['data']['users'][2]['nb_workouts'] == 0
         assert data['data']['users'][2]['sports_list'] == []
         assert data['data']['users'][2]['total_distance'] == 0
         assert data['data']['users'][2]['total_duration'] == '0:00:00'
+        assert 'imperial_units' not in data['data']['users'][0]
+        assert 'imperial_units' not in data['data']['users'][1]
+        assert 'imperial_units' not in data['data']['users'][2]
+        assert 'language' not in data['data']['users'][0]
+        assert 'language' not in data['data']['users'][1]
+        assert 'language' not in data['data']['users'][2]
+        assert 'timezone' not in data['data']['users'][0]
+        assert 'timezone' not in data['data']['users'][1]
+        assert 'timezone' not in data['data']['users'][2]
+        assert 'weekm' not in data['data']['users'][0]
+        assert 'weekm' not in data['data']['users'][1]
+        assert 'weekm' not in data['data']['users'][2]
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
@@ -180,7 +256,7 @@ def test_it_get_users_list(
     def test_it_gets_users_list_with_workouts(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
         sport_1_cycling: Sport,
@@ -190,7 +266,7 @@ def test_it_gets_users_list_with_workouts(
         workout_cycling_user_2: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -205,39 +281,42 @@ def test_it_gets_users_list_with_workouts(
         assert 'created_at' in data['data']['users'][0]
         assert 'created_at' in data['data']['users'][1]
         assert 'created_at' in data['data']['users'][2]
-        assert 'test' in data['data']['users'][0]['username']
+        assert 'admin' in data['data']['users'][0]['username']
         assert 'toto' in data['data']['users'][1]['username']
         assert 'sam' in data['data']['users'][2]['username']
-        assert 'test@test.com' in data['data']['users'][0]['email']
+        assert 'admin@example.com' in data['data']['users'][0]['email']
         assert 'toto@toto.com' in data['data']['users'][1]['email']
         assert 'sam@test.com' in data['data']['users'][2]['email']
-        assert data['data']['users'][0]['imperial_units'] is False
-        assert data['data']['users'][0]['timezone'] is None
-        assert data['data']['users'][0]['weekm'] is False
         assert data['data']['users'][0]['nb_sports'] == 2
         assert data['data']['users'][0]['nb_workouts'] == 2
         assert len(data['data']['users'][0]['records']) == 8
         assert data['data']['users'][0]['sports_list'] == [1, 2]
         assert data['data']['users'][0]['total_distance'] == 22.0
         assert data['data']['users'][0]['total_duration'] == '2:40:00'
-        assert data['data']['users'][1]['imperial_units'] is False
-        assert data['data']['users'][1]['timezone'] is None
-        assert data['data']['users'][1]['weekm'] is False
         assert data['data']['users'][1]['nb_sports'] == 1
         assert data['data']['users'][1]['nb_workouts'] == 1
         assert len(data['data']['users'][1]['records']) == 4
         assert data['data']['users'][1]['sports_list'] == [1]
         assert data['data']['users'][1]['total_distance'] == 15
         assert data['data']['users'][1]['total_duration'] == '1:00:00'
-        assert data['data']['users'][2]['imperial_units'] is False
-        assert data['data']['users'][2]['timezone'] is None
-        assert data['data']['users'][2]['weekm'] is True
         assert data['data']['users'][2]['nb_sports'] == 0
         assert data['data']['users'][2]['nb_workouts'] == 0
         assert len(data['data']['users'][2]['records']) == 0
         assert data['data']['users'][2]['sports_list'] == []
         assert data['data']['users'][2]['total_distance'] == 0
         assert data['data']['users'][2]['total_duration'] == '0:00:00'
+        assert 'imperial_units' not in data['data']['users'][0]
+        assert 'imperial_units' not in data['data']['users'][1]
+        assert 'imperial_units' not in data['data']['users'][2]
+        assert 'language' not in data['data']['users'][0]
+        assert 'language' not in data['data']['users'][1]
+        assert 'language' not in data['data']['users'][2]
+        assert 'timezone' not in data['data']['users'][0]
+        assert 'timezone' not in data['data']['users'][1]
+        assert 'timezone' not in data['data']['users'][2]
+        assert 'weekm' not in data['data']['users'][0]
+        assert 'weekm' not in data['data']['users'][1]
+        assert 'weekm' not in data['data']['users'][2]
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
@@ -250,12 +329,12 @@ def test_it_gets_users_list_with_workouts(
     def test_it_gets_first_page_on_users_list(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -279,12 +358,12 @@ def test_it_gets_first_page_on_users_list(
     def test_it_gets_next_page_on_users_list(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -307,12 +386,12 @@ def test_it_gets_next_page_on_users_list(
     def test_it_gets_empty_next_page_on_users_list(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -335,12 +414,12 @@ def test_it_gets_empty_next_page_on_users_list(
     def test_it_gets_user_list_with_2_per_page(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -363,12 +442,12 @@ def test_it_gets_user_list_with_2_per_page(
     def test_it_gets_next_page_on_user_list_with_2_per_page(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -389,10 +468,10 @@ def test_it_gets_next_page_on_user_list_with_2_per_page(
         }
 
     def test_it_gets_users_list_ordered_by_username(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -404,8 +483,8 @@ def test_it_gets_users_list_ordered_by_username(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'sam' in data['data']['users'][0]['username']
-        assert 'test' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
         assert 'toto' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
@@ -416,10 +495,10 @@ def test_it_gets_users_list_ordered_by_username(
         }
 
     def test_it_gets_users_list_ordered_by_username_ascending(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -431,8 +510,8 @@ def test_it_gets_users_list_ordered_by_username_ascending(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'sam' in data['data']['users'][0]['username']
-        assert 'test' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
         assert 'toto' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
@@ -443,10 +522,10 @@ def test_it_gets_users_list_ordered_by_username_ascending(
         }
 
     def test_it_gets_users_list_ordered_by_username_descending(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -459,8 +538,8 @@ def test_it_gets_users_list_ordered_by_username_descending(
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
-        assert 'test' in data['data']['users'][1]['username']
-        assert 'sam' in data['data']['users'][2]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
@@ -643,14 +722,14 @@ def test_it_gets_users_list_ordered_by_admin_rights_descending(
     def test_it_gets_users_list_ordered_by_workouts_count(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -662,7 +741,7 @@ def test_it_gets_users_list_ordered_by_workouts_count(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'test' in data['data']['users'][0]['username']
+        assert 'admin' in data['data']['users'][0]['username']
         assert 0 == data['data']['users'][0]['nb_workouts']
         assert 'sam' in data['data']['users'][1]['username']
         assert 0 == data['data']['users'][1]['nb_workouts']
@@ -679,14 +758,14 @@ def test_it_gets_users_list_ordered_by_workouts_count(
     def test_it_gets_users_list_ordered_by_workouts_count_ascending(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -698,7 +777,7 @@ def test_it_gets_users_list_ordered_by_workouts_count_ascending(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'test' in data['data']['users'][0]['username']
+        assert 'admin' in data['data']['users'][0]['username']
         assert 0 == data['data']['users'][0]['nb_workouts']
         assert 'sam' in data['data']['users'][1]['username']
         assert 0 == data['data']['users'][1]['nb_workouts']
@@ -715,14 +794,14 @@ def test_it_gets_users_list_ordered_by_workouts_count_ascending(
     def test_it_gets_users_list_ordered_by_workouts_count_descending(
         self,
         app: Flask,
-        user_1: User,
+        user_1_admin: User,
         user_2: User,
         user_3: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -736,7 +815,7 @@ def test_it_gets_users_list_ordered_by_workouts_count_descending(
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
         assert 1 == data['data']['users'][0]['nb_workouts']
-        assert 'test' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][1]['username']
         assert 0 == data['data']['users'][1]['nb_workouts']
         assert 'sam' in data['data']['users'][2]['username']
         assert 0 == data['data']['users'][2]['nb_workouts']
@@ -749,10 +828,10 @@ def test_it_gets_users_list_ordered_by_workouts_count_descending(
         }
 
     def test_it_gets_users_list_filtering_on_username(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -774,10 +853,10 @@ def test_it_gets_users_list_filtering_on_username(
         }
 
     def test_it_returns_empty_users_list_filtering_on_username(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -798,10 +877,10 @@ def test_it_returns_empty_users_list_filtering_on_username(
         }
 
     def test_it_users_list_with_complex_query(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
+            app, user_1_admin.email
         )
 
         response = client.get(
@@ -813,7 +892,7 @@ def test_it_users_list_with_complex_query(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
-        assert 'sam' in data['data']['users'][0]['username']
+        assert 'admin' in data['data']['users'][0]['username']
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': True,
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 5e961c3ce..ac040fe94 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+from typing import Dict
 from unittest.mock import Mock, patch
 
 import pytest
@@ -10,27 +11,22 @@
     NotExistingFollowRequestError,
 )
 from fittrackee.users.models import FollowRequest, User, UserSportPreference
+from fittrackee.users.roles import UserRole
 from fittrackee.workouts.models import Sport, Workout
 
 
 class TestUserModel:
-    def test_user_model(self, app: Flask, user_1: User) -> None:
-        assert '<User \'test\'>' == str(user_1)
-
-        serialized_user = user_1.serialize()
+    @staticmethod
+    def assert_serialized_used(serialized_user: Dict) -> None:
         assert 'test' == serialized_user['username']
         assert 'created_at' in serialized_user
         assert serialized_user['admin'] is False
         assert serialized_user['first_name'] is None
         assert serialized_user['last_name'] is None
-        assert serialized_user['imperial_units'] is False
         assert serialized_user['bio'] is None
         assert serialized_user['location'] is None
         assert serialized_user['birth_date'] is None
         assert serialized_user['picture'] is False
-        assert serialized_user['timezone'] is None
-        assert serialized_user['weekm'] is False
-        assert serialized_user['language'] is None
         assert serialized_user['nb_sports'] == 0
         assert serialized_user['nb_workouts'] == 0
         assert serialized_user['records'] == []
@@ -38,6 +34,54 @@ def test_user_model(self, app: Flask, user_1: User) -> None:
         assert serialized_user['total_distance'] == 0
         assert serialized_user['total_duration'] == '0:00:00'
 
+    def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
+        assert '<User \'test\'>' == str(user_1)
+
+        serialized_user = user_1.serialize(role=UserRole.AUTH_USER)
+        self.assert_serialized_used(serialized_user)
+        assert 'test@test.com' == serialized_user['email']
+        assert serialized_user['imperial_units'] is False
+        assert serialized_user['language'] is None
+        assert serialized_user['timezone'] is None
+        assert serialized_user['weekm'] is False
+
+    def test_user_model_as_admin(self, app: Flask, user_1: User) -> None:
+        assert '<User \'test\'>' == str(user_1)
+
+        serialized_user = user_1.serialize(role=UserRole.ADMIN)
+        self.assert_serialized_used(serialized_user)
+        assert 'test@test.com' == serialized_user['email']
+        assert 'imperial_units' not in serialized_user
+        assert 'language' not in serialized_user
+        assert 'timezone' not in serialized_user
+        assert 'weekm' not in serialized_user
+
+    def test_user_model_as_regular_user(
+        self, app: Flask, user_1: User
+    ) -> None:
+        assert '<User \'test\'>' == str(user_1)
+
+        serialized_user = user_1.serialize(role=UserRole.USER)
+        self.assert_serialized_used(serialized_user)
+        assert 'email' not in serialized_user
+        assert 'imperial_units' not in serialized_user
+        assert 'language' not in serialized_user
+        assert 'timezone' not in serialized_user
+        assert 'weekm' not in serialized_user
+
+    def test_user_model_when_no_role_provided(
+        self, app: Flask, user_1: User
+    ) -> None:
+        assert '<User \'test\'>' == str(user_1)
+
+        serialized_user = user_1.serialize()
+        self.assert_serialized_used(serialized_user)
+        assert 'email' not in serialized_user
+        assert 'imperial_units' not in serialized_user
+        assert 'language' not in serialized_user
+        assert 'timezone' not in serialized_user
+        assert 'weekm' not in serialized_user
+
     def test_encode_auth_token(self, app: Flask, user_1: User) -> None:
         auth_token = user_1.encode_auth_token(user_1.id)
         assert isinstance(auth_token, str)
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 35e1c558e..618a53afb 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -27,6 +27,7 @@
 
 from .decorators import authenticate
 from .models import User, UserSportPreference
+from .roles import UserRole
 from .utils.controls import check_passwords, register_controls
 from .utils.token import decode_user_token
 
@@ -384,7 +385,10 @@ def get_authenticated_user_profile(
         - invalid token, please log in again
 
     """
-    return {'status': 'success', 'data': auth_user.serialize()}
+    return {
+        'status': 'success',
+        'data': auth_user.serialize(role=UserRole.AUTH_USER),
+    }
 
 
 @auth_blueprint.route('/auth/profile/edit', methods=['POST'])
@@ -541,7 +545,7 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
         return {
             'status': 'success',
             'message': 'user profile updated',
-            'data': auth_user.serialize(),
+            'data': auth_user.serialize(role=UserRole.AUTH_USER),
         }
 
     # handler errors
@@ -680,7 +684,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
         return {
             'status': 'success',
             'message': 'user preferences updated',
-            'data': auth_user.serialize(),
+            'data': auth_user.serialize(role=UserRole.AUTH_USER),
         }
 
     # handler errors
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index f0a9c676c..f0e5a7288 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -20,6 +20,7 @@
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
+from .roles import UserRole
 from .utils.token import decode_user_token, get_user_token
 
 
@@ -340,7 +341,7 @@ def create_actor(self) -> None:
         self.actor_id = actor.id
         db.session.commit()
 
-    def serialize(self) -> Dict:
+    def serialize(self, role: Optional[UserRole] = None) -> Dict:
         sports = []
         total = (0, '0:00:00')
         if self.workouts_count > 0:  # type: ignore
@@ -358,9 +359,8 @@ def serialize(self) -> Dict:
                 .filter(Workout.user_id == self.id)
                 .first()
             )
-        return {
+        serialized_user = {
             'username': self.username,
-            'email': self.email,
             'created_at': self.created_at,
             'admin': self.admin,
             'first_name': self.first_name,
@@ -369,9 +369,6 @@ def serialize(self) -> Dict:
             'location': self.location,
             'birth_date': self.birth_date,
             'picture': self.picture is not None,
-            'timezone': self.timezone,
-            'weekm': self.weekm,
-            'language': self.language,
             'nb_sports': len(sports),
             'nb_workouts': self.workouts_count,
             'records': [record.serialize() for record in self.records],
@@ -380,9 +377,24 @@ def serialize(self) -> Dict:
             ],
             'total_distance': float(total[0]),
             'total_duration': str(total[1]),
-            'imperial_units': self.imperial_units,
         }
 
+        if role in [UserRole.AUTH_USER, UserRole.ADMIN]:
+            serialized_user['email'] = self.email
+
+        if role == UserRole.AUTH_USER:
+            serialized_user = {
+                **serialized_user,
+                **{
+                    'timezone': self.timezone,
+                    'weekm': self.weekm,
+                    'language': self.language,
+                    'imperial_units': self.imperial_units,
+                },
+            }
+
+        return serialized_user
+
 
 class UserSportPreference(BaseModel):
     __tablename__ = 'users_sports_preferences'
diff --git a/fittrackee/users/roles.py b/fittrackee/users/roles.py
new file mode 100644
index 000000000..3cfb7b75b
--- /dev/null
+++ b/fittrackee/users/roles.py
@@ -0,0 +1,7 @@
+from enum import Enum
+
+
+class UserRole(Enum):
+    ADMIN = 'admin'
+    AUTH_USER = 'auth_user'
+    USER = 'user'
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index f53170efd..db05433e4 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -29,6 +29,7 @@
     UserNotFoundException,
 )
 from .models import User, UserSportPreference
+from .roles import UserRole
 from .utils.admin import set_admin_rights
 
 users_blueprint = Blueprint('users', __name__)
@@ -223,9 +224,10 @@ def get_users(auth_user: User) -> Dict:
         .paginate(page, per_page, False)
     )
     users = users_pagination.items
+    role = UserRole.ADMIN if auth_user.admin else UserRole.USER
     return {
         'status': 'success',
-        'data': {'users': [user.serialize() for user in users]},
+        'data': {'users': [user.serialize(role) for user in users]},
         'pagination': {
             'has_next': users_pagination.has_next,
             'has_prev': users_pagination.has_prev,
@@ -340,10 +342,11 @@ def get_single_user(
     """
     try:
         user = User.query.filter_by(username=user_name).first()
+        role = UserRole.ADMIN if auth_user.admin else UserRole.USER
         if user:
             return {
                 'status': 'success',
-                'data': {'users': [user.serialize()]},
+                'data': {'users': [user.serialize(role=role)]},
             }
     except ValueError:
         pass
@@ -507,7 +510,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         db.session.commit()
         return {
             'status': 'success',
-            'data': {'users': [user.serialize()]},
+            'data': {'users': [user.serialize(role=UserRole.ADMIN)]},
         }
     except exc.StatementError as e:
         return handle_error_and_return_response(e, db=db)

From 151f604d6eb3ebb166f669d91dd53af9c66f7a2c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 2 Dec 2021 14:24:39 +0100
Subject: [PATCH 052/238] API - add endpoints to get followers/following users

---
 .../tests/users/test_users_followers_api.py   | 497 ++++++++++++++++++
 fittrackee/users/users.py                     |  72 ++-
 2 files changed, 568 insertions(+), 1 deletion(-)
 create mode 100644 fittrackee/tests/users/test_users_followers_api.py

diff --git a/fittrackee/tests/users/test_users_followers_api.py b/fittrackee/tests/users/test_users_followers_api.py
new file mode 100644
index 000000000..e9fab673f
--- /dev/null
+++ b/fittrackee/tests/users/test_users_followers_api.py
@@ -0,0 +1,497 @@
+import json
+from datetime import datetime
+from typing import List
+from unittest.mock import patch
+
+from flask import Flask
+
+from fittrackee.users.models import FollowRequest, User
+
+from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import random_string
+
+
+class FollowersAsUserTestCase(ApiTestCaseMixin):
+    @staticmethod
+    def approves_follow_requests(
+        follows_requests: List[FollowRequest],
+    ) -> None:
+        for follows_request in follows_requests:
+            follows_request.is_approved = True
+            follows_request.updated_at = datetime.utcnow()
+
+
+class TestFollowersAsUser(FollowersAsUserTestCase):
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{random_string()}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_returns_empty_list_if_no_followers(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['followers'] == []
+
+    def test_it_returns_followers(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_2_to_user_1,
+                follow_request_from_user_3_to_user_1,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['followers']) == 2
+        assert data['data']['followers'][0]['username'] == user_3.username
+        assert data['data']['followers'][1]['username'] == user_2.username
+        assert 'email' not in data['data']['followers'][0]
+        assert 'email' not in data['data']['followers'][1]
+
+
+class TestFollowersAsAdmin(FollowersAsUserTestCase):
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app: Flask, user_1_admin: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{random_string()}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_returns_empty_list_if_no_followers(
+        self, app: Flask, user_1_admin: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1_admin.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['followers'] == []
+
+    def test_it_returns_followers(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_1_to_user_2,
+                follow_request_from_user_3_to_user_2,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['followers']) == 2
+        assert data['data']['followers'][0]['email'] == user_3.email
+        assert data['data']['followers'][1]['email'] == user_1.email
+
+
+class TestFollowersPagination(FollowersAsUserTestCase):
+    def test_it_returns_pagination_info(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
+    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    def test_it_returns_first_page_on_followers_list(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_1_to_user_2,
+                follow_request_from_user_3_to_user_2,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 2,
+        }
+
+    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    def test_it_returns_page_2_on_followers_list(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_1_to_user_2,
+                follow_request_from_user_3_to_user_2,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}/followers?page=2',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 2,
+        }
+
+
+class TestFollowingAsUser(FollowersAsUserTestCase):
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{random_string()}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_returns_empty_list_if_no_following_users(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['following'] == []
+
+    def test_it_returns_following_users(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_3_to_user_2,
+                follow_request_from_user_3_to_user_1,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_3.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['following']) == 2
+        assert data['data']['following'][0]['username'] == user_1.username
+        assert data['data']['following'][1]['username'] == user_2.username
+        assert 'email' not in data['data']['following'][0]
+        assert 'email' not in data['data']['following'][1]
+
+
+class TestFollowingAsAdmin(FollowersAsUserTestCase):
+    def test_it_returns_404_if_user_does_not_exist(
+        self, app: Flask, user_1_admin: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{random_string()}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_returns_empty_list_if_no_following_users(
+        self, app: Flask, user_1_admin: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1_admin.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['data']['following'] == []
+
+    def test_it_returns_following_users(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_3_to_user_2,
+                follow_request_from_user_3_to_user_1,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_3.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['following']) == 2
+        assert data['data']['following'][0]['email'] == user_1.email
+        assert data['data']['following'][1]['email'] == user_2.email
+
+
+class TestFollowingPagination(FollowersAsUserTestCase):
+    def test_it_returns_pagination_info(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
+    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    def test_it_returns_first_page_on_following_list(
+        self,
+        app: Flask,
+        user_1: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_3_to_user_1,
+                follow_request_from_user_3_to_user_2,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_3.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 2,
+        }
+
+    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    def test_it_returns_page_2_on_followers_list(
+        self,
+        app: Flask,
+        user_1: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        self.approves_follow_requests(
+            [
+                follow_request_from_user_3_to_user_1,
+                follow_request_from_user_3_to_user_2,
+            ]
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_3.username}/following?page=2',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 2,
+        }
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index db05433e4..a81e650c5 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -28,7 +28,7 @@
     FollowRequestAlreadyRejectedError,
     UserNotFoundException,
 )
-from .models import User, UserSportPreference
+from .models import FollowRequest, User, UserSportPreference
 from .roles import UserRole
 from .utils.admin import set_admin_rights
 
@@ -633,3 +633,73 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
     except FollowRequestAlreadyRejectedError:
         return ForbiddenErrorResponse()
     return successful_response_dict
+
+
+@users_blueprint.route('/users/<user_name>/followers', methods=['GET'])
+@authenticate
+def get_followers(
+    auth_user: User, user_name: str
+) -> Union[Dict, HttpResponse]:
+    params = request.args.copy()
+    page = int(params.get('page', 1))
+    user = User.query.filter_by(username=user_name).first()
+    if not user:
+        return UserNotFoundErrorResponse()
+
+    followers_pagination = user.followers.order_by(
+        FollowRequest.updated_at.desc()
+    ).paginate(page, USER_PER_PAGE, False)
+
+    return {
+        'status': 'success',
+        'data': {
+            'followers': [
+                follower.serialize(
+                    role=UserRole.ADMIN if auth_user.admin else UserRole.USER
+                )
+                for follower in followers_pagination.items
+            ]
+        },
+        'pagination': {
+            'has_next': followers_pagination.has_next,
+            'has_prev': followers_pagination.has_prev,
+            'page': followers_pagination.page,
+            'pages': followers_pagination.pages,
+            'total': followers_pagination.total,
+        },
+    }
+
+
+@users_blueprint.route('/users/<user_name>/following', methods=['GET'])
+@authenticate
+def get_following(
+    auth_user: User, user_name: str
+) -> Union[Dict, HttpResponse]:
+    params = request.args.copy()
+    page = int(params.get('page', 1))
+    user = User.query.filter_by(username=user_name).first()
+    if not user:
+        return UserNotFoundErrorResponse()
+
+    following_pagination = user.following.order_by(
+        FollowRequest.updated_at.desc()
+    ).paginate(page, USER_PER_PAGE, False)
+
+    return {
+        'status': 'success',
+        'data': {
+            'following': [
+                following.serialize(
+                    role=UserRole.ADMIN if auth_user.admin else UserRole.USER
+                )
+                for following in following_pagination.items
+            ]
+        },
+        'pagination': {
+            'has_next': following_pagination.has_next,
+            'has_prev': following_pagination.has_prev,
+            'page': following_pagination.page,
+            'pages': following_pagination.pages,
+            'total': following_pagination.total,
+        },
+    }

From fe20ac4a69b28e0c3f57c3bb6b467f16bc0f7873 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 2 Dec 2021 14:43:16 +0100
Subject: [PATCH 053/238] API - add follower/following count to user serializer

---
 fittrackee/tests/users/test_users_api.py   |  2 ++
 fittrackee/tests/users/test_users_model.py | 26 ++++++++++++++++++++++
 fittrackee/users/models.py                 |  2 ++
 3 files changed, 30 insertions(+)

diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 4dddedf7d..05a32ef8e 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -25,6 +25,8 @@ def assert_user(user_dict: Dict, user: User) -> None:
         assert user_dict['birth_date'] is None
         assert user_dict['bio'] is None
         assert user_dict['location'] is None
+        assert user_dict['followers'] == 0
+        assert user_dict['following'] == 0
         assert 'imperial_units' not in user_dict
         assert 'language' not in user_dict
         assert 'timezone' not in user_dict
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index ac040fe94..f2746c6b9 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -22,6 +22,8 @@ def assert_serialized_used(serialized_user: Dict) -> None:
         assert 'created_at' in serialized_user
         assert serialized_user['admin'] is False
         assert serialized_user['first_name'] is None
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
         assert serialized_user['last_name'] is None
         assert serialized_user['bio'] is None
         assert serialized_user['location'] is None
@@ -114,6 +116,30 @@ def test_it_returns_user_records(
         )
         assert serialized_user['records'][0]['workout_date']
 
+    def test_it_returns_followers_count(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.is_approved = True
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
+
+        serialized_user = user_1.serialize()
+        assert serialized_user['followers'] == 1
+
+    def test_it_returns_following_count(
+        self,
+        app: Flask,
+        user_1: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = True
+        follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
+
+        serialized_user = user_1.serialize()
+        assert serialized_user['following'] == 1
+
 
 class TestUserSportModel:
     def test_user_model(
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index f0e5a7288..1e5cf66a3 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -366,6 +366,8 @@ def serialize(self, role: Optional[UserRole] = None) -> Dict:
             'first_name': self.first_name,
             'last_name': self.last_name,
             'bio': self.bio,
+            'followers': self.followers.count(),
+            'following': self.following.count(),
             'location': self.location,
             'birth_date': self.birth_date,
             'picture': self.picture is not None,

From df03dcc2ff601b2092eabeb6a2fa3c84cc4e2524 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 2 Dec 2021 16:56:43 +0100
Subject: [PATCH 054/238] API - add decorator to get local actor

---
 fittrackee/federation/decorators.py | 21 ++++++++++++++++++++-
 fittrackee/federation/federation.py | 27 ++++++++++-----------------
 fittrackee/federation/inbox.py      | 18 +++---------------
 3 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/fittrackee/federation/decorators.py b/fittrackee/federation/decorators.py
index ca2a3ca91..673a5c634 100644
--- a/fittrackee/federation/decorators.py
+++ b/fittrackee/federation/decorators.py
@@ -7,9 +7,10 @@
 from fittrackee.responses import (
     DisabledFederationErrorResponse,
     InternalServerErrorResponse,
+    UserNotFoundErrorResponse,
 )
 
-from .models import Domain
+from .models import Actor, Domain
 
 
 def federation_required(f: Callable) -> Callable:
@@ -26,3 +27,21 @@ def decorated_function(*args: Any, **kwargs: Any) -> Callable:
         return f(app_domain, *args, **kwargs)
 
     return decorated_function
+
+
+def get_local_actor_from_username(f: Callable) -> Callable:
+    @wraps(f)
+    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
+        app_domain = args[0]
+        preferred_username = kwargs.get('preferred_username')
+        if not preferred_username:
+            return UserNotFoundErrorResponse()
+        actor = Actor.query.filter_by(
+            preferred_username=preferred_username,
+            domain_id=app_domain.id,
+        ).first()
+        if not actor:
+            return UserNotFoundErrorResponse()
+        return f(actor, *args, **kwargs)
+
+    return decorated_function
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 84d691325..4d2929afc 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -4,15 +4,11 @@
 
 from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.utils_user import create_remote_user
-from fittrackee.responses import (
-    HttpResponse,
-    InvalidPayloadErrorResponse,
-    UserNotFoundErrorResponse,
-)
+from fittrackee.responses import HttpResponse, InvalidPayloadErrorResponse
 from fittrackee.users.decorators import authenticate
 from fittrackee.users.models import User
 
-from .decorators import federation_required
+from .decorators import federation_required, get_local_actor_from_username
 from .inbox import inbox
 from .models import Actor, Domain
 
@@ -23,7 +19,10 @@
     '/user/<string:preferred_username>', methods=['GET']
 )
 @federation_required
-def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
+@get_local_actor_from_username
+def get_actor(
+    local_actor: Actor, app_domain: Domain, preferred_username: str
+) -> HttpResponse:
     """
     Get a local actor
 
@@ -73,15 +72,8 @@ def get_actor(app_domain: Domain, preferred_username: str) -> HttpResponse:
     :statuscode 404: user does not exist
 
     """
-    actor = Actor.query.filter_by(
-        preferred_username=preferred_username,
-        domain_id=app_domain.id,
-    ).first()
-    if not actor:
-        return UserNotFoundErrorResponse()
-
     return HttpResponse(
-        response=actor.serialize(),
+        response=local_actor.serialize(),
         content_type='application/jrd+json; charset=utf-8',
     )
 
@@ -171,8 +163,9 @@ def remote_actor(
     '/user/<string:preferred_username>/inbox', methods=['POST']
 )
 @federation_required
+@get_local_actor_from_username
 def user_inbox(
-    app_domain: Domain, preferred_username: str
+    local_actor: Actor, app_domain: Domain, preferred_username: str
 ) -> Union[Dict, HttpResponse]:
     """
     Post an activity to user inbox
@@ -205,4 +198,4 @@ def user_inbox(
     :statuscode 404: user does not exist
 
     """
-    return inbox(request, app_domain, preferred_username)
+    return inbox(request)
diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index 1e8c53d1e..b5bad5350 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -1,6 +1,6 @@
 from datetime import datetime
 from json import dumps
-from typing import Dict, Optional, Union
+from typing import Dict, Union
 from urllib.parse import urlparse
 
 import requests
@@ -11,11 +11,10 @@
     HttpResponse,
     InvalidPayloadErrorResponse,
     UnauthorizedErrorResponse,
-    UserNotFoundErrorResponse,
 )
 
 from .exceptions import InvalidSignatureException
-from .models import Actor, Domain
+from .models import Actor
 from .signature import (
     VALID_DATE_FORMAT,
     SignatureVerification,
@@ -26,18 +25,7 @@
 from .utils import is_invalid_activity_data
 
 
-def inbox(
-    request: Request, app_domain: Domain, username: Optional[str]
-) -> Union[Dict, HttpResponse]:
-    # if user inbox
-    if username:
-        recipient = Actor.query.filter_by(
-            preferred_username=username,
-            domain_id=app_domain.id,
-        ).first()
-        if not recipient:
-            return UserNotFoundErrorResponse()
-
+def inbox(request: Request) -> Union[Dict, HttpResponse]:
     activity_data = request.get_json()
     if not activity_data or is_invalid_activity_data(activity_data):
         return InvalidPayloadErrorResponse()

From 137dc0a31e984fd35e532530fb1658ec9fb354c5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 17:14:25 +0100
Subject: [PATCH 055/238] API - add endpoints for federation
 following/followers URLs

wip
---
 fittrackee/federation/collections.py          |  47 ++
 fittrackee/federation/federation.py           | 189 +++++++-
 .../federation/test_federation_federation.py  | 402 +++++++++++++++++-
 .../fixtures/fixtures_federation_users.py     |  26 ++
 4 files changed, 661 insertions(+), 3 deletions(-)
 create mode 100644 fittrackee/federation/collections.py

diff --git a/fittrackee/federation/collections.py b/fittrackee/federation/collections.py
new file mode 100644
index 000000000..0a5e281aa
--- /dev/null
+++ b/fittrackee/federation/collections.py
@@ -0,0 +1,47 @@
+from typing import Dict
+
+from flask_sqlalchemy import BaseQuery, Pagination
+
+CONTEXT = 'https://www.w3.org/ns/activitystreams'
+
+
+class OrderedCollection:
+    def __init__(self, url: str, base_query: BaseQuery) -> None:
+        self._url = url
+        self._base_query = base_query
+        self._type = 'OrderedCollection'
+
+    def serialize(self) -> Dict:
+        return {
+            '@context': CONTEXT,
+            'id': self._url,
+            'first': f'{self._url}?page=1',
+            'totalItems': self._base_query.count(),
+            'type': self._type,
+        }
+
+
+class OrderedCollectionPage:
+    def __init__(self, url: str, pagination: Pagination) -> None:
+        self._url = url
+        self._pagination = pagination
+        self._type = 'OrderedCollectionPage'
+
+    def serialize(self) -> Dict:
+        ordered_items = [
+            user.actor.activitypub_id for user in self._pagination.items
+        ]
+        page = self._pagination.page
+        collection_page_dict = {
+            '@context': CONTEXT,
+            'id': f'{self._url}?page={page}',
+            'orderedItems': ordered_items,
+            'partOf': self._url,
+            'totalItems': self._pagination.total,
+            'type': self._type,
+        }
+        if self._pagination.has_next and self._pagination.total > 0:
+            collection_page_dict['next'] = f'{self._url}?page={page + 1}'
+        if self._pagination.has_prev and self._pagination.total > 0:
+            collection_page_dict['prev'] = f'{self._url}?page={page - 1}'
+        return collection_page_dict
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 4d2929afc..3b3fc38c9 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -4,10 +4,15 @@
 
 from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.utils_user import create_remote_user
-from fittrackee.responses import HttpResponse, InvalidPayloadErrorResponse
+from fittrackee.responses import (
+    HttpResponse,
+    InvalidPayloadErrorResponse,
+    handle_error_and_return_response,
+)
 from fittrackee.users.decorators import authenticate
-from fittrackee.users.models import User
+from fittrackee.users.models import FollowRequest, User
 
+from .collections import OrderedCollection, OrderedCollectionPage
 from .decorators import federation_required, get_local_actor_from_username
 from .inbox import inbox
 from .models import Actor, Domain
@@ -15,6 +20,9 @@
 ap_federation_blueprint = Blueprint('ap_federation', __name__)
 
 
+USERS_PER_PAGE = 10
+
+
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>', methods=['GET']
 )
@@ -199,3 +207,180 @@ def user_inbox(
 
     """
     return inbox(request)
+
+
+def get_relationships(
+    local_actor: Actor, relation: str
+) -> Union[Dict, HttpResponse]:
+    params = request.args.copy()
+    page = params.get('page')
+
+    if relation == 'followers':
+        relations_object = local_actor.user.followers
+        url = local_actor.followers_url
+    else:
+        relations_object = local_actor.user.following
+        url = local_actor.following_url
+
+    if page is None:
+        collection = OrderedCollection(url, relations_object)
+        return collection.serialize()
+
+    try:
+        paginated_relations = relations_object.order_by(
+            FollowRequest.updated_at.desc()
+        ).paginate(int(page), USERS_PER_PAGE, False)
+        collection_page = OrderedCollectionPage(url, paginated_relations)
+        return collection_page.serialize()
+    except ValueError as e:
+        return handle_error_and_return_response(e)
+
+
+@ap_federation_blueprint.route(
+    '/user/<string:preferred_username>/followers', methods=['GET']
+)
+@federation_required
+@get_local_actor_from_username
+def user_followers(
+    local_actor: Actor, app_domain: Domain, preferred_username: str
+) -> Union[Dict, HttpResponse]:
+    """
+    Get local actor followers
+
+    - ordered collection
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /federation/user/sam/followers HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "@context": "https://www.w3.org/ns/activitystreams",
+        "first": "https://example.com/federation/user/Sam/followers?page=1",
+        "id": "https://example.com/federation/user/Sam/followers",
+        "totalItems": 1,
+        "type": "OrderedCollection"
+      }
+
+    - ordered collection page
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /federation/user/sam/followers?page=1 HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "@context": "https://www.w3.org/ns/activitystreams",
+        "id": "https://example.com/federation/user/Sam/followers?page=1",
+        "orderedItems": [
+          "https://another-instance.com/users/admin"
+        ],
+        "partOf": "https://example.com/federation/user/Sam/followers",
+        "totalItems": 1,
+        "type": "OrderedCollectionPage"
+      }
+
+    :param string preferred_username: actor preferred username
+
+    :query integer page: page if using pagination (default: 1)
+
+    :statuscode 200: success
+    :statuscode 403: error, federation is disabled for this instance
+    :statuscode 404: user does not exist
+    :statuscode 500: error, please try again or contact the administrator
+
+    """
+    return get_relationships(local_actor, relation='followers')
+
+
+@ap_federation_blueprint.route(
+    '/user/<string:preferred_username>/following', methods=['GET']
+)
+@federation_required
+@get_local_actor_from_username
+def user_following(
+    local_actor: Actor, app_domain: Domain, preferred_username: str
+) -> Union[Dict, HttpResponse]:
+    """
+    Get local actor following
+
+    - ordered collection
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /federation/user/sam/following HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "@context": "https://www.w3.org/ns/activitystreams",
+        "first": "https://example.com/federation/user/Sam/following?page=1",
+        "id": "https://example.com/federation/user/Sam/following",
+        "totalItems": 1,
+        "type": "OrderedCollection"
+      }
+
+    - ordered collection page
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      GET /federation/user/sam/following?page=1 HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/jrd+json; charset=utf-8
+
+      {
+        "@context": "https://www.w3.org/ns/activitystreams",
+        "id": "https://example.com/federation/user/Sam/following?page=1",
+        "orderedItems": [
+          "https://another-instance.com/users/admin"
+        ],
+        "partOf": "https://example.com/federation/user/Sam/following",
+        "totalItems": 1,
+        "type": "OrderedCollectionPage"
+      }
+
+    :param string preferred_username: actor preferred username
+
+    :query integer page: page if using pagination (default: 1)
+
+    :statuscode 200: success
+    :statuscode 403: error, federation is disabled for this instance
+    :statuscode 404: user does not exist
+    :statuscode 500: error, please try again or contact the administrator
+
+    """
+    return get_relationships(local_actor, relation='following')
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index df76c3a83..c43d86046 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -6,7 +6,7 @@
 
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
-from fittrackee.users.models import User
+from fittrackee.users.models import FollowRequest, User
 
 from ...test_case_mixins import ApiTestCaseMixin
 from ...utils import RandomActor
@@ -174,3 +174,403 @@ def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
             assert response.status_code == 200
             data = json.loads(response.data.decode())
             assert data == remote_user_object
+
+
+class TestLocalActorFollowers(ApiTestCaseMixin):
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask
+    ) -> None:
+        client = app.test_client()
+
+        response = client.get(
+            f'/federation/user/{uuid4().hex}/followers',
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, federation is disabled for this instance'
+            in data['message']
+        )
+
+    def test_it_returns_404_if_actor_does_not_exist(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{uuid4().hex}/followers',
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    def test_it_returns_ordered_collection_without_follower(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': actor_1.followers_url,
+            'type': 'OrderedCollection',
+            'totalItems': 0,
+            'first': f'{actor_1.followers_url}?page=1',
+        }
+
+    def test_it_returns_first_page_without_followers(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers?page=1',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.followers_url}?page=1',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 0,
+            'partOf': actor_1.followers_url,
+            'orderedItems': [],
+        }
+
+    def test_it_returns_error_if_page_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers?page=un',
+        )
+
+        assert response.status_code == 500
+        data = json.loads(response.data.decode())
+        assert data == {
+            'message': 'error, please try again or contact the administrator',
+            'status': 'error',
+        }
+
+    def test_it_does_not_return_error_when_page_that_does_not_return_followers(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers?page=2',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.followers_url}?page=2',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 0,
+            'partOf': actor_1.followers_url,
+            'orderedItems': [],
+        }
+
+    def test_it_returns_first_page_with_followers(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        actor_1.user.approves_follow_request_from(actor_2.user)
+        actor_1.user.approves_follow_request_from(actor_3.user)
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers?page=1',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.followers_url}?page=1',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 2,
+            'partOf': actor_1.followers_url,
+            'orderedItems': [actor_3.activitypub_id, actor_2.activitypub_id],
+        }
+
+    @patch('fittrackee.federation.federation.USERS_PER_PAGE', 1)
+    def test_it_returns_first_page_with_next_page_link(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        actor_1.user.approves_follow_request_from(actor_2.user)
+        actor_1.user.approves_follow_request_from(actor_3.user)
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers?page=1',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.followers_url}?page=1',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 2,
+            'partOf': actor_1.followers_url,
+            'next': f'{actor_1.followers_url}?page=2',
+            'orderedItems': [
+                actor_3.activitypub_id,
+            ],
+        }
+
+    @patch('fittrackee.federation.federation.USERS_PER_PAGE', 1)
+    def test_it_returns_next_page(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        actor_1.user.approves_follow_request_from(actor_2.user)
+        actor_1.user.approves_follow_request_from(actor_3.user)
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/followers?page=2',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.followers_url}?page=2',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 2,
+            'partOf': actor_1.followers_url,
+            'prev': f'{actor_1.followers_url}?page=1',
+            'orderedItems': [
+                actor_2.activitypub_id,
+            ],
+        }
+
+
+class TestLocalActorFollowing(ApiTestCaseMixin):
+    def test_it_returns_error_if_federation_is_disabled(
+        self, app: Flask
+    ) -> None:
+        client = app.test_client()
+
+        response = client.get(
+            f'/federation/user/{uuid4().hex}/following',
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert (
+            'error, federation is disabled for this instance'
+            in data['message']
+        )
+
+    def test_it_returns_404_if_actor_does_not_exist(
+        self, app_with_federation: Flask
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{uuid4().hex}/following',
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    def test_it_returns_ordered_collection_without_following(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/following',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': actor_1.following_url,
+            'type': 'OrderedCollection',
+            'totalItems': 0,
+            'first': f'{actor_1.following_url}?page=1',
+        }
+
+    def test_it_returns_first_page_without_following(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/following?page=1',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.following_url}?page=1',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 0,
+            'partOf': actor_1.following_url,
+            'orderedItems': [],
+        }
+
+    def test_it_returns_error_if_page_is_invalid(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/following?page=un',
+        )
+
+        assert response.status_code == 500
+        data = json.loads(response.data.decode())
+        assert data == {
+            'message': 'error, please try again or contact the administrator',
+            'status': 'error',
+        }
+
+    def test_it_does_not_return_error_when_page_that_does_not_return_following(
+        self, app_with_federation: Flask, actor_1: Actor
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_1.preferred_username}/following?page=2',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_1.following_url}?page=2',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 0,
+            'partOf': actor_1.following_url,
+            'orderedItems': [],
+        }
+
+    def test_it_returns_first_page_with_following_users(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_3_to_user_2_with_federation: FollowRequest,
+        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        actor_1.user.approves_follow_request_from(actor_3.user)
+        actor_2.user.approves_follow_request_from(actor_3.user)
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_3.preferred_username}/following?page=1',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_3.following_url}?page=1',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 2,
+            'partOf': actor_3.following_url,
+            'orderedItems': [actor_2.activitypub_id, actor_1.activitypub_id],
+        }
+
+    @patch('fittrackee.federation.federation.USERS_PER_PAGE', 1)
+    def test_it_returns_first_page_with_next_page_link(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_3_to_user_2_with_federation: FollowRequest,
+        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        actor_1.user.approves_follow_request_from(actor_3.user)
+        actor_2.user.approves_follow_request_from(actor_3.user)
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_3.preferred_username}/following?page=1',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_3.following_url}?page=1',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 2,
+            'partOf': actor_3.following_url,
+            'next': f'{actor_3.following_url}?page=2',
+            'orderedItems': [
+                actor_2.activitypub_id,
+            ],
+        }
+
+    @patch('fittrackee.federation.federation.USERS_PER_PAGE', 1)
+    def test_it_returns_next_page(
+        self,
+        app_with_federation: Flask,
+        actor_1: Actor,
+        actor_2: Actor,
+        actor_3: Actor,
+        follow_request_from_user_3_to_user_2_with_federation: FollowRequest,
+        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+    ) -> None:
+        actor_1.user.approves_follow_request_from(actor_3.user)
+        actor_2.user.approves_follow_request_from(actor_3.user)
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f'/federation/user/{actor_3.preferred_username}/following?page=2',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data == {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': f'{actor_3.following_url}?page=2',
+            'type': 'OrderedCollectionPage',
+            'totalItems': 2,
+            'partOf': actor_3.following_url,
+            'prev': f'{actor_3.following_url}?page=1',
+            'orderedItems': [
+                actor_1.activitypub_id,
+            ],
+        }
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index 47c866829..e363089d0 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -31,6 +31,32 @@ def follow_request_from_user_2_to_user_1_with_federation(
     return follow_request
 
 
+@pytest.fixture()
+def follow_request_from_user_3_to_user_1_with_federation(
+    actor_1: Actor,
+    actor_3: Actor,
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=actor_3.user.id, followed_user_id=actor_1.user.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
+@pytest.fixture()
+def follow_request_from_user_3_to_user_2_with_federation(
+    actor_2: Actor,
+    actor_3: Actor,
+) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=actor_3.user.id, followed_user_id=actor_2.user.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request
+
+
 @pytest.fixture()
 def follow_request_from_remote_user_to_user_1(
     actor_1: Actor,

From 5c7c9918e7cdfa2b42a8ba39a2653f3358e487c5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 11:45:06 +0100
Subject: [PATCH 056/238] API - refacto

---
 fittrackee/application/app_config.py          |   9 +-
 fittrackee/tests/users/test_users_api.py      |   4 +-
 .../tests/users/test_users_followers_api.py   |   8 +-
 fittrackee/users/follow_requests.py           | 211 +++++++++++++
 fittrackee/users/users.py                     | 277 +++++++++++++++---
 5 files changed, 460 insertions(+), 49 deletions(-)

diff --git a/fittrackee/application/app_config.py b/fittrackee/application/app_config.py
index b11529e16..f209029cb 100644
--- a/fittrackee/application/app_config.py
+++ b/fittrackee/application/app_config.py
@@ -39,6 +39,7 @@ def get_application_config() -> Union[Dict, HttpResponse]:
 
       {
         "data": {
+          "federation_enabled": false,
           "gpx_limit_import": 10,
           "is_registration_enabled": false,
           "max_single_file_size": 1048576,
@@ -87,17 +88,21 @@ def update_application_config(auth_user: User) -> Union[Dict, HttpResponse]:
 
       {
         "data": {
+          "federation_enabled": true,
           "gpx_limit_import": 10,
           "is_registration_enabled": true,
           "max_single_file_size": 1048576,
           "max_zip_file_size": 10485760,
-          "max_users": 10
+          "max_users": 10,
+          "map_attribution": "&copy; <a href=http://www.openstreetmap.org/copyright>OpenStreetMap</a> contributors"
+          "version": "0.5.1"
         },
         "status": "success"
       }
 
+    :<json boolean federation_enabled: is federation enabled?
     :<json integer gpx_limit_import: max number of files in zip archive
-    :<json boolean is_registration_enabled: is registration enabled ?
+    :<json boolean is_registration_enabled: is registration enabled?
     :<json integer max_single_file_size: max size of a single file
     :<json integer max_zip_file_size: max size of a zip archive
     :<json integer max_users: max users allowed to register on instance
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 05a32ef8e..7853b3f34 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -327,7 +327,7 @@ def test_it_gets_users_list_with_workouts(
             'total': 3,
         }
 
-    @patch('fittrackee.users.users.USER_PER_PAGE', 2)
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 2)
     def test_it_gets_first_page_on_users_list(
         self,
         app: Flask,
@@ -356,7 +356,7 @@ def test_it_gets_first_page_on_users_list(
             'total': 3,
         }
 
-    @patch('fittrackee.users.users.USER_PER_PAGE', 2)
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 2)
     def test_it_gets_next_page_on_users_list(
         self,
         app: Flask,
diff --git a/fittrackee/tests/users/test_users_followers_api.py b/fittrackee/tests/users/test_users_followers_api.py
index e9fab673f..a245722c5 100644
--- a/fittrackee/tests/users/test_users_followers_api.py
+++ b/fittrackee/tests/users/test_users_followers_api.py
@@ -188,7 +188,7 @@ def test_it_returns_pagination_info(
             'total': 0,
         }
 
-    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 1)
     def test_it_returns_first_page_on_followers_list(
         self,
         app: Flask,
@@ -223,7 +223,7 @@ def test_it_returns_first_page_on_followers_list(
             'total': 2,
         }
 
-    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 1)
     def test_it_returns_page_2_on_followers_list(
         self,
         app: Flask,
@@ -426,7 +426,7 @@ def test_it_returns_pagination_info(
             'total': 0,
         }
 
-    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 1)
     def test_it_returns_first_page_on_following_list(
         self,
         app: Flask,
@@ -461,7 +461,7 @@ def test_it_returns_first_page_on_following_list(
             'total': 2,
         }
 
-    @patch('fittrackee.users.users.USER_PER_PAGE', 1)
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 1)
     def test_it_returns_page_2_on_followers_list(
         self,
         app: Flask,
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index 23cc818ab..f6f45b3e7 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -32,6 +32,127 @@
 @follow_requests_blueprint.route('/follow_requests', methods=['GET'])
 @authenticate
 def get_follow_requests(auth_user: User) -> Dict:
+    """
+    Get follow requests to process, received by authenticated user.
+
+    **Example requests**:
+
+    - without parameters
+
+    .. sourcecode:: http
+
+      GET /api/follow_requests/ HTTP/1.1
+
+    - with some query parameters
+
+    .. sourcecode:: http
+
+      GET /api/follow_requests?page=1&order=desc  HTTP/1.1
+
+    **Example responses**:
+
+    - if federation is disabled
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": {
+          "follow_requests": [
+            {
+              "admin": false,
+              "bio": null,
+              "birth_date": null,
+              "created_at": "Thu, 02 Dec 2021 17:50:48 GMT",
+              "first_name": null,
+              "followers": 1,
+              "following": 1,
+              "last_name": null,
+              "location": null,
+              "nb_sports": 0,
+              "nb_workouts": 0,
+              "picture": false,
+              "records": [],
+              "sports_list": [],
+              "total_distance": 0.0,
+              "total_duration": "0:00:00",
+              "username": "Sam"
+            }
+          ]
+        },
+        "pagination": {
+          "has_next": false,
+          "has_prev": false,
+          "page": 1,
+          "pages": 1,
+          "total": 1
+        },
+        "status": "success"
+      }
+
+    - if federation is enabled
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": {
+          "follow_requests": [
+            {
+              "@context": [
+                "https://www.w3.org/ns/activitystreams",
+                "https://w3id.org/security/v1"
+              ],
+              "endpoints": {
+                "sharedInbox": "https://example.com/federation/inbox"
+              },
+              "followers": "https://example.com/federation/user/Sam/followers",
+              "following": "https://example.com/federation/user/Sam/following",
+              "id": "https://example.com/federation/user/Sam",
+              "inbox": "https://example.com/federation/user/Sam/inbox",
+              "manuallyApprovesFollowers": true,
+              "name": "Sam",
+              "outbox": "https://example.com/federation/user/Sam/outbox",
+              "preferredUsername": "Sam",
+              "publicKey": {
+                "id": "https://example.com/federation/user/Sam#main-key",
+                "owner": "https://example.com/federation/user/Sam",
+                "publicKeyPem": "[PUBLIC KEY]"
+              },
+              "type": "Person",
+              "url": "https://example.com/users/Sam"
+            }
+          ]
+        },
+        "pagination": {
+          "has_next": false,
+          "has_prev": false,
+          "page": 1,
+          "pages": 1,
+          "total": 1
+        },
+        "status": "success"
+      }
+
+    :query integer page: page if using pagination (default: 1)
+    :query integer per_page: number of follow requests per page
+                             (default: 10, max: 50)
+    :query string order: sorting order (default: ``asc``)
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 500:
+
+    """
     params = request.args.copy()
     page = int(params.get('page', 1))
     per_page = int(params.get('per_page', FOLLOW_REQUESTS_PER_PAGE))
@@ -108,6 +229,51 @@ def process_follow_request(
 def accept_follow_request(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
+    """
+    Accept a follow request.
+
+    **Example requests**:
+
+    - from local instance
+
+    .. sourcecode:: http
+
+      POST /api/follow_requests/Sam/accept HTTP/1.1
+
+    - from remote instance
+
+    .. sourcecode:: http
+
+      POST /api/follow_requests/sam@remote-instance.net/accept HTTP/1.1
+
+    **Example responses**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success",
+        "message": "Follow request from user 'Sam' is accepted.",
+      }
+
+    :param string user_name: user name
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 400:
+        - Follow request from user 'user_name' already accepted.
+    :statuscode 404:
+        - user does not exist
+        - Follow request does not exist.
+
+    """
     return process_follow_request(auth_user, user_name, 'accept')
 
 
@@ -118,4 +284,49 @@ def accept_follow_request(
 def reject_follow_request(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
+    """
+    Reject a follow request.
+
+    **Example requests**:
+
+    - from local instance
+
+    .. sourcecode:: http
+
+      POST /api/follow_requests/Sam/reject HTTP/1.1
+
+    - from remote instance
+
+    .. sourcecode:: http
+
+      POST /api/follow_requests/sam@remote-instance.net/reject HTTP/1.1
+
+    **Example responses**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success",
+        "message": "Follow request from user 'Sam' is rejected.",
+      }
+
+    :param string user_name: user name
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 400:
+        - Follow request from user 'user_name' already rejected.
+    :statuscode 404:
+        - user does not exist
+        - Follow request does not exist.
+
+    """
     return process_follow_request(auth_user, user_name, 'reject')
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index a81e650c5..4a3d58edb 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -34,7 +34,7 @@
 
 users_blueprint = Blueprint('users', __name__)
 
-USER_PER_PAGE = 10
+USERS_PER_PAGE = 10
 
 
 @users_blueprint.cli.command('set-admin')
@@ -185,7 +185,7 @@ def get_users(auth_user: User) -> Dict:
     """
     params = request.args.copy()
     page = int(params.get('page', 1))
-    per_page = int(params.get('per_page', USER_PER_PAGE))
+    per_page = int(params.get('per_page', USERS_PER_PAGE))
     if per_page > 50:
         per_page = 50
     order_by = params.get('order_by')
@@ -613,6 +613,56 @@ def delete_user(
 @users_blueprint.route('/users/<user_name>/follow', methods=['POST'])
 @authenticate
 def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
+    """
+    Send a follow request to a user.
+    If federation is enabled, it sends a follow request to remote instance
+    if the targeted user is a remote user.
+
+    **Example request**:
+
+    - follow local user
+
+    .. sourcecode:: http
+
+      POST /api/users/john_doe/follow HTTP/1.1
+      Content-Type: application/json
+
+    - follow remote user
+
+    .. sourcecode:: http
+
+      POST /api/users/sam@remote-instance.net/follow HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success",
+        "message": "Follow request to user 'john_doe' is sent.",
+      }
+
+
+    :param string user_name: user name
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 403:
+        - you do not have permissions
+    :statuscode 404:
+        - user does not exist
+    :statuscode 500: error, please try again or contact the administrator
+
+    """
     successful_response_dict = {
         'status': 'success',
         'message': f"Follow request to user '{user_name}' is sent.",
@@ -635,71 +685,216 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
     return successful_response_dict
 
 
-@users_blueprint.route('/users/<user_name>/followers', methods=['GET'])
-@authenticate
-def get_followers(
-    auth_user: User, user_name: str
+def get_user_relationships(
+    auth_user: User, user_name: str, relation: str
 ) -> Union[Dict, HttpResponse]:
     params = request.args.copy()
-    page = int(params.get('page', 1))
+    try:
+        page = int(params.get('page', 1))
+    except ValueError:
+        page = 1
+
     user = User.query.filter_by(username=user_name).first()
     if not user:
         return UserNotFoundErrorResponse()
 
-    followers_pagination = user.followers.order_by(
+    relations_object = (
+        user.followers if relation == 'followers' else user.following
+    )
+
+    paginated_relations = relations_object.order_by(
         FollowRequest.updated_at.desc()
-    ).paginate(page, USER_PER_PAGE, False)
+    ).paginate(page, USERS_PER_PAGE, False)
 
     return {
         'status': 'success',
         'data': {
-            'followers': [
-                follower.serialize(
+            relation: [
+                user.serialize(
                     role=UserRole.ADMIN if auth_user.admin else UserRole.USER
                 )
-                for follower in followers_pagination.items
+                for user in paginated_relations.items
             ]
         },
         'pagination': {
-            'has_next': followers_pagination.has_next,
-            'has_prev': followers_pagination.has_prev,
-            'page': followers_pagination.page,
-            'pages': followers_pagination.pages,
-            'total': followers_pagination.total,
+            'has_next': paginated_relations.has_next,
+            'has_prev': paginated_relations.has_prev,
+            'page': paginated_relations.page,
+            'pages': paginated_relations.pages,
+            'total': paginated_relations.total,
         },
     }
 
 
+@users_blueprint.route('/users/<user_name>/followers', methods=['GET'])
+@authenticate
+def get_followers(
+    auth_user: User, user_name: str
+) -> Union[Dict, HttpResponse]:
+    """
+    Get user followers.
+    If the authenticate user has admin rights, it returns following users with
+    additional field 'email'
+
+    **Example request**:
+
+    - without parameters
+
+    .. sourcecode:: http
+
+      GET /api/users/sam/followers HTTP/1.1
+      Content-Type: application/json
+
+    - with page parameter
+
+    .. sourcecode:: http
+
+      GET /api/users/sam/followers?page=1 HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": {
+          "followers": [
+            {
+              "admin": false,
+              "bio": null,
+              "birth_date": null,
+              "created_at": "Thu, 02 Dec 2021 17:50:48 GMT",
+              "first_name": null,
+              "followers": 1,
+              "following": 1,
+              "last_name": null,
+              "location": null,
+              "nb_sports": 0,
+              "nb_workouts": 0,
+              "picture": false,
+              "records": [],
+              "sports_list": [],
+              "total_distance": 0.0,
+              "total_duration": "0:00:00",
+              "username": "JohnDoe"
+            }
+          ]
+        },
+        "pagination": {
+          "has_next": false,
+          "has_prev": false,
+          "page": 1,
+          "pages": 1,
+          "total": 1
+        },
+        "status": "success"
+      }
+
+    :param string user_name: user name
+
+    :query integer page: page if using pagination (default: 1)
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 403:
+        - you do not have permissions
+    :statuscode 404:
+        - user does not exist
+
+    """
+    return get_user_relationships(auth_user, user_name, 'followers')
+
+
 @users_blueprint.route('/users/<user_name>/following', methods=['GET'])
 @authenticate
 def get_following(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
-    params = request.args.copy()
-    page = int(params.get('page', 1))
-    user = User.query.filter_by(username=user_name).first()
-    if not user:
-        return UserNotFoundErrorResponse()
+    """
+    Get user following.
+    If the authenticate user has admin rights, it returns following users with
+    additional field 'email'
 
-    following_pagination = user.following.order_by(
-        FollowRequest.updated_at.desc()
-    ).paginate(page, USER_PER_PAGE, False)
+    **Example request**:
 
-    return {
-        'status': 'success',
-        'data': {
-            'following': [
-                following.serialize(
-                    role=UserRole.ADMIN if auth_user.admin else UserRole.USER
-                )
-                for following in following_pagination.items
-            ]
+    - without parameters
+
+    .. sourcecode:: http
+
+      GET /api/users/sam/following HTTP/1.1
+      Content-Type: application/json
+
+    - with page parameter
+
+    .. sourcecode:: http
+
+      GET /api/users/sam/following?page=1 HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": {
+          "following": [
+            {
+              "admin": false,
+              "bio": null,
+              "birth_date": null,
+              "created_at": "Thu, 02 Dec 2021 17:50:48 GMT",
+              "first_name": null,
+              "followers": 1,
+              "following": 1,
+              "last_name": null,
+              "location": null,
+              "nb_sports": 0,
+              "nb_workouts": 0,
+              "picture": false,
+              "records": [],
+              "sports_list": [],
+              "total_distance": 0.0,
+              "total_duration": "0:00:00",
+              "username": "JohnDoe"
+            }
+          ]
         },
-        'pagination': {
-            'has_next': following_pagination.has_next,
-            'has_prev': following_pagination.has_prev,
-            'page': following_pagination.page,
-            'pages': following_pagination.pages,
-            'total': following_pagination.total,
+        "pagination": {
+          "has_next": false,
+          "has_prev": false,
+          "page": 1,
+          "pages": 1,
+          "total": 1
         },
-    }
+        "status": "success"
+      }
+
+    :param string user_name: user name
+
+    :query integer page: page if using pagination (default: 1)
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 403:
+        - you do not have permissions
+    :statuscode 404:
+        - user does not exist
+
+    """
+    return get_user_relationships(auth_user, user_name, 'following')

From d8c44bb7f9254ab60b08c716602acd22bc49f545 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 17:17:05 +0100
Subject: [PATCH 057/238] API - tests fixtures refactoring

---
 .../federation/test_federation_activities.py  | 123 +++++++-------
 .../federation/test_federation_federation.py  | 154 ++++++++++--------
 .../federation/test_federation_models.py      |  36 ++--
 .../federation/test_federation_nodeinfo.py    |  14 +-
 .../test_federation_remote_inbox.py           |  20 ++-
 .../federation/test_federation_signature.py   |  36 ++--
 .../test_federation_tasks_user_inbox.py       |  32 ++--
 .../federation/test_federation_utils_user.py  |   6 +-
 .../federation/test_federation_webfinger.py   |  15 +-
 .../federation/federation/test_users_inbox.py |  27 +--
 .../federation/users/test_users_follow_api.py |  75 +++++----
 .../users/test_users_follow_request_api.py    | 149 ++++++++---------
 .../federation/users/test_users_model.py      |  45 +++--
 fittrackee/tests/fixtures/fixtures_app.py     |   8 +-
 .../tests/fixtures/fixtures_federation.py     | 110 ++++---------
 .../fixtures/fixtures_federation_users.py     |  80 +--------
 fittrackee/tests/fixtures/fixtures_users.py   |  46 +++---
 fittrackee/tests/utils.py                     |  11 ++
 18 files changed, 475 insertions(+), 512 deletions(-)

diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index d9bf19a49..6aa85f5c4 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -17,7 +17,7 @@
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
-from fittrackee.users.models import FollowRequest
+from fittrackee.users.models import FollowRequest, User
 
 from ...utils import RandomActor, random_string
 
@@ -109,10 +109,10 @@ def generate_reject_activity(
 
 class TestFollowActivity(FollowRequestActivitiesTestCase):
     def test_it_raises_error_if_followed_actor_does_not_exist(
-        self, app_with_federation: Flask, remote_actor: Actor
+        self, app_with_federation: Flask, remote_user: User
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            follower_actor_id=remote_actor.activitypub_id
+            follower_actor_id=remote_user.actor.activitypub_id
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -127,12 +127,12 @@ def test_it_raises_error_if_followed_actor_does_not_exist(
     def test_it_creates_actor_if_remote_actor_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         random_actor: RandomActor,
     ) -> None:
         follow_activity = self.generate_follow_activity(
             follower_actor_id=random_actor.activitypub_id,
-            followed_actor=actor_1,
+            followed_actor=user_1.actor,
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -153,14 +153,14 @@ def test_it_creates_actor_if_remote_actor_does_not_exist(
     def test_it_raises_error_if_follow_request_already_rejected(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.rejects_follow_request_from(remote_actor.user)
+        user_1.rejects_follow_request_from(remote_user)
         follow_activity = self.generate_follow_activity(
-            follower_actor_id=remote_actor.activitypub_id,
-            followed_actor=actor_1,
+            follower_actor_id=remote_user.actor.activitypub_id,
+            followed_actor=user_1.actor,
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -170,11 +170,14 @@ def test_it_raises_error_if_follow_request_already_rejected(
             activity.process_activity()
 
     def test_it_creates_follow_request(
-        self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            follower_actor_id=remote_actor.activitypub_id,
-            followed_actor=actor_1,
+            follower_actor_id=remote_user.actor.activitypub_id,
+            followed_actor=user_1.actor,
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -183,21 +186,21 @@ def test_it_creates_follow_request(
         activity.process_activity()
 
         follow_request = FollowRequest.query.filter_by(
-            follower_user_id=remote_actor.user.id,
-            followed_user_id=actor_1.user.id,
+            follower_user_id=remote_user.id,
+            followed_user_id=user_1.id,
         ).first()
         assert follow_request is not None
 
     def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            follower_actor_id=remote_actor.activitypub_id,
-            followed_actor=actor_1,
+            follower_actor_id=remote_user.actor.activitypub_id,
+            followed_actor=remote_user.actor,
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -206,18 +209,18 @@ def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
         activity.process_activity()
 
         follow_request = FollowRequest.query.filter_by(
-            follower_user_id=remote_actor.user.id,
-            followed_user_id=actor_1.user.id,
+            follower_user_id=remote_user.id,
+            followed_user_id=user_1.id,
         ).first()
         assert follow_request.updated_at is None
 
 
 class TestAcceptActivity(FollowRequestActivitiesTestCase):
     def test_it_raises_error_if_follower_actor_does_not_exist(
-        self, app_with_federation: Flask, remote_actor: Actor
+        self, app_with_federation: Flask, remote_user: User
     ) -> None:
         accept_activity = self.generate_accept_activity(
-            followed_actor=remote_actor
+            followed_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -230,9 +233,11 @@ def test_it_raises_error_if_follower_actor_does_not_exist(
             activity.process_activity()
 
     def test_it_raises_error_if_followed_actor_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
-        accept_activity = self.generate_accept_activity(follower_actor=actor_1)
+        accept_activity = self.generate_accept_activity(
+            follower_actor=user_1.actor
+        )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
         )
@@ -246,11 +251,11 @@ def test_it_raises_error_if_followed_actor_does_not_exist(
     def test_it_raises_error_if_follow_request_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
         accept_activity = self.generate_accept_activity(
-            follower_actor=actor_1, followed_actor=remote_actor
+            follower_actor=user_1.actor, followed_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -262,13 +267,13 @@ def test_it_raises_error_if_follow_request_does_not_exist(
     def test_it_raises_error_if_follow_request_already_rejected(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
-        follow_request_from_user_1_to_remote_actor: FollowRequest,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
     ) -> None:
-        remote_actor.user.rejects_follow_request_from(actor_1.user)
+        remote_user.rejects_follow_request_from(user_1)
         accept_activity = self.generate_accept_activity(
-            follower_actor=actor_1, followed_actor=remote_actor
+            followed_actor=remote_user.actor, follower_actor=user_1.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -280,12 +285,12 @@ def test_it_raises_error_if_follow_request_already_rejected(
     def test_it_accepts_follow_request(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
-        follow_request_from_user_1_to_remote_actor: FollowRequest,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
     ) -> None:
         accept_activity = self.generate_accept_activity(
-            follower_actor=actor_1, followed_actor=remote_actor
+            follower_actor=user_1.actor, followed_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -294,8 +299,8 @@ def test_it_accepts_follow_request(
         activity.process_activity()
 
         follow_request = FollowRequest.query.filter_by(
-            follower_user_id=actor_1.user.id,
-            followed_user_id=remote_actor.user.id,
+            follower_user_id=user_1.id,
+            followed_user_id=remote_user.id,
         ).first()
 
         assert follow_request.is_approved
@@ -304,10 +309,10 @@ def test_it_accepts_follow_request(
 
 class TestRejectActivity(FollowRequestActivitiesTestCase):
     def test_it_raises_error_if_follower_actor_does_not_exist(
-        self, app_with_federation: Flask, remote_actor: Actor
+        self, app_with_federation: Flask, remote_user: User
     ) -> None:
         accept_activity = self.generate_reject_activity(
-            followed_actor=remote_actor
+            followed_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -320,9 +325,11 @@ def test_it_raises_error_if_follower_actor_does_not_exist(
             activity.process_activity()
 
     def test_it_raises_error_if_followed_actor_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
-        accept_activity = self.generate_reject_activity(follower_actor=actor_1)
+        accept_activity = self.generate_reject_activity(
+            follower_actor=user_1.actor
+        )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
         )
@@ -336,11 +343,11 @@ def test_it_raises_error_if_followed_actor_does_not_exist(
     def test_it_raises_error_if_follow_request_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
         accept_activity = self.generate_reject_activity(
-            follower_actor=actor_1, followed_actor=remote_actor
+            follower_actor=user_1.actor, followed_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -352,13 +359,13 @@ def test_it_raises_error_if_follow_request_does_not_exist(
     def test_it_raises_error_if_follow_request_already_rejected(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
-        follow_request_from_user_1_to_remote_actor: FollowRequest,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
     ) -> None:
-        remote_actor.user.rejects_follow_request_from(actor_1.user)
-        accept_activity = self.generate_reject_activity(
-            follower_actor=actor_1, followed_actor=remote_actor
+        remote_user.rejects_follow_request_from(user_1)
+        accept_activity = self.generate_accept_activity(
+            followed_actor=remote_user.actor, follower_actor=user_1.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -370,12 +377,12 @@ def test_it_raises_error_if_follow_request_already_rejected(
     def test_it_rejects_follow_request(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
-        follow_request_from_user_1_to_remote_actor: FollowRequest,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
     ) -> None:
         accept_activity = self.generate_reject_activity(
-            follower_actor=actor_1, followed_actor=remote_actor
+            follower_actor=user_1.actor, followed_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': accept_activity['type']})(
             activity_dict=accept_activity
@@ -384,8 +391,8 @@ def test_it_rejects_follow_request(
         activity.process_activity()
 
         follow_request = FollowRequest.query.filter_by(
-            follower_user_id=actor_1.user.id,
-            followed_user_id=remote_actor.user.id,
+            follower_user_id=user_1.id,
+            followed_user_id=remote_user.id,
         ).first()
 
         assert follow_request.is_approved is False
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index c43d86046..fe97e17a0 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -27,26 +27,26 @@ def test_it_returns_404_if_user_does_not_exist(
         assert 'user does not exist' in data['message']
 
     def test_it_returns_json_resource_descriptor_as_content_type(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
-            f'/federation/user/{actor_1.preferred_username}',
+            f'/federation/user/{user_1.actor.preferred_username}',
         )
 
         assert response.status_code == 200
         assert response.content_type == 'application/jrd+json; charset=utf-8'
 
     def test_it_returns_actor(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
-            f'/federation/user/{actor_1.preferred_username}',
+            f'/federation/user/{user_1.actor.preferred_username}',
         )
 
         data = json.loads(response.data.decode())
-        assert data == actor_1.serialize()
+        assert data == user_1.actor.serialize()
 
     def test_it_returns_error_if_federation_is_disabled(
         self, app: Flask, app_actor: Actor
@@ -103,10 +103,10 @@ def test_it_returns_error_if_user_is_not_logged(
         assert 'provide a valid auth token' in data['message']
 
     def test_it_returns_400_if_remote_user_url_is_missing(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
         response = client.post(
             '/federation/remote-user',
@@ -125,11 +125,11 @@ def test_it_returns_400_if_remote_user_url_is_missing(
     def test_it_returns_error_if_create_remote_user_returns_error(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
         with patch(
             'fittrackee.federation.utils_user.get_remote_actor'
@@ -153,12 +153,12 @@ def test_it_returns_error_if_create_remote_user_returns_error(
     def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         random_actor: RandomActor,
     ) -> None:
         remote_user_object = random_actor.get_remote_user_object()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
         with patch(
             'fittrackee.federation.utils_user.get_remote_actor'
@@ -209,8 +209,9 @@ def test_it_returns_404_if_actor_does_not_exist(
         assert 'user does not exist' in data['message']
 
     def test_it_returns_ordered_collection_without_follower(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -228,8 +229,9 @@ def test_it_returns_ordered_collection_without_follower(
         }
 
     def test_it_returns_first_page_without_followers(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -248,8 +250,9 @@ def test_it_returns_first_page_without_followers(
         }
 
     def test_it_returns_error_if_page_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -264,8 +267,9 @@ def test_it_returns_error_if_page_is_invalid(
         }
 
     def test_it_does_not_return_error_when_page_that_does_not_return_followers(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -286,14 +290,15 @@ def test_it_does_not_return_error_when_page_that_does_not_return_followers(
     def test_it_returns_first_page_with_followers(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
-        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.approves_follow_request_from(actor_2.user)
-        actor_1.user.approves_follow_request_from(actor_3.user)
+        actor_1 = user_1.actor
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -308,21 +313,25 @@ def test_it_returns_first_page_with_followers(
             'type': 'OrderedCollectionPage',
             'totalItems': 2,
             'partOf': actor_1.followers_url,
-            'orderedItems': [actor_3.activitypub_id, actor_2.activitypub_id],
+            'orderedItems': [
+                user_3.actor.activitypub_id,
+                user_2.actor.activitypub_id,
+            ],
         }
 
     @patch('fittrackee.federation.federation.USERS_PER_PAGE', 1)
     def test_it_returns_first_page_with_next_page_link(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
-        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.approves_follow_request_from(actor_2.user)
-        actor_1.user.approves_follow_request_from(actor_3.user)
+        actor_1 = user_1.actor
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -339,7 +348,7 @@ def test_it_returns_first_page_with_next_page_link(
             'partOf': actor_1.followers_url,
             'next': f'{actor_1.followers_url}?page=2',
             'orderedItems': [
-                actor_3.activitypub_id,
+                user_3.actor.activitypub_id,
             ],
         }
 
@@ -347,14 +356,15 @@ def test_it_returns_first_page_with_next_page_link(
     def test_it_returns_next_page(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
-        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.approves_follow_request_from(actor_2.user)
-        actor_1.user.approves_follow_request_from(actor_3.user)
+        actor_1 = user_1.actor
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -371,7 +381,7 @@ def test_it_returns_next_page(
             'partOf': actor_1.followers_url,
             'prev': f'{actor_1.followers_url}?page=1',
             'orderedItems': [
-                actor_2.activitypub_id,
+                user_2.actor.activitypub_id,
             ],
         }
 
@@ -409,8 +419,9 @@ def test_it_returns_404_if_actor_does_not_exist(
         assert 'user does not exist' in data['message']
 
     def test_it_returns_ordered_collection_without_following(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -428,8 +439,9 @@ def test_it_returns_ordered_collection_without_following(
         }
 
     def test_it_returns_first_page_without_following(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -448,8 +460,9 @@ def test_it_returns_first_page_without_following(
         }
 
     def test_it_returns_error_if_page_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -464,8 +477,9 @@ def test_it_returns_error_if_page_is_invalid(
         }
 
     def test_it_does_not_return_error_when_page_that_does_not_return_following(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -486,14 +500,15 @@ def test_it_does_not_return_error_when_page_that_does_not_return_following(
     def test_it_returns_first_page_with_following_users(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_3_to_user_2_with_federation: FollowRequest,
-        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.approves_follow_request_from(actor_3.user)
-        actor_2.user.approves_follow_request_from(actor_3.user)
+        actor_3 = user_3.actor
+        user_1.approves_follow_request_from(user_3)
+        user_2.approves_follow_request_from(user_3)
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -508,21 +523,25 @@ def test_it_returns_first_page_with_following_users(
             'type': 'OrderedCollectionPage',
             'totalItems': 2,
             'partOf': actor_3.following_url,
-            'orderedItems': [actor_2.activitypub_id, actor_1.activitypub_id],
+            'orderedItems': [
+                user_2.actor.activitypub_id,
+                user_1.actor.activitypub_id,
+            ],
         }
 
     @patch('fittrackee.federation.federation.USERS_PER_PAGE', 1)
     def test_it_returns_first_page_with_next_page_link(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_3_to_user_2_with_federation: FollowRequest,
-        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.approves_follow_request_from(actor_3.user)
-        actor_2.user.approves_follow_request_from(actor_3.user)
+        actor_3 = user_3.actor
+        user_1.approves_follow_request_from(user_3)
+        user_2.approves_follow_request_from(user_3)
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -539,7 +558,7 @@ def test_it_returns_first_page_with_next_page_link(
             'partOf': actor_3.following_url,
             'next': f'{actor_3.following_url}?page=2',
             'orderedItems': [
-                actor_2.activitypub_id,
+                user_2.actor.activitypub_id,
             ],
         }
 
@@ -547,14 +566,15 @@ def test_it_returns_first_page_with_next_page_link(
     def test_it_returns_next_page(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
-        follow_request_from_user_3_to_user_2_with_federation: FollowRequest,
-        follow_request_from_user_3_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
     ) -> None:
-        actor_1.user.approves_follow_request_from(actor_3.user)
-        actor_2.user.approves_follow_request_from(actor_3.user)
+        actor_3 = user_3.actor
+        user_1.approves_follow_request_from(user_3)
+        user_2.approves_follow_request_from(user_3)
         client = app_with_federation.test_client()
 
         response = client.get(
@@ -571,6 +591,6 @@ def test_it_returns_next_page(
             'partOf': actor_3.following_url,
             'prev': f'{actor_3.following_url}?page=1',
             'orderedItems': [
-                actor_1.activitypub_id,
+                user_1.actor.activitypub_id,
             ],
         }
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 5aec26c1a..0c7ceb43b 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -9,6 +9,7 @@
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils import get_ap_url
+from fittrackee.users.models import User
 
 from ...utils import random_actor_url
 
@@ -61,26 +62,28 @@ def test_it_returns_serialized_object(
 
 class TestActivityPubLocalPersonActorModel:
     def test_it_returns_string_representation(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
-        assert '<Actor \'test\'>' == str(actor_1)
+        assert '<Actor \'test\'>' == str(user_1.actor)
 
     def test_actor_is_local(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
-        assert not actor_1.is_remote
+        assert not user_1.actor.is_remote
 
     def test_it_returns_fullname(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         assert (
             actor_1.fullname
             == f'{actor_1.preferred_username}@{actor_1.domain.name}'
         )
 
     def test_it_returns_serialized_object(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         serialized_actor = actor_1.serialize()
         ap_url = app_with_federation.config['AP_DOMAIN']
         assert serialized_actor['@context'] == AP_CTX
@@ -120,8 +123,9 @@ def test_it_returns_serialized_object(
         )
 
     def test_generated_key_is_valid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         actor_1.generate_keys()
 
         signer = pkcs1_15.new(RSA.import_key(actor_1.private_key))
@@ -132,13 +136,14 @@ def test_generated_key_is_valid(
 
 class TestActivityPubRemotePersonActorModel:
     def test_actor_is_remote(
-        self, app_with_federation: Flask, remote_actor: Actor
+        self, app_with_federation: Flask, remote_user: User
     ) -> None:
-        assert remote_actor.is_remote
+        assert remote_user.actor.is_remote
 
     def test_it_returns_fullname(
-        self, app_with_federation: Flask, remote_actor: Actor
+        self, app_with_federation: Flask, remote_user: User
     ) -> None:
+        remote_actor = remote_user.actor
         assert (
             remote_actor.fullname
             == f'{remote_actor.preferred_username}@{remote_actor.domain.name}'
@@ -147,19 +152,18 @@ def test_it_returns_fullname(
     def test_it_returns_ap_id_if_no_profile_url_provided(
         self,
         app_with_federation: Flask,
-        remote_actor_without_profile_page: Actor,
+        remote_user_without_profile_page: User,
     ) -> None:
-        assert (
-            remote_actor_without_profile_page.profile_url
-            == remote_actor_without_profile_page.activitypub_id
-        )
+        remote_actor = remote_user_without_profile_page.actor
+        assert remote_actor.profile_url == remote_actor.activitypub_id
 
     def test_it_returns_serialized_object(
         self,
         app_with_federation: Flask,
-        remote_actor: Actor,
+        remote_user: User,
         remote_domain: Domain,
     ) -> None:
+        remote_actor = remote_user.actor
         serialized_actor = remote_actor.serialize()
         remote_domain_url = f'https://{remote_domain.name}'
         user_url = random_actor_url(
diff --git a/fittrackee/tests/federation/federation/test_federation_nodeinfo.py b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
index bb6c850d9..8fe3bc963 100644
--- a/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
+++ b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
@@ -3,7 +3,7 @@
 from flask import Flask
 
 from fittrackee import VERSION
-from fittrackee.federation.models import Actor
+from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
 
@@ -26,7 +26,7 @@ def test_it_returns_error_if_federation_is_disabled(
         )
 
     def test_it_returns_instance_nodeinfo_url_if_federation_is_enabled(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
@@ -86,7 +86,7 @@ def test_it_returns_error_if_federation_is_disabled(
     def test_it_returns_instance_nodeinfo_if_federation_is_enabled(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
@@ -107,7 +107,7 @@ def test_it_returns_instance_nodeinfo_if_federation_is_enabled(
     def test_it_displays_workouts_count(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
@@ -124,8 +124,8 @@ def test_it_displays_workouts_count(
     def test_only_local_actors_are_counted(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
@@ -141,7 +141,7 @@ def test_only_local_actors_are_counted(
     def test_it_displays_if_registration_is_disabled(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
index 358817bff..fd22d0de5 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -8,7 +8,7 @@
 from freezegun import freeze_time
 
 from fittrackee.federation.inbox import send_to_remote_user_inbox
-from fittrackee.federation.models import Actor
+from fittrackee.users.models import User
 
 from ...test_case_mixins import BaseTestMixin
 from ...utils import generate_response, get_date_string, random_string
@@ -24,9 +24,11 @@ def test_it_calls_generate_signature_header(
         generate_signature_header_mock: Mock,
         generate_digest_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
+        actor_1 = user_1.actor
+        remote_actor = remote_user.actor
         now = datetime.utcnow()
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
@@ -57,9 +59,11 @@ def test_it_calls_requests_post(
         generate_signature_header_mock: Mock,
         generate_digest_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
+        actor_1 = user_1.actor
+        remote_actor = remote_user.actor
         activity = {'foo': 'bar'}
         now = datetime.utcnow()
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
@@ -95,10 +99,12 @@ def test_it_logs_error_if_remote_inbox_returns_error(
         requests_mock: Mock,
         generate_signature_header_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         caplog: LogCaptureFixture,
     ) -> None:
+        actor_1 = user_1.actor
+        remote_actor = remote_user.actor
         status_code = 404
         content = 'error'
         requests_mock.post.return_value = generate_response(
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 5f146e3f0..92ddbf25a 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -19,6 +19,7 @@
     generate_signature,
     generate_signature_header,
 )
+from fittrackee.users.models import User
 
 from ...utils import generate_response, get_date_string, random_string
 
@@ -359,7 +360,7 @@ def test_verify_raises_error_if_http_digest_is_invalid(
         input_description: str,
         input_digest: str,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -387,9 +388,9 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
         input_description: str,
         input_algorithm: str,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
-        activity = self.get_activity(actor=actor_1)
+        activity = self.get_activity(actor=user_1.actor)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_headers(
@@ -407,22 +408,22 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
 
 class TestSignatureVerify(SignatureVerificationTestCase):
     def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
-        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+        self, app_with_federation: Flask, user_1: User, user_2: User
     ) -> None:
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
-                    actor=actor_1,
+                    actor=user_1.actor,
                     date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
-                    activity=self.get_activity(actor=actor_2),
+                    activity=self.get_activity(actor=user_2.actor),
                 )
             )
         )
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
                 status_code=200,
-                content=actor_1.serialize(),
+                content=user_1.actor.serialize(),
             )
 
             with pytest.raises(
@@ -431,8 +432,9 @@ def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
                 sig_verification.verify()
 
     def test_verify_raises_error_if_header_date_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -457,8 +459,9 @@ def test_verify_raises_error_if_header_date_is_invalid(
                 sig_verification.verify()
 
     def test_verify_raises_error_if_public_key_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -479,8 +482,9 @@ def test_verify_raises_error_if_public_key_is_invalid(
                 sig_verification.verify()
 
     def test_verify_raises_error_if_algorithm_is_not_supported(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         algorithm = random_string()
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
@@ -507,8 +511,9 @@ def test_verify_raises_error_if_algorithm_is_not_supported(
                 sig_verification.verify()
 
     def test_verify_raises_error_if_http_digest_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
                 self.generate_headers(
@@ -533,8 +538,9 @@ def test_verify_raises_error_if_http_digest_is_invalid(
                 sig_verification.verify()
 
     def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -560,8 +566,9 @@ def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
                 sig_verification.verify()
 
     def test_verify_does_not_raise_error_if_signature_is_valid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
@@ -582,8 +589,9 @@ def test_verify_does_not_raise_error_if_signature_is_valid(
             sig_verification.verify()
 
     def test_verify_does_not_raise_error_if_signature_without_digest_is_valid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         activity = self.get_activity(actor=actor_1)
         sig_verification = SignatureVerification.get_signature(
             self.get_request_mock(
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
index 96ea6db91..988131a0c 100644
--- a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
@@ -4,9 +4,8 @@
 from flask import Flask
 
 from fittrackee.federation.exceptions import SenderNotFoundException
-from fittrackee.federation.models import Actor
 from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
-from fittrackee.users.models import FollowRequest
+from fittrackee.users.models import FollowRequest, User
 
 from ...utils import random_domain_with_scheme, random_string
 
@@ -15,19 +14,14 @@ class TestSendToUsersInbox:
     def test_it_raises_error_if_sender_does_not_exist(
         self,
         app_with_federation: Flask,
-        follow_request_from_user_1_to_user_2_with_federation: FollowRequest,
-        remote_actor: Actor,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        remote_user: User,
     ) -> None:
         with pytest.raises(SenderNotFoundException):
             send_to_users_inbox(
                 sender_id=0,
-                activity=(
-                    # fmt: off
-                    follow_request_from_user_1_to_user_2_with_federation.
-                    get_activity()
-                    # fmt: on
-                ),
-                recipients=[remote_actor.inbox_url],
+                activity=follow_request_from_user_1_to_user_2.get_activity(),
+                recipients=[remote_user.actor.inbox_url],
             )
 
     @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
@@ -35,20 +29,20 @@ def test_it_calls_send_to_remote_user_inbox(
         self,
         send_to_remote_user_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
         activity = {'foo': 'bar'}
         send_to_users_inbox(
-            sender_id=actor_1.id,
+            sender_id=user_1.actor.id,
             activity=activity,
-            recipients=[remote_actor.inbox_url],
+            recipients=[remote_user.actor.inbox_url],
         )
 
         send_to_remote_user_inbox_mock.assert_called_with(
-            sender=actor_1,
+            sender=user_1.actor,
             activity=activity,
-            recipient_inbox_url=remote_actor.inbox_url,
+            recipient_inbox_url=remote_user.actor.inbox_url,
         )
 
     @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
@@ -56,7 +50,7 @@ def test_it_calls_send_to_remote_user_inbox_for_each_recipient(
         self,
         send_to_remote_user_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
         nb_recipients = 3
         recipients = [
@@ -65,7 +59,7 @@ def test_it_calls_send_to_remote_user_inbox_for_each_recipient(
         ]
 
         send_to_users_inbox(
-            sender_id=actor_1.id,
+            sender_id=user_1.actor.id,
             activity={},
             recipients=recipients,
         )
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index ee6f55126..4e035ef35 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -10,6 +10,7 @@
 )
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils_user import create_remote_user
+from fittrackee.users.models import User
 
 from ...utils import RandomActor, random_string
 
@@ -122,7 +123,6 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
     def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
         random_actor: RandomActor,
     ) -> None:
         remote_user_object = random_actor.get_remote_user_object()
@@ -139,8 +139,9 @@ def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
             assert actor == expected_actor
 
     def test_it_returns_updated_remote_actor_if_remote_actor_exists(
-        self, app_with_federation: Flask, actor_1: Actor, remote_actor: Actor
+        self, app_with_federation: Flask, remote_user: User
     ) -> None:
+        remote_actor = remote_user.actor
         remote_user_object = remote_actor.serialize()
         updated_name = random_string()
         remote_user_object['name'] = updated_name
@@ -161,7 +162,6 @@ def test_it_returns_updated_remote_actor_if_remote_actor_exists(
     def test_it_creates_several_remote_actors(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
         random_actor: RandomActor,
         random_actor_2: RandomActor,
     ) -> None:
diff --git a/fittrackee/tests/federation/federation/test_federation_webfinger.py b/fittrackee/tests/federation/federation/test_federation_webfinger.py
index 2dd9cedd0..e8af5ccf8 100644
--- a/fittrackee/tests/federation/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/federation/test_federation_webfinger.py
@@ -4,6 +4,7 @@
 from flask import Flask
 
 from fittrackee.federation.models import Actor
+from fittrackee.users.models import User
 
 
 class TestWebfinger:
@@ -65,12 +66,12 @@ def test_it_returns_404_if_user_does_not_exist(
         assert 'user does not exist' in data['message']
 
     def test_it_returns_404_if_domain_is_not_instance_domain(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:'
-            f'{actor_1.preferred_username}@{uuid4().hex}',
+            f'{user_1.actor.preferred_username}@{uuid4().hex}',
             content_type='application/json',
         )
 
@@ -80,11 +81,11 @@ def test_it_returns_404_if_domain_is_not_instance_domain(
         assert 'user does not exist' in data['message']
 
     def test_it_returns_json_resource_descriptor_as_content_type(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         response = client.get(
-            '/.well-known/webfinger?resource=acct:' f'{actor_1.fullname}',
+            '/.well-known/webfinger?resource=acct:' f'{user_1.actor.fullname}',
             content_type='application/json',
         )
 
@@ -92,8 +93,9 @@ def test_it_returns_json_resource_descriptor_as_content_type(
         assert response.content_type == 'application/jrd+json; charset=utf-8'
 
     def test_it_returns_subject_with_user_data(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:' f'{actor_1.fullname}',
@@ -105,8 +107,9 @@ def test_it_returns_subject_with_user_data(
         assert f'acct:{actor_1.fullname}' in data['subject']
 
     def test_it_returns_user_links(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
+        actor_1 = user_1.actor
         client = app_with_federation.test_client()
         response = client.get(
             '/.well-known/webfinger?resource=acct:' f'{actor_1.fullname}',
diff --git a/fittrackee/tests/federation/federation/test_users_inbox.py b/fittrackee/tests/federation/federation/test_users_inbox.py
index 5d5ecbaf5..d7cc0ebac 100644
--- a/fittrackee/tests/federation/federation/test_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_users_inbox.py
@@ -14,6 +14,7 @@
     generate_digest,
     generate_signature_header,
 )
+from fittrackee.users.models import User
 
 from ...test_case_mixins import ApiTestCaseMixin
 from ...utils import (
@@ -73,7 +74,7 @@ def post_to_user_inbox(
         return follow_activity, response
 
     def test_it_returns_404_if_user_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
 
@@ -106,14 +107,14 @@ def test_it_returns_404_if_user_does_not_exist(
     def test_it_returns_400_if_activity_is_invalid(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         input_description: str,
         input_activity: Dict,
     ) -> None:
         client = app_with_federation.test_client()
 
         response = client.post(
-            f'/federation/user/{actor_1.preferred_username}/inbox',
+            f'/federation/user/{user_1.actor.preferred_username}/inbox',
             content_type='application/json',
             data=json.dumps(input_activity),
         )
@@ -124,7 +125,7 @@ def test_it_returns_400_if_activity_is_invalid(
         assert 'invalid payload' in data['message']
 
     def test_it_returns_401_if_headers_are_missing(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         follow_activity = {
@@ -136,7 +137,7 @@ def test_it_returns_401_if_headers_are_missing(
         }
 
         response = client.post(
-            f'/federation/user/{actor_1.preferred_username}/inbox',
+            f'/federation/user/{user_1.actor.preferred_username}/inbox',
             content_type='application/json',
             data=json.dumps(follow_activity),
         )
@@ -147,7 +148,7 @@ def test_it_returns_401_if_headers_are_missing(
         assert 'Invalid signature.' in data['message']
 
     def test_it_returns_401_if_signature_is_invalid(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client = app_with_federation.test_client()
         follow_activity = {
@@ -159,7 +160,7 @@ def test_it_returns_401_if_signature_is_invalid(
         }
 
         response = client.post(
-            f'/federation/user/{actor_1.preferred_username}/inbox',
+            f'/federation/user/{user_1.actor.preferred_username}/inbox',
             content_type='application/json',
             headers={
                 'Host': random_string(),
@@ -179,11 +180,11 @@ def test_it_returns_200_if_activity_and_signature_are_valid(
         self,
         handle_activity: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
     ) -> None:
         _, response = self.post_to_user_inbox(
-            app_with_federation, actor_1, actor_2
+            app_with_federation, user_1.actor, user_2.actor
         )
 
         assert response.status_code == 200
@@ -195,11 +196,11 @@ def test_it_calls_handle_activity_task(
         self,
         handle_activity: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
     ) -> None:
         activity_dict, response = self.post_to_user_inbox(
-            app_with_federation, actor_1, actor_2
+            app_with_federation, user_1.actor, user_2.actor
         )
 
         handle_activity.send.assert_called_with(activity=activity_dict)
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index e77ac555b..7aacf46c2 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -4,8 +4,8 @@
 
 from flask import Flask
 
-from fittrackee.federation.models import Actor, Domain
-from fittrackee.users.models import FollowRequest
+from fittrackee.federation.models import Domain
+from fittrackee.users.models import FollowRequest, User
 
 from ...test_case_mixins import ApiTestCaseMixin, UserInboxTestMixin
 from ...utils import RandomActor, random_string
@@ -17,10 +17,10 @@ class TestFollowWithFederation(ApiTestCaseMixin):
     def test_it_raises_error_if_target_user_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
@@ -37,18 +37,18 @@ def test_it_raises_error_if_target_user_does_not_exist(
     def test_it_raises_error_if_target_user_has_already_rejected_request(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
         follow_request_from_user_1_to_user_2.is_approved = False
         follow_request_from_user_1_to_user_2.updated_at = datetime.now()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
-            f'/api/users/{actor_2.preferred_username}/follow',
+            f'/api/users/{user_2.actor.preferred_username}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -59,14 +59,14 @@ def test_it_raises_error_if_target_user_has_already_rejected_request(
         assert data['message'] == 'you do not have permissions'
 
     def test_it_creates_follow_request(
-        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+        self, app_with_federation: Flask, user_1: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
-            f'/api/users/{actor_2.preferred_username}/follow',
+            f'/api/users/{user_2.actor.preferred_username}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -76,23 +76,23 @@ def test_it_creates_follow_request(
         assert data['status'] == 'success'
         assert (
             data['message']
-            == f"Follow request to user '{actor_2.preferred_username}' "
+            == f"Follow request to user '{user_2.actor.preferred_username}' "
             f"is sent."
         )
 
     def test_it_returns_success_if_follow_request_already_exists(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
-            f'/api/users/{actor_2.preferred_username}/follow',
+            f'/api/users/{user_2.actor.preferred_username}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -102,7 +102,7 @@ def test_it_returns_success_if_follow_request_already_exists(
         assert data['status'] == 'success'
         assert (
             data['message']
-            == f"Follow request to user '{actor_2.preferred_username}' "
+            == f"Follow request to user '{user_2.actor.preferred_username}' "
             f"is sent."
         )
 
@@ -111,15 +111,15 @@ def test_it_does_not_call_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         client.post(
-            f'/api/users/{actor_2.preferred_username}/follow',
+            f'/api/users/{user_2.actor.preferred_username}/follow',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -133,11 +133,11 @@ class TestRemoteFollowWithFederation(ApiTestCaseMixin, UserInboxTestMixin):
     def test_it_raise_error_if_remote_actor_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
@@ -154,12 +154,12 @@ def test_it_raise_error_if_remote_actor_does_not_exist(
     def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domain(  # noqa
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
         remote_domain: Domain,
         random_actor: RandomActor,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
@@ -178,11 +178,12 @@ def test_it_creates_follow_request(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
+        remote_actor = remote_user.actor
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
@@ -202,12 +203,13 @@ def test_it_creates_follow_request(
     def test_it_returns_success_if_follow_request_already_exists(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
+        remote_actor = remote_user.actor
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.post(
@@ -229,11 +231,12 @@ def test_it_calls_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
+        remote_actor = remote_user.actor
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         client.post(
@@ -243,12 +246,12 @@ def test_it_calls_send_to_user_inbox(
         )
 
         follow_request = FollowRequest.query.filter_by(
-            follower_user_id=actor_1.user.id,
+            follower_user_id=user_1.id,
             followed_user_id=remote_actor.user.id,
         ).first()
         self.assert_send_to_users_inbox_called_once(
             send_to_users_inbox_mock,
-            local_actor=actor_1,
+            local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
         )
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index 55ae0c635..585401c24 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -4,8 +4,7 @@
 
 from flask import Flask
 
-from fittrackee.federation.models import Actor
-from fittrackee.users.models import FollowRequest
+from fittrackee.users.models import FollowRequest, User
 
 from ...test_case_mixins import ApiTestCaseMixin, UserInboxTestMixin
 from ...users.test_users_follow_request_api import FollowRequestTestCase
@@ -14,10 +13,10 @@
 
 class TestGetFollowRequestWithFederation(ApiTestCaseMixin):
     def test_it_returns_empty_list_if_no_follow_request(
-        self, app_with_federation: Flask, actor_1: Actor
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.get(
@@ -34,16 +33,16 @@ def test_it_returns_empty_list_if_no_follow_request(
     def test_it_returns_current_user_follow_requests_with_actors(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        actor_3: Actor,
+        user_1: User,
+        user_2: User,
+        user_3: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_1: FollowRequest,
         follow_request_from_user_3_to_user_2: FollowRequest,
     ) -> None:
         follow_request_from_user_3_to_user_1.updated_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         response = client.get(
@@ -64,10 +63,10 @@ class TestAcceptLocalFollowRequestWithFederation(FollowRequestTestCase):
     def test_it_raises_error_if_target_user_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_return_user_not_found(
@@ -77,48 +76,46 @@ def test_it_raises_error_if_target_user_does_not_exist(
         )
 
     def test_it_raises_error_if_follow_request_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+        self, app_with_federation: Flask, user_1: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_not_found(
-            client, auth_token, actor_2.user.username, 'accept'
+            client, auth_token, user_2.username, 'accept'
         )
 
     def test_it_raises_error_if_follow_request_already_accepted(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        follow_request_from_user_2_to_user_1_with_federation.is_approved = True
-        follow_request_from_user_2_to_user_1_with_federation.updated_at = (
-            datetime.utcnow()
-        )
+        follow_request_from_user_2_to_user_1.is_approved = True
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_already_processed(
-            client, auth_token, actor_2.user.username, 'accept'
+            client, auth_token, user_2.username, 'accept'
         )
 
     def test_it_accepts_follow_request(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_processed(
-            client, auth_token, actor_2.user.username, 'accept'
+            client, auth_token, user_2.username, 'accept'
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
@@ -126,16 +123,16 @@ def test_it_does_not_call_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         client.post(
-            f'/api/follow_requests/{actor_2.user.username}/accept',
+            f'/api/follow_requests/{user_2.username}/accept',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -151,16 +148,19 @@ def test_it_accepts_follow_request(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_processed(
-            client, auth_token, remote_actor.fullname, 'accept'  # type: ignore
+            client,
+            auth_token,
+            remote_user.actor.fullname,
+            'accept',
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
@@ -168,12 +168,13 @@ def test_it_calls_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
+        remote_actor = remote_user.actor
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         client.post(
@@ -184,11 +185,11 @@ def test_it_calls_send_to_user_inbox(
 
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=remote_actor.user.id,
-            followed_user_id=actor_1.user.id,
+            followed_user_id=user_1.id,
         ).first()
         self.assert_send_to_users_inbox_called_once(
             send_to_users_inbox_mock,
-            local_actor=actor_1,
+            local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
         )
@@ -198,10 +199,10 @@ class TestRejectLocalFollowRequestWithFederation(FollowRequestTestCase):
     def test_it_raises_error_if_target_user_does_not_exist(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
+        user_1: User,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_return_user_not_found(
@@ -211,47 +212,45 @@ def test_it_raises_error_if_target_user_does_not_exist(
         )
 
     def test_it_raises_error_if_follow_request_does_not_exist(
-        self, app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+        self, app_with_federation: Flask, user_1: User, user_2: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_not_found(
-            client, auth_token, actor_2.user.username, 'reject'
+            client, auth_token, user_2.username, 'reject'
         )
 
     def test_it_raises_error_if_follow_request_already_accepted(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        follow_request_from_user_2_to_user_1_with_federation.updated_at = (
-            datetime.utcnow()
-        )
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_already_processed(
-            client, auth_token, actor_2.user.username, 'reject'
+            client, auth_token, user_2.username, 'reject'
         )
 
     def test_it_rejects_follow_request(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_processed(
-            client, auth_token, actor_2.user.username, 'reject'
+            client, auth_token, user_2.username, 'reject'
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
@@ -259,16 +258,16 @@ def test_it_does_not_call_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_2_to_user_1_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         client.post(
-            f'/api/follow_requests/{actor_2.user.username}/reject',
+            f'/api/follow_requests/{user_2.username}/reject',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -284,16 +283,19 @@ def test_it_accepts_follow_request(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         self.assert_it_returns_follow_request_processed(
-            client, auth_token, remote_actor.fullname, 'reject'  # type: ignore
+            client,
+            auth_token,
+            remote_user.actor.fullname,
+            'reject',
         )
 
     @patch('fittrackee.users.models.send_to_users_inbox')
@@ -301,12 +303,13 @@ def test_it_calls_send_to_user_inbox(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
         follow_request_from_remote_user_to_user_1: FollowRequest,
     ) -> None:
+        remote_actor = remote_user.actor
         client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, actor_1.user.email
+            app_with_federation, user_1.email
         )
 
         client.post(
@@ -317,11 +320,11 @@ def test_it_calls_send_to_user_inbox(
 
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=remote_actor.user.id,
-            followed_user_id=actor_1.user.id,
+            followed_user_id=user_1.id,
         ).first()
         self.assert_send_to_users_inbox_called_once(
             send_to_users_inbox_mock,
-            local_actor=actor_1,
+            local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
         )
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 3ab4b90ba..3f81aa452 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -4,24 +4,25 @@
 from flask import Flask
 
 from fittrackee.federation.constants import AP_CTX
-from fittrackee.federation.models import Actor
-from fittrackee.users.models import FollowRequest
+from fittrackee.users.models import FollowRequest, User
 
 
 class TestFollowRequestModelWithFederation:
     def test_follow_request_model(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
-        follow_request_from_user_1_to_user_2_with_federation: FollowRequest,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
+        actor_1 = user_1.actor
+        actor_2 = user_2.actor
         assert '<FollowRequest from user \'1\' to user \'2\'>' == str(
-            follow_request_from_user_1_to_user_2_with_federation
+            follow_request_from_user_1_to_user_2
         )
 
         serialized_follow_request = (
-            follow_request_from_user_1_to_user_2_with_federation.serialize()
+            follow_request_from_user_1_to_user_2.serialize()
         )
         assert serialized_follow_request['from_user'] == actor_1.serialize()
         assert serialized_follow_request['to_user'] == actor_2.serialize()
@@ -29,10 +30,12 @@ def test_follow_request_model(
     def test_it_returns_follow_activity_object(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
+        actor_1 = user_1.actor
+        actor_2 = user_2.actor
         activity_object = follow_request_from_user_1_to_user_2.get_activity()
 
         assert activity_object == {
@@ -46,10 +49,12 @@ def test_it_returns_follow_activity_object(
     def test_it_returns_accept_activity_object_when_follow_request_is_accepted(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
+        actor_1 = user_1.actor
+        actor_2 = user_2.actor
         follow_request_from_user_1_to_user_2.is_approved = True
         follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
         activity_object = follow_request_from_user_1_to_user_2.get_activity()
@@ -72,10 +77,12 @@ def test_it_returns_accept_activity_object_when_follow_request_is_accepted(
     def test_it_returns_reject_activity_object_when_follow_request_is_rejected(
         self,
         app_with_federation: Flask,
-        actor_1: Actor,
-        actor_2: Actor,
+        user_1: User,
+        user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
+        actor_1 = user_1.actor
+        actor_2 = user_2.actor
         follow_request_from_user_1_to_user_2.is_approved = False
         follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
         activity_object = follow_request_from_user_1_to_user_2.get_activity()
@@ -102,9 +109,11 @@ def test_local_actor_sends_follow_requests_to_remote_actor(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
+        actor_1 = user_1.actor
+        remote_actor = remote_user.actor
         follow_request = actor_1.user.send_follow_request_to(remote_actor.user)
 
         assert follow_request in actor_1.user.sent_follow_requests.all()
@@ -121,10 +130,12 @@ def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(
         self,
         send_to_users_inbox_mock: Mock,
         app_with_federation: Flask,
-        actor_1: Actor,
-        remote_actor: Actor,
+        user_1: User,
+        remote_user: User,
     ) -> None:
+        actor_1 = user_1.actor
         actor_1.user.manually_approves_followers = False
+        remote_actor = remote_user.actor
         follow_request = remote_actor.user.send_follow_request_to(actor_1.user)
 
         assert follow_request in remote_actor.user.sent_follow_requests.all()
diff --git a/fittrackee/tests/fixtures/fixtures_app.py b/fittrackee/tests/fixtures/fixtures_app.py
index 2429955d7..5a1205e53 100644
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@@ -61,10 +61,10 @@ def get_app(
             )
             if app_db_config:
                 update_app_config_from_database(app, app_db_config)
-                if with_domain:
-                    domain = Domain(name=app.config['AP_DOMAIN'])
-                    db.session.add(domain)
-                    db.session.commit()
+            if with_domain:
+                domain = Domain(name=app.config['AP_DOMAIN'])
+                db.session.add(domain)
+                db.session.commit()
             yield app
         except Exception as e:
             print(f'Error with app configuration: {e}')
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 23e594765..b360e1a19 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -17,45 +17,6 @@ def app_actor(app: Flask) -> Actor:
     return actor
 
 
-@pytest.fixture()
-def actor_1(user_1: User, app_with_federation: Flask) -> Actor:
-    domain = Domain.query.filter_by(
-        name=app_with_federation.config['AP_DOMAIN']
-    ).first()
-    actor = Actor(preferred_username=user_1.username, domain_id=domain.id)
-    db.session.add(actor)
-    db.session.flush()
-    user_1.actor_id = actor.id
-    db.session.commit()
-    return actor
-
-
-@pytest.fixture()
-def actor_2(user_2: User, app_with_federation: Flask) -> Actor:
-    domain = Domain.query.filter_by(
-        name=app_with_federation.config['AP_DOMAIN']
-    ).first()
-    actor = Actor(preferred_username=user_2.username, domain_id=domain.id)
-    db.session.add(actor)
-    db.session.flush()
-    user_2.actor_id = actor.id
-    db.session.commit()
-    return actor
-
-
-@pytest.fixture()
-def actor_3(user_3: User, app_with_federation: Flask) -> Actor:
-    domain = Domain.query.filter_by(
-        name=app_with_federation.config['AP_DOMAIN']
-    ).first()
-    actor = Actor(preferred_username=user_3.username, domain_id=domain.id)
-    db.session.add(actor)
-    db.session.flush()
-    user_3.actor_id = actor.id
-    db.session.commit()
-    return actor
-
-
 @pytest.fixture()
 def remote_domain(app_with_federation: Flask) -> Domain:
     remote_domain = Domain(name=random_domain())
@@ -64,55 +25,50 @@ def remote_domain(app_with_federation: Flask) -> Domain:
     return remote_domain
 
 
-@pytest.fixture()
-def remote_actor(
-    user_2: User,
-    app_with_federation: Flask,
-    remote_domain: Domain,
-) -> Actor:
+def generate_remote_user(
+    remote_domain: Domain, without_profile_page: bool = False
+) -> User:
     domain = f'https://{remote_domain.name}'
-    remote_user_object = get_remote_user_object(
-        username=user_2.username,
-        preferred_username=user_2.username,
-        domain=domain,
-        profile_url=f'{domain}/{user_2.username}',
-    )
+    user_name = 'test'
+    if without_profile_page:
+        remote_user_object = get_remote_user_object(
+            username='Test',
+            preferred_username=user_name,
+            domain=domain,
+        )
+    else:
+        remote_user_object = get_remote_user_object(
+            username='Test',
+            preferred_username=user_name,
+            domain=domain,
+            profile_url=f'{domain}/{user_name}',
+        )
     actor = Actor(
-        preferred_username=user_2.username,
+        preferred_username=user_name,
         domain_id=remote_domain.id,
         remote_user_data=remote_user_object,
     )
     db.session.add(actor)
     db.session.flush()
-    user_2.name = user_2.username.capitalize()
-    user_2.actor_id = actor.id
+    user = User(
+        username=user_name,
+        email=None,
+        password=None,
+    )
+    db.session.add(user)
+    user.actor_id = actor.id
     db.session.commit()
-    return actor
+    return user
 
 
 @pytest.fixture()
-def remote_actor_without_profile_page(
-    user_2: User,
-    app_with_federation: Flask,
-    remote_domain: Domain,
-) -> Actor:
-    domain = f'https://{remote_domain.name}'
-    remote_user_object = get_remote_user_object(
-        username=user_2.username,
-        preferred_username=user_2.username,
-        domain=domain,
-    )
-    actor = Actor(
-        preferred_username=user_2.username,
-        domain_id=remote_domain.id,
-        remote_user_data=remote_user_object,
-    )
-    db.session.add(actor)
-    db.session.flush()
-    user_2.name = user_2.username.capitalize()
-    user_2.actor_id = actor.id
-    db.session.commit()
-    return actor
+def remote_user(remote_domain: Domain) -> User:
+    return generate_remote_user(remote_domain)
+
+
+@pytest.fixture()
+def remote_user_without_profile_page(remote_domain: Domain) -> User:
+    return generate_remote_user(remote_domain, without_profile_page=True)
 
 
 @pytest.fixture()
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index e363089d0..c10746730 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -1,83 +1,21 @@
 import pytest
 
-from fittrackee import db
-from fittrackee.federation.models import Actor
-from fittrackee.users.models import FollowRequest
+from fittrackee.users.models import FollowRequest, User
 
-
-@pytest.fixture()
-def follow_request_from_user_1_to_user_2_with_federation(
-    actor_1: Actor,
-    actor_2: Actor,
-) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=actor_1.user.id, followed_user_id=actor_2.user.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
-
-
-@pytest.fixture()
-def follow_request_from_user_2_to_user_1_with_federation(
-    actor_1: Actor,
-    actor_2: Actor,
-) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=actor_2.user.id, followed_user_id=actor_1.user.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
-
-
-@pytest.fixture()
-def follow_request_from_user_3_to_user_1_with_federation(
-    actor_1: Actor,
-    actor_3: Actor,
-) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=actor_3.user.id, followed_user_id=actor_1.user.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
-
-
-@pytest.fixture()
-def follow_request_from_user_3_to_user_2_with_federation(
-    actor_2: Actor,
-    actor_3: Actor,
-) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=actor_3.user.id, followed_user_id=actor_2.user.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+from ..utils import generate_follow_request
 
 
 @pytest.fixture()
 def follow_request_from_remote_user_to_user_1(
-    actor_1: Actor,
-    remote_actor: Actor,
+    user_1: User,
+    remote_user: User,
 ) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=remote_actor.user.id, followed_user_id=actor_1.user.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+    return generate_follow_request(remote_user, user_1)
 
 
 @pytest.fixture()
-def follow_request_from_user_1_to_remote_actor(
-    actor_1: Actor,
-    remote_actor: Actor,
+def follow_request_from_user_1_to_remote_user(
+    user_1: User,
+    remote_user: User,
 ) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=actor_1.user.id, followed_user_id=remote_actor.user.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+    return generate_follow_request(user_1, remote_user)
diff --git a/fittrackee/tests/fixtures/fixtures_users.py b/fittrackee/tests/fixtures/fixtures_users.py
index 88e83e011..1266a4b27 100644
--- a/fittrackee/tests/fixtures/fixtures_users.py
+++ b/fittrackee/tests/fixtures/fixtures_users.py
@@ -6,11 +6,15 @@
 from fittrackee.users.models import FollowRequest, User, UserSportPreference
 from fittrackee.workouts.models import Sport
 
+from ..utils import generate_follow_request
+
 
 @pytest.fixture()
 def user_1() -> User:
     user = User(username='test', email='test@test.com', password='12345678')
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -19,6 +23,8 @@ def user_1() -> User:
 def user_1_upper() -> User:
     user = User(username='TEST', email='TEST@TEST.COM', password='12345678')
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -30,6 +36,8 @@ def user_1_admin() -> User:
     )
     admin.admin = True
     db.session.add(admin)
+    db.session.flush()
+    admin.create_actor()
     db.session.commit()
     return admin
 
@@ -45,6 +53,8 @@ def user_1_full() -> User:
     user.timezone = 'America/New_York'
     user.birth_date = datetime.datetime.strptime('01/01/1980', '%d/%m/%Y')
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -54,6 +64,8 @@ def user_1_paris() -> User:
     user = User(username='test', email='test@test.com', password='12345678')
     user.timezone = 'Europe/Paris'
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -62,6 +74,8 @@ def user_1_paris() -> User:
 def user_2() -> User:
     user = User(username='toto', email='toto@toto.com', password='87654321')
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -71,6 +85,8 @@ def user_2_admin() -> User:
     user = User(username='toto', email='toto@toto.com', password='87654321')
     user.admin = True
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -80,6 +96,8 @@ def user_3() -> User:
     user = User(username='sam', email='sam@test.com', password='12345678')
     user.weekm = True
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
@@ -116,45 +134,25 @@ def user_admin_sport_1_preference(
 def follow_request_from_user_1_to_user_2(
     user_1: User, user_2: User
 ) -> FollowRequest:
-    follow_request = FollowRequest(
-        follower_user_id=user_1.id, followed_user_id=user_2.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+    return generate_follow_request(user_1, user_2)
 
 
 @pytest.fixture()
 def follow_request_from_user_2_to_user_1(
     user_1: User, user_2: User
 ) -> FollowRequest:
-    follow_request = FollowRequest(
-        followed_user_id=user_1.id, follower_user_id=user_2.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+    return generate_follow_request(user_2, user_1)
 
 
 @pytest.fixture()
 def follow_request_from_user_3_to_user_1(
     user_1: User, user_3: User
 ) -> FollowRequest:
-    follow_request = FollowRequest(
-        followed_user_id=user_1.id, follower_user_id=user_3.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+    return generate_follow_request(user_3, user_1)
 
 
 @pytest.fixture()
 def follow_request_from_user_3_to_user_2(
     user_2: User, user_3: User
 ) -> FollowRequest:
-    follow_request = FollowRequest(
-        followed_user_id=user_2.id, follower_user_id=user_3.id
-    )
-    db.session.add(follow_request)
-    db.session.commit()
-    return follow_request
+    return generate_follow_request(user_3, user_2)
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index c2cf1ce46..c81e7d174 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -7,7 +7,9 @@
 
 from requests import Response
 
+from fittrackee import db
 from fittrackee.federation.signature import VALID_DATE_FORMAT
+from fittrackee.users.models import FollowRequest, User
 
 
 def random_string(
@@ -131,3 +133,12 @@ def random_actor_url(
         else random_domain_with_scheme()
     )
     return f'{remote_domain}/users/{username}'
+
+
+def generate_follow_request(follower: User, followed: User) -> FollowRequest:
+    follow_request = FollowRequest(
+        follower_user_id=follower.id, followed_user_id=followed.id
+    )
+    db.session.add(follow_request)
+    db.session.commit()
+    return follow_request

From cb0a189d2b29dd5bbe29c18a868456826c00eb10 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 17:33:12 +0100
Subject: [PATCH 058/238] API - get remote users

---
 .../tests/federation/users/test_users_api.py  |  61 +++++
 .../federation/users/test_users_model.py      |  14 ++
 fittrackee/tests/users/test_users_api.py      |  96 ++++---
 fittrackee/tests/users/test_users_model.py    |   6 +
 fittrackee/users/auth.py                      |   9 +
 fittrackee/users/models.py                    |   5 +
 fittrackee/users/users.py                     | 237 +++++++++++++-----
 7 files changed, 327 insertions(+), 101 deletions(-)
 create mode 100644 fittrackee/tests/federation/users/test_users_api.py

diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
new file mode 100644
index 000000000..9214bbdd6
--- /dev/null
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -0,0 +1,61 @@
+import json
+
+from flask import Flask
+
+from fittrackee.users.models import User
+
+from ...test_case_mixins import ApiTestCaseMixin
+
+
+class TestGetLocalUsers(ApiTestCaseMixin):
+    def test_it_gets_users_list(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_3: User,
+        remote_user: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/users',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 2
+        assert data['data']['users'][0]['username'] == user_3.username
+        assert data['data']['users'][0]['is_remote'] is False
+        assert data['data']['users'][1]['username'] == user_1.username
+        assert data['data']['users'][1]['is_remote'] is False
+
+
+class TestGetRemoteUsers(ApiTestCaseMixin):
+    def test_it_gets_users_list(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_3: User,
+        remote_user: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/users/remote',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0]['username'] == remote_user.username
+        assert data['data']['users'][0]['is_remote']
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 3f81aa452..d16c19f66 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -7,6 +7,20 @@
 from fittrackee.users.models import FollowRequest, User
 
 
+class TestUserModel:
+    def test_user_is_not_remote_when_actor_is_local(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        assert user_1.is_remote is False
+        assert user_1.serialize()['is_remote'] is False
+
+    def test_user_is_remote_when_actor_is_remote(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        assert remote_user.is_remote is True
+        assert remote_user.serialize()['is_remote'] is True
+
+
 class TestFollowRequestModelWithFederation:
     def test_follow_request_model(
         self,
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 7853b3f34..ba22fd66f 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -20,13 +20,14 @@ def assert_user(user_dict: Dict, user: User) -> None:
             '%a, %d %b %Y %H:%M:%S GMT'
         )
         assert user_dict['admin'] == user.admin
-        assert user_dict['first_name'] is None
-        assert user_dict['last_name'] is None
-        assert user_dict['birth_date'] is None
         assert user_dict['bio'] is None
-        assert user_dict['location'] is None
+        assert user_dict['birth_date'] is None
+        assert user_dict['first_name'] is None
         assert user_dict['followers'] == 0
         assert user_dict['following'] == 0
+        assert user_dict['is_remote'] is False
+        assert user_dict['last_name'] is None
+        assert user_dict['location'] is None
         assert 'imperial_units' not in user_dict
         assert 'language' not in user_dict
         assert 'timezone' not in user_dict
@@ -212,26 +213,29 @@ def test_it_gets_users_list(
         assert 'created_at' in data['data']['users'][1]
         assert 'created_at' in data['data']['users'][2]
         assert 'admin' in data['data']['users'][0]['username']
-        assert 'toto' in data['data']['users'][1]['username']
-        assert 'sam' in data['data']['users'][2]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][2]['username']
         assert 'admin@example.com' in data['data']['users'][0]['email']
-        assert 'toto@toto.com' in data['data']['users'][1]['email']
-        assert 'sam@test.com' in data['data']['users'][2]['email']
+        assert 'sam@test.com' in data['data']['users'][1]['email']
+        assert 'toto@toto.com' in data['data']['users'][2]['email']
+        assert data['data']['users'][0]['is_remote'] is False
         assert data['data']['users'][0]['nb_sports'] == 0
         assert data['data']['users'][0]['nb_workouts'] == 0
         assert data['data']['users'][0]['records'] == []
         assert data['data']['users'][0]['sports_list'] == []
         assert data['data']['users'][0]['total_distance'] == 0
         assert data['data']['users'][0]['total_duration'] == '0:00:00'
+        assert data['data']['users'][1]['is_remote'] is False
+        assert data['data']['users'][1]['records'] == []
         assert data['data']['users'][1]['nb_sports'] == 0
         assert data['data']['users'][1]['nb_workouts'] == 0
-        assert data['data']['users'][1]['records'] == []
         assert data['data']['users'][1]['sports_list'] == []
         assert data['data']['users'][1]['total_distance'] == 0
         assert data['data']['users'][1]['total_duration'] == '0:00:00'
-        assert data['data']['users'][2]['records'] == []
+        assert data['data']['users'][2]['is_remote'] is False
         assert data['data']['users'][2]['nb_sports'] == 0
         assert data['data']['users'][2]['nb_workouts'] == 0
+        assert data['data']['users'][2]['records'] == []
         assert data['data']['users'][2]['sports_list'] == []
         assert data['data']['users'][2]['total_distance'] == 0
         assert data['data']['users'][2]['total_duration'] == '0:00:00'
@@ -284,29 +288,32 @@ def test_it_gets_users_list_with_workouts(
         assert 'created_at' in data['data']['users'][1]
         assert 'created_at' in data['data']['users'][2]
         assert 'admin' in data['data']['users'][0]['username']
-        assert 'toto' in data['data']['users'][1]['username']
-        assert 'sam' in data['data']['users'][2]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][2]['username']
         assert 'admin@example.com' in data['data']['users'][0]['email']
-        assert 'toto@toto.com' in data['data']['users'][1]['email']
-        assert 'sam@test.com' in data['data']['users'][2]['email']
+        assert 'sam@test.com' in data['data']['users'][1]['email']
+        assert 'toto@toto.com' in data['data']['users'][2]['email']
+        assert data['data']['users'][0]['is_remote'] is False
         assert data['data']['users'][0]['nb_sports'] == 2
         assert data['data']['users'][0]['nb_workouts'] == 2
         assert len(data['data']['users'][0]['records']) == 8
         assert data['data']['users'][0]['sports_list'] == [1, 2]
         assert data['data']['users'][0]['total_distance'] == 22.0
         assert data['data']['users'][0]['total_duration'] == '2:40:00'
-        assert data['data']['users'][1]['nb_sports'] == 1
-        assert data['data']['users'][1]['nb_workouts'] == 1
-        assert len(data['data']['users'][1]['records']) == 4
-        assert data['data']['users'][1]['sports_list'] == [1]
-        assert data['data']['users'][1]['total_distance'] == 15
-        assert data['data']['users'][1]['total_duration'] == '1:00:00'
-        assert data['data']['users'][2]['nb_sports'] == 0
-        assert data['data']['users'][2]['nb_workouts'] == 0
-        assert len(data['data']['users'][2]['records']) == 0
-        assert data['data']['users'][2]['sports_list'] == []
-        assert data['data']['users'][2]['total_distance'] == 0
-        assert data['data']['users'][2]['total_duration'] == '0:00:00'
+        assert data['data']['users'][1]['is_remote'] is False
+        assert data['data']['users'][1]['nb_sports'] == 0
+        assert data['data']['users'][1]['nb_workouts'] == 0
+        assert len(data['data']['users'][1]['records']) == 0
+        assert data['data']['users'][1]['sports_list'] == []
+        assert data['data']['users'][1]['total_distance'] == 0
+        assert data['data']['users'][1]['total_duration'] == '0:00:00'
+        assert data['data']['users'][2]['is_remote'] is False
+        assert data['data']['users'][2]['nb_sports'] == 1
+        assert data['data']['users'][2]['nb_workouts'] == 1
+        assert len(data['data']['users'][2]['records']) == 4
+        assert data['data']['users'][2]['sports_list'] == [1]
+        assert data['data']['users'][2]['total_distance'] == 15
+        assert data['data']['users'][2]['total_duration'] == '1:00:00'
         assert 'imperial_units' not in data['data']['users'][0]
         assert 'imperial_units' not in data['data']['users'][1]
         assert 'imperial_units' not in data['data']['users'][2]
@@ -656,8 +663,8 @@ def test_it_gets_users_list_ordered_by_admin_rights(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'toto' in data['data']['users'][0]['username']
-        assert 'sam' in data['data']['users'][1]['username']
+        assert 'sam' in data['data']['users'][0]['username']
+        assert 'toto' in data['data']['users'][1]['username']
         assert 'admin' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
@@ -683,8 +690,8 @@ def test_it_gets_users_list_ordered_by_admin_rights_ascending(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'toto' in data['data']['users'][0]['username']
-        assert 'sam' in data['data']['users'][1]['username']
+        assert 'sam' in data['data']['users'][0]['username']
+        assert 'toto' in data['data']['users'][1]['username']
         assert 'admin' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
@@ -711,8 +718,8 @@ def test_it_gets_users_list_ordered_by_admin_rights_descending(
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
-        assert 'toto' in data['data']['users'][1]['username']
-        assert 'sam' in data['data']['users'][2]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
@@ -904,6 +911,31 @@ def test_it_users_list_with_complex_query(
         }
 
 
+class TestGetRemoteUsers(ApiTestCaseMixin):
+    def test_it_returns_error_when_federation_is_disabled(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/users/remote',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 403
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'error'
+        assert (
+            data['message']
+            == 'error, federation is disabled for this instance'
+        )
+
+
 class TestGetUserPicture:
     def test_it_return_error_if_user_has_no_picture(
         self, app: Flask, user_1: User
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index f2746c6b9..872ee3a3a 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -140,6 +140,12 @@ def test_it_returns_following_count(
         serialized_user = user_1.serialize()
         assert serialized_user['following'] == 1
 
+    def test_user_is_not_remote_when_federation_is_disabled(
+        self, app: Flask, user_1: User
+    ) -> None:
+        assert user_1.is_remote is False
+        assert user_1.serialize()['is_remote'] is False
+
 
 class TestUserSportModel:
     def test_user_model(
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 618a53afb..eab5aea0a 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -317,7 +317,10 @@ def get_authenticated_user_profile(
           "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
           "email": "sam@example.com",
           "first_name": null,
+          "followers": 0,
+          "following": 0,
           "imperial_units": false,
+          "is_remote": false,
           "language": "en",
           "last_name": null,
           "location": null,
@@ -419,7 +422,10 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
           "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
           "email": "sam@example.com",
           "first_name": null,
+          "followers": 0,
+          "following": 0,
           "imperial_units": false,
+          "is_remote": false,
           "language": "en",
           "last_name": null,
           "location": null,
@@ -581,7 +587,10 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
           "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
           "email": "sam@example.com",
           "first_name": null,
+          "followers": 0,
+          "following": 0,
           "imperial_units": false,
+          "is_remote": false,
           "language": "en",
           "last_name": null,
           "location": null,
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 1e5cf66a3..e3e879e76 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -341,6 +341,10 @@ def create_actor(self) -> None:
         self.actor_id = actor.id
         db.session.commit()
 
+    @property
+    def is_remote(self) -> bool:
+        return self.actor.is_remote
+
     def serialize(self, role: Optional[UserRole] = None) -> Dict:
         sports = []
         total = (0, '0:00:00')
@@ -368,6 +372,7 @@ def serialize(self, role: Optional[UserRole] = None) -> Dict:
             'bio': self.bio,
             'followers': self.followers.count(),
             'following': self.following.count(),
+            'is_remote': self.is_remote,
             'location': self.location,
             'birth_date': self.birth_date,
             'picture': self.picture is not None,
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 4a3d58edb..de8e1a671 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -3,14 +3,16 @@
 from typing import Any, Dict, Tuple, Union
 
 import click
-from flask import Blueprint, request, send_file
+from flask import Blueprint, current_app, request, send_file
 from sqlalchemy import exc
 
 from fittrackee import appLog, db
+from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.exceptions import (
     ActorNotFoundException,
     DomainNotFoundException,
 )
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils_user import get_user_from_username
 from fittrackee.files import get_absolute_file_path
 from fittrackee.responses import (
@@ -48,11 +50,73 @@ def set_admin(username: str) -> None:
         print(f"User '{username}' not found.")
 
 
+def get_users_list(auth_user: User, remote: bool = False) -> Dict:
+    params = request.args.copy()
+    page = int(params.get('page', 1))
+    per_page = int(params.get('per_page', USERS_PER_PAGE))
+    if per_page > 50:
+        per_page = 50
+    order_by = params.get('order_by', 'username')
+    order = params.get('order', 'asc')
+    query = params.get('q')
+    users_pagination = (
+        User.query.join(Actor, Actor.id == User.actor_id)
+        .join(Domain, Domain.id == Actor.domain_id)
+        .filter(
+            User.username.like('%' + query + '%') if query else True,
+            Domain.name != current_app.config['AP_DOMAIN']
+            if remote
+            else Domain.name == current_app.config['AP_DOMAIN'],
+        )
+        .order_by(
+            User.workouts_count.asc()  # type: ignore
+            if order_by == 'workouts_count' and order == 'asc'
+            else True,
+            User.workouts_count.desc()  # type: ignore
+            if order_by == 'workouts_count' and order == 'desc'
+            else True,
+            User.username.asc()
+            if order_by == 'username' and order == 'asc'
+            else True,
+            User.username.desc()
+            if order_by == 'username' and order == 'desc'
+            else True,
+            User.created_at.asc()
+            if order_by == 'created_at' and order == 'asc'
+            else True,
+            User.created_at.desc()
+            if order_by == 'created_at' and order == 'desc'
+            else True,
+            User.admin.asc()
+            if order_by == 'admin' and order == 'asc'
+            else True,
+            User.admin.desc()
+            if order_by == 'admin' and order == 'desc'
+            else True,
+        )
+        .paginate(page, per_page, False)
+    )
+    users = users_pagination.items
+    role = UserRole.ADMIN if auth_user.admin else UserRole.USER
+    return {
+        'status': 'success',
+        'data': {'users': [user.serialize(role) for user in users]},
+        'pagination': {
+            'has_next': users_pagination.has_next,
+            'has_prev': users_pagination.has_prev,
+            'page': users_pagination.page,
+            'pages': users_pagination.pages,
+            'total': users_pagination.total,
+        },
+    }
+
+
 @users_blueprint.route('/users', methods=['GET'])
 @authenticate
 def get_users(auth_user: User) -> Dict:
     """
-    Get all users
+    Get all users (it returns only local users if federation is enabled).
+    If authenticated user has admin rights, users email is returned.
 
     **Example request**:
 
@@ -87,8 +151,9 @@ def get_users(auth_user: User) -> Dict:
               "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
               "email": "admin@example.com",
               "first_name": null,
-              "imperial_units": false,
-              "language": "en",
+              "followers": 0,
+              "following": 0,
+              "is_remote": false,
               "last_name": null,
               "location": null,
               "nb_sports": 3,
@@ -137,7 +202,6 @@ def get_users(auth_user: User) -> Dict:
                   4,
                   6
               ],
-              "timezone": "Europe/Paris",
               "total_distance": 67.895,
               "total_duration": "6:50:27",
               "username": "admin"
@@ -149,7 +213,9 @@ def get_users(auth_user: User) -> Dict:
               "created_at": "Sat, 20 Jul 2019 11:27:03 GMT",
               "email": "sam@example.com",
               "first_name": null,
-              "language": "fr",
+              "followers": 0,
+              "following": 0,
+              "is_remote": false,
               "last_name": null,
               "location": null,
               "nb_sports": 0,
@@ -157,7 +223,6 @@ def get_users(auth_user: User) -> Dict:
               "picture": false,
               "records": [],
               "sports_list": [],
-              "timezone": "Europe/Paris",
               "total_distance": 0,
               "total_duration": "0:00:00",
               "username": "sam"
@@ -171,8 +236,9 @@ def get_users(auth_user: User) -> Dict:
     :query integer per_page: number of users per page (default: 10, max: 50)
     :query string q: query on user name
     :query string order_by: sorting criteria (``username``, ``created_at``,
-                            ``workouts_count``, ``admin``)
-    :query string order: sorting order (default: ``asc``)
+                            ``workouts_count``, ``admin``,
+                            default: ``username``)
+    :query string order: sorting order (``asc``, ``desc``, default: ``asc``)
 
     :reqheader Authorization: OAuth 2.0 Bearer Token
 
@@ -183,59 +249,89 @@ def get_users(auth_user: User) -> Dict:
         - invalid token, please log in again
 
     """
-    params = request.args.copy()
-    page = int(params.get('page', 1))
-    per_page = int(params.get('per_page', USERS_PER_PAGE))
-    if per_page > 50:
-        per_page = 50
-    order_by = params.get('order_by')
-    order = params.get('order', 'asc')
-    query = params.get('q')
-    users_pagination = (
-        User.query.filter(
-            User.username.like('%' + query + '%') if query else True,
-        )
-        .order_by(
-            User.workouts_count.asc()  # type: ignore
-            if order_by == 'workouts_count' and order == 'asc'
-            else True,
-            User.workouts_count.desc()  # type: ignore
-            if order_by == 'workouts_count' and order == 'desc'
-            else True,
-            User.username.asc()
-            if order_by == 'username' and order == 'asc'
-            else True,
-            User.username.desc()
-            if order_by == 'username' and order == 'desc'
-            else True,
-            User.created_at.asc()
-            if order_by == 'created_at' and order == 'asc'
-            else True,
-            User.created_at.desc()
-            if order_by == 'created_at' and order == 'desc'
-            else True,
-            User.admin.asc()
-            if order_by == 'admin' and order == 'asc'
-            else True,
-            User.admin.desc()
-            if order_by == 'admin' and order == 'desc'
-            else True,
-        )
-        .paginate(page, per_page, False)
-    )
-    users = users_pagination.items
-    role = UserRole.ADMIN if auth_user.admin else UserRole.USER
-    return {
-        'status': 'success',
-        'data': {'users': [user.serialize(role) for user in users]},
-        'pagination': {
-            'has_next': users_pagination.has_next,
-            'has_prev': users_pagination.has_prev,
-            'page': users_pagination.page,
-            'pages': users_pagination.pages,
-            'total': users_pagination.total,
+    return get_users_list(auth_user)
+
+
+@users_blueprint.route('/users/remote', methods=['GET'])
+@federation_required
+@authenticate
+def get_remote_users(
+    auth_user: User,
+    app_domain: Domain,
+) -> Dict:
+    """
+    Get all remote users (only if federation is enabled)
+
+    **Example request**:
+
+    - without parameters
+
+    .. sourcecode:: http
+
+      GET /api/users/remote HTTP/1.1
+      Content-Type: application/json
+
+    - with some query parameters
+
+    .. sourcecode:: http
+
+      GET /api/users/remote?order_by=username  HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": {
+          "users": [
+            {
+              "admin": false,
+              "bio": null,
+              "birth_date": null,
+              "created_at": "Sat, 20 Jul 2019 11:27:03 GMT",
+              "first_name": null,
+              "followers": 0,
+              "following": 0,
+              "is_remote": true,
+              "last_name": null,
+              "location": null,
+              "nb_sports": 0,
+              "nb_workouts": 0,
+              "picture": false,
+              "records": [],
+              "sports_list": [],
+              "total_distance": 0,
+              "total_duration": "0:00:00",
+              "username": "sam"
+            }
+          ]
         },
-    }
+        "status": "success"
+      }
+
+    :query integer page: page if using pagination (default: 1)
+    :query integer per_page: number of users per page (default: 10, max: 50)
+    :query string q: query on user name
+    :query string order_by: sorting criteria (``username``, ``created_at``,
+                            ``workouts_count``, ``admin``,
+                            default: ``username``)
+    :query string order: sorting order (``asc``, ``desc``, default: ``asc``)
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 403: Error. Federation is disabled for this instance.
+
+    """
+    return get_users_list(auth_user, remote=True)
 
 
 @users_blueprint.route('/users/<user_name>', methods=['GET'])
@@ -244,7 +340,8 @@ def get_single_user(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
     """
-    Get single user details
+    Get single user details.
+    If authenticated user has admin rights, user email is returned.
 
     **Example request**:
 
@@ -269,8 +366,9 @@ def get_single_user(
             "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
             "email": "admin@example.com",
             "first_name": null,
-            "imperial_units": false,
-            "language": "en",
+            "followers": 0,
+            "following": 0,
+            "is_remote": false,
             "last_name": null,
             "location": null,
             "nb_sports": 3,
@@ -319,7 +417,6 @@ def get_single_user(
                 4,
                 6
             ],
-            "timezone": "Europe/Paris",
             "total_distance": 67.895,
             "total_duration": "6:50:27",
             "username": "admin"
@@ -422,8 +519,9 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
             "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
             "email": "admin@example.com",
             "first_name": null,
-            "imperial_units": false,
-            "language": "en",
+            "followers": 0,
+            "following": 0,
+            "is_remote": false,
             "last_name": null,
             "location": null,
             "nb_workouts": 6,
@@ -472,7 +570,6 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
                 4,
                 6
             ],
-            "timezone": "Europe/Paris",
             "total_distance": 67.895,
             "total_duration": "6:50:27",
             "username": "admin"
@@ -733,7 +830,7 @@ def get_followers(
 ) -> Union[Dict, HttpResponse]:
     """
     Get user followers.
-    If the authenticate user has admin rights, it returns following users with
+    If the authenticated user has admin rights, it returns following users with
     additional field 'email'
 
     **Example request**:
@@ -770,6 +867,7 @@ def get_followers(
               "first_name": null,
               "followers": 1,
               "following": 1,
+              "is_remote": false,
               "last_name": null,
               "location": null,
               "nb_sports": 0,
@@ -857,6 +955,7 @@ def get_following(
               "first_name": null,
               "followers": 1,
               "following": 1,
+              "is_remote": false,
               "last_name": null,
               "location": null,
               "nb_sports": 0,

From 0cf10d319f9b0a0063d03f3a07bd0f3016dc7a6e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 17:20:56 +0100
Subject: [PATCH 059/238] API - add is_remote field to user to simplify queries

---
 fittrackee/federation/utils_user.py           |  1 +
 .../23_8842c351a2d8_init_federation.py        | 10 +++-
 .../tests/fixtures/fixtures_federation.py     | 49 +------------------
 .../fixtures/fixtures_federation_users.py     | 46 ++++++++++++++++-
 fittrackee/tests/users/test_users_api.py      | 12 ++---
 fittrackee/users/models.py                    | 40 +++++++--------
 fittrackee/users/users.py                     | 12 ++---
 7 files changed, 86 insertions(+), 84 deletions(-)

diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 39c6fdb98..8759d373d 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -83,6 +83,7 @@ def create_remote_user(remote_actor_url: Optional[str]) -> Actor:
             username=remote_actor_object['name'],
             email=None,
             password=None,
+            is_remote=True,
         )
         db.session.add(user)
         user.actor_id = actor.id
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 3826ff43f..b922b818f 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -88,6 +88,11 @@ def upgrade():
         nullable=True)
     )
     op.add_column('users', sa.Column('actor_id', sa.Integer(), nullable=True))
+    op.add_column(
+        'users',
+        sa.Column('is_remote', sa.Boolean(),
+        nullable=True)
+    )
     op.create_unique_constraint('users_actor_id_key', 'users', ['actor_id'])
     op.create_foreign_key(
         'users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id']
@@ -116,7 +121,9 @@ def upgrade():
     domain = connection.execute(domain_table.select()).fetchone()
     for user in connection.execute(user_helper.select()):
         op.execute(
-            "UPDATE users SET manually_approves_followers = True "
+            "UPDATE users "
+            "SET manually_approves_followers = True, "
+            "    is_remote = False "
             f"WHERE users.id = {user.id}"
         )
         created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
@@ -147,6 +154,7 @@ def upgrade():
             f'UPDATE users SET actor_id = {actor.id} WHERE users.id = {user.id}'
         )
     op.alter_column('users', 'manually_approves_followers', nullable=False)
+    op.alter_column('users', 'is_remote', nullable=False)
     op.create_unique_constraint(
         'username_actor_id_unique', 'users', ['username', 'actor_id']
     )
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index b360e1a19..d8176a2f7 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -3,9 +3,8 @@
 
 from fittrackee import db
 from fittrackee.federation.models import Actor, Domain
-from fittrackee.users.models import User
 
-from ..utils import RandomActor, get_remote_user_object, random_domain
+from ..utils import RandomActor, random_domain
 
 
 @pytest.fixture()
@@ -25,52 +24,6 @@ def remote_domain(app_with_federation: Flask) -> Domain:
     return remote_domain
 
 
-def generate_remote_user(
-    remote_domain: Domain, without_profile_page: bool = False
-) -> User:
-    domain = f'https://{remote_domain.name}'
-    user_name = 'test'
-    if without_profile_page:
-        remote_user_object = get_remote_user_object(
-            username='Test',
-            preferred_username=user_name,
-            domain=domain,
-        )
-    else:
-        remote_user_object = get_remote_user_object(
-            username='Test',
-            preferred_username=user_name,
-            domain=domain,
-            profile_url=f'{domain}/{user_name}',
-        )
-    actor = Actor(
-        preferred_username=user_name,
-        domain_id=remote_domain.id,
-        remote_user_data=remote_user_object,
-    )
-    db.session.add(actor)
-    db.session.flush()
-    user = User(
-        username=user_name,
-        email=None,
-        password=None,
-    )
-    db.session.add(user)
-    user.actor_id = actor.id
-    db.session.commit()
-    return user
-
-
-@pytest.fixture()
-def remote_user(remote_domain: Domain) -> User:
-    return generate_remote_user(remote_domain)
-
-
-@pytest.fixture()
-def remote_user_without_profile_page(remote_domain: Domain) -> User:
-    return generate_remote_user(remote_domain, without_profile_page=True)
-
-
 @pytest.fixture()
 def random_actor() -> RandomActor:
     return RandomActor()
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index c10746730..8b84633dc 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -1,8 +1,52 @@
 import pytest
 
+from fittrackee import db
+from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import FollowRequest, User
 
-from ..utils import generate_follow_request
+from ..utils import generate_follow_request, get_remote_user_object
+
+
+def generate_remote_user(
+    remote_domain: Domain, without_profile_page: bool = False
+) -> User:
+    domain = f'https://{remote_domain.name}'
+    user_name = 'test'
+    if without_profile_page:
+        remote_user_object = get_remote_user_object(
+            username='Test',
+            preferred_username=user_name,
+            domain=domain,
+        )
+    else:
+        remote_user_object = get_remote_user_object(
+            username='Test',
+            preferred_username=user_name,
+            domain=domain,
+            profile_url=f'{domain}/{user_name}',
+        )
+    actor = Actor(
+        preferred_username=user_name,
+        domain_id=remote_domain.id,
+        remote_user_data=remote_user_object,
+    )
+    db.session.add(actor)
+    db.session.flush()
+    user = User(username=user_name, email=None, password=None, is_remote=True)
+    db.session.add(user)
+    user.actor_id = actor.id
+    db.session.commit()
+    return user
+
+
+@pytest.fixture()
+def remote_user(remote_domain: Domain) -> User:
+    return generate_remote_user(remote_domain)
+
+
+@pytest.fixture()
+def remote_user_without_profile_page(remote_domain: Domain) -> User:
+    return generate_remote_user(remote_domain, without_profile_page=True)
 
 
 @pytest.fixture()
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index ba22fd66f..7b845e631 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -663,8 +663,8 @@ def test_it_gets_users_list_ordered_by_admin_rights(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'sam' in data['data']['users'][0]['username']
-        assert 'toto' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
         assert 'admin' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
@@ -690,8 +690,8 @@ def test_it_gets_users_list_ordered_by_admin_rights_ascending(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'sam' in data['data']['users'][0]['username']
-        assert 'toto' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
         assert 'admin' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
@@ -718,8 +718,8 @@ def test_it_gets_users_list_ordered_by_admin_rights_descending(
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
-        assert 'sam' in data['data']['users'][1]['username']
-        assert 'toto' in data['data']['users'][2]['username']
+        assert 'toto' in data['data']['users'][1]['username']
+        assert 'sam' in data['data']['users'][2]['username']
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index e3e879e76..1fd467066 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -126,8 +126,15 @@ class User(BaseModel):
     bio = db.Column(db.String(200), nullable=True)
     picture = db.Column(db.String(255), nullable=True)
     timezone = db.Column(db.String(50), nullable=True)
-    # does the week start Monday?
+    # weekm: does the week start Monday?
     weekm = db.Column(db.Boolean(50), default=False, nullable=False)
+    language = db.Column(db.String(50), nullable=True)
+    imperial_units = db.Column(db.Boolean, default=False, nullable=False)
+    manually_approves_followers = db.Column(
+        db.Boolean, default=True, nullable=False
+    )
+    is_remote = db.Column(db.Boolean, default=False, nullable=False)
+
     workouts = db.relationship(
         'Workout',
         lazy=True,
@@ -138,8 +145,6 @@ class User(BaseModel):
         lazy=True,
         backref=db.backref('user', lazy='joined', single_parent=True),
     )
-    language = db.Column(db.String(50), nullable=True)
-    imperial_units = db.Column(db.Boolean, default=False, nullable=False)
     actor = db.relationship(Actor, back_populates='user')
     received_follow_requests = db.relationship(
         FollowRequest,
@@ -153,9 +158,6 @@ class User(BaseModel):
         primaryjoin=id == FollowRequest.follower_user_id,
         lazy='dynamic',
     )
-    manually_approves_followers = db.Column(
-        db.Boolean, default=True, nullable=False
-    )
     followers = db.relationship(
         'User',
         secondary='follow_requests',
@@ -192,6 +194,7 @@ def __init__(
         email: Optional[str],
         password: Optional[str],
         created_at: Optional[datetime] = datetime.utcnow(),
+        is_remote: bool = False,
     ) -> None:
         self.username = username
         self.email = email  # email is None for remote actor
@@ -200,9 +203,10 @@ def __init__(
                 password, current_app.config.get('BCRYPT_LOG_ROUNDS')
             ).decode()
             if email
-            else None
-        )  # no password for remote actor
+            else None  # no password for remote actor
+        )
         self.created_at = created_at
+        self.is_remote = is_remote
 
     @staticmethod
     def encode_auth_token(user_id: int) -> str:
@@ -341,10 +345,6 @@ def create_actor(self) -> None:
         self.actor_id = actor.id
         db.session.commit()
 
-    @property
-    def is_remote(self) -> bool:
-        return self.actor.is_remote
-
     def serialize(self, role: Optional[UserRole] = None) -> Dict:
         sports = []
         total = (0, '0:00:00')
@@ -364,26 +364,26 @@ def serialize(self, role: Optional[UserRole] = None) -> Dict:
                 .first()
             )
         serialized_user = {
-            'username': self.username,
-            'created_at': self.created_at,
             'admin': self.admin,
-            'first_name': self.first_name,
-            'last_name': self.last_name,
             'bio': self.bio,
+            'birth_date': self.birth_date,
+            'created_at': self.created_at,
+            'first_name': self.first_name,
             'followers': self.followers.count(),
             'following': self.following.count(),
             'is_remote': self.is_remote,
+            'last_name': self.last_name,
             'location': self.location,
-            'birth_date': self.birth_date,
-            'picture': self.picture is not None,
             'nb_sports': len(sports),
             'nb_workouts': self.workouts_count,
+            'picture': self.picture is not None,
             'records': [record.serialize() for record in self.records],
             'sports_list': [
                 sport for sportslist in sports for sport in sportslist
             ],
             'total_distance': float(total[0]),
             'total_duration': str(total[1]),
+            'username': self.username,
         }
 
         if role in [UserRole.AUTH_USER, UserRole.ADMIN]:
@@ -393,10 +393,10 @@ def serialize(self, role: Optional[UserRole] = None) -> Dict:
             serialized_user = {
                 **serialized_user,
                 **{
+                    'imperial_units': self.imperial_units,
+                    'language': self.language,
                     'timezone': self.timezone,
                     'weekm': self.weekm,
-                    'language': self.language,
-                    'imperial_units': self.imperial_units,
                 },
             }
 
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index de8e1a671..43461fa8e 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -3,7 +3,7 @@
 from typing import Any, Dict, Tuple, Union
 
 import click
-from flask import Blueprint, current_app, request, send_file
+from flask import Blueprint, request, send_file
 from sqlalchemy import exc
 
 from fittrackee import appLog, db
@@ -12,7 +12,7 @@
     ActorNotFoundException,
     DomainNotFoundException,
 )
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.models import Domain
 from fittrackee.federation.utils_user import get_user_from_username
 from fittrackee.files import get_absolute_file_path
 from fittrackee.responses import (
@@ -60,13 +60,9 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
     order = params.get('order', 'asc')
     query = params.get('q')
     users_pagination = (
-        User.query.join(Actor, Actor.id == User.actor_id)
-        .join(Domain, Domain.id == Actor.domain_id)
-        .filter(
+        User.query.filter(
             User.username.like('%' + query + '%') if query else True,
-            Domain.name != current_app.config['AP_DOMAIN']
-            if remote
-            else Domain.name == current_app.config['AP_DOMAIN'],
+            User.is_remote == remote,
         )
         .order_by(
             User.workouts_count.asc()  # type: ignore

From 885a24ef2f9f5b2f8a688c5dd0811792df770baa Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 8 Dec 2021 17:53:42 +0100
Subject: [PATCH 060/238] API - exclude remote users for registration status

---
 fittrackee/application/models.py              |  4 +++-
 .../tests/federation/application/__init__.py  |  0
 .../application/test_app_config_model.py      | 22 +++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 fittrackee/tests/federation/application/__init__.py
 create mode 100644 fittrackee/tests/federation/application/test_app_config_model.py

diff --git a/fittrackee/application/models.py b/fittrackee/application/models.py
index e77ae8958..5eb90db7c 100644
--- a/fittrackee/application/models.py
+++ b/fittrackee/application/models.py
@@ -25,7 +25,9 @@ class AppConfig(BaseModel):
     @property
     def is_registration_enabled(self) -> bool:
         try:
-            nb_users = User.query.count()
+            nb_users = User.query.filter(
+                User.is_remote == False  # noqa
+            ).count()
         except exc.ProgrammingError as e:
             # workaround for user model related migrations
             if 'psycopg2.errors.UndefinedColumn' in str(e):
diff --git a/fittrackee/tests/federation/application/__init__.py b/fittrackee/tests/federation/application/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/federation/application/test_app_config_model.py b/fittrackee/tests/federation/application/test_app_config_model.py
new file mode 100644
index 000000000..6f589da07
--- /dev/null
+++ b/fittrackee/tests/federation/application/test_app_config_model.py
@@ -0,0 +1,22 @@
+from flask import Flask
+
+from fittrackee.application.models import AppConfig
+from fittrackee.users.models import User
+
+
+class TestConfigModelWithRemoteUsers:
+    def test_it_returns_registration_is_enabled(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        app_config = AppConfig.query.first()
+        app_config.max_users = 2
+
+        assert app_config.is_registration_enabled
+
+    def test_it_returns_registration_is_disabled(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        app_config = AppConfig.query.first()
+        app_config.max_users = 1
+
+        assert app_config.is_registration_enabled is False

From a821a1c294a18d1705e68eb9b10a70f2ed5e9d74 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 8 Dec 2021 18:34:18 +0100
Subject: [PATCH 061/238] API - speed up tests by patching actor keys
 generation

(except for tests that need it)
---
 fittrackee/tests/conftest.py                  | 19 +++++++++++++++++++
 .../federation/test_federation_models.py      |  1 +
 .../federation/test_federation_signature.py   |  8 ++++++++
 .../federation/federation/test_users_inbox.py |  3 +++
 pyproject.toml                                |  5 +++++
 5 files changed, 36 insertions(+)

diff --git a/fittrackee/tests/conftest.py b/fittrackee/tests/conftest.py
index a36ba6d9f..ba9e2c44f 100644
--- a/fittrackee/tests/conftest.py
+++ b/fittrackee/tests/conftest.py
@@ -1,4 +1,9 @@
 import os
+from typing import Iterator
+from unittest.mock import patch
+from uuid import uuid4
+
+import pytest
 
 os.environ['FLASK_ENV'] = 'testing'
 os.environ['APP_SETTINGS'] = 'fittrackee.config.TestingConfig'
@@ -12,3 +17,17 @@
     'fittrackee.tests.fixtures.fixtures_workouts',
     'fittrackee.tests.fixtures.fixtures_users',
 ]
+
+
+@pytest.fixture(autouse=True)
+def default_generate_keys_fixture(
+    request: pytest.FixtureRequest,
+) -> Iterator[None]:
+    if 'disable_autouse_generate_keys' in request.keywords:
+        yield
+    else:
+        with patch(
+            'fittrackee.federation.models.generate_keys'
+        ) as generate_keys_mock:
+            generate_keys_mock.return_value = (uuid4().hex, uuid4().hex)
+            yield
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 0c7ceb43b..d07bec181 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -122,6 +122,7 @@ def test_it_returns_serialized_object(
             == f'https://{ap_url}/federation/inbox'
         )
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_generated_key_is_valid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 92ddbf25a..546ceff64 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -407,6 +407,7 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
 
 
 class TestSignatureVerify(SignatureVerificationTestCase):
+    @pytest.mark.disable_autouse_generate_keys
     def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
         self, app_with_federation: Flask, user_1: User, user_2: User
     ) -> None:
@@ -431,6 +432,7 @@ def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
             ):
                 sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_raises_error_if_header_date_is_invalid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -458,6 +460,7 @@ def test_verify_raises_error_if_header_date_is_invalid(
             ):
                 sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_raises_error_if_public_key_is_invalid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -481,6 +484,7 @@ def test_verify_raises_error_if_public_key_is_invalid(
             ):
                 sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_raises_error_if_algorithm_is_not_supported(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -510,6 +514,7 @@ def test_verify_raises_error_if_algorithm_is_not_supported(
             ):
                 sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_raises_error_if_http_digest_is_invalid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -537,6 +542,7 @@ def test_verify_raises_error_if_http_digest_is_invalid(
             ):
                 sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -565,6 +571,7 @@ def test_verify_raises_error_if_signature_is_invalid_due_to_keys_update(
             ):
                 sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_does_not_raise_error_if_signature_is_valid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -588,6 +595,7 @@ def test_verify_does_not_raise_error_if_signature_is_valid(
 
             sig_verification.verify()
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_verify_does_not_raise_error_if_signature_without_digest_is_valid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
diff --git a/fittrackee/tests/federation/federation/test_users_inbox.py b/fittrackee/tests/federation/federation/test_users_inbox.py
index d7cc0ebac..bac0e7888 100644
--- a/fittrackee/tests/federation/federation/test_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_users_inbox.py
@@ -147,6 +147,7 @@ def test_it_returns_401_if_headers_are_missing(
         assert 'error' in data['status']
         assert 'Invalid signature.' in data['message']
 
+    @pytest.mark.disable_autouse_generate_keys
     def test_it_returns_401_if_signature_is_invalid(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -175,6 +176,7 @@ def test_it_returns_401_if_signature_is_invalid(
         assert 'error' in data['status']
         assert 'Invalid signature.' in data['message']
 
+    @pytest.mark.disable_autouse_generate_keys
     @patch('fittrackee.federation.inbox.handle_activity')
     def test_it_returns_200_if_activity_and_signature_are_valid(
         self,
@@ -191,6 +193,7 @@ def test_it_returns_200_if_activity_and_signature_are_valid(
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
 
+    @pytest.mark.disable_autouse_generate_keys
     @patch('fittrackee.federation.inbox.handle_activity')
     def test_it_calls_handle_activity_task(
         self,
diff --git a/pyproject.toml b/pyproject.toml
index 9f7a0c72a..efbd1cf74 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -80,6 +80,11 @@ include_trailing_comma = true
 force_grid_wrap = 0
 combine_as_imports = true
 
+[tool.pytest.ini_options]
+markers = [
+    "disable_autouse_generate_keys: disable patch for keys generation",
+]
+
 [build-system]
 requires = ["poetry>=0.12"]
 build-backend = "poetry.masonry.api"

From 16f5c90fa46bc56a0fb5f81887683e7693a99bbb Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 8 Dec 2021 19:14:20 +0100
Subject: [PATCH 062/238] API - return actor icon if user has picture

---
 fittrackee/federation/models.py               | 19 ++++++++++++++++++-
 .../federation/test_federation_models.py      | 15 +++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index af719b689..115adbd28 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -10,6 +10,12 @@
 from .enums import ActorType
 from .utils import generate_keys, get_ap_url
 
+MEDIA_TYPE = {
+    'gif': 'image/gif',
+    'jpg': 'image/jpeg',
+    'png': 'image/png',
+}
+
 
 class Domain(BaseModel):
     """ActivityPub Domain"""
@@ -144,7 +150,7 @@ def update_remote_data(self, remote_user_data: Dict) -> None:
         self.last_fetch_date = datetime.utcnow()
 
     def serialize(self) -> Dict:
-        return {
+        actor_dict = {
             '@context': AP_CTX,
             'id': self.activitypub_id,
             'type': self.type.value,
@@ -163,3 +169,14 @@ def serialize(self) -> Dict:
             },
             'endpoints': {'sharedInbox': self.shared_inbox_url},
         }
+        if self.user.picture:
+            extension = self.user.picture.rsplit('.', 1)[1].lower()
+            actor_dict['icon'] = {
+                'type': 'Image',
+                'mediaType': MEDIA_TYPE[extension],
+                'url': (
+                    f'https://{current_app.config["AP_DOMAIN"]}'
+                    f'/api/users/{self.user.username}/picture'
+                ),
+            }
+        return actor_dict
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index d07bec181..10697e369 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -121,6 +121,21 @@ def test_it_returns_serialized_object(
             serialized_actor['endpoints']['sharedInbox']
             == f'https://{ap_url}/federation/inbox'
         )
+        assert 'icon' not in serialized_actor
+
+    def test_it_returns_icon_if_user_has_picture(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        user_1.picture = 'path/image.jpg'
+        actor_1 = user_1.actor
+        serialized_actor = actor_1.serialize()
+        ap_url = app_with_federation.config['AP_DOMAIN']
+
+        assert serialized_actor['icon'] == {
+            'type': 'Image',
+            'mediaType': 'image/jpeg',
+            'url': f'https://{ap_url}/api/users/{user_1.username}/picture',
+        }
 
     @pytest.mark.disable_autouse_generate_keys
     def test_generated_key_is_valid(

From a5d4aeb77a0b8fb62208ca24e2a127e5e7669d93 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 11 Dec 2021 15:31:09 +0100
Subject: [PATCH 063/238] API - delete actor on user deletion

---
 .../tests/federation/users/test_users_api.py   | 18 ++++++++++++++++++
 fittrackee/tests/users/test_users_api.py       | 16 ++++++++++++++++
 fittrackee/users/users.py                      |  1 +
 3 files changed, 35 insertions(+)

diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index 9214bbdd6..d66df4838 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -2,6 +2,7 @@
 
 from flask import Flask
 
+from fittrackee.federation.models import Actor
 from fittrackee.users.models import User
 
 from ...test_case_mixins import ApiTestCaseMixin
@@ -59,3 +60,20 @@ def test_it_gets_users_list(
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0]['username'] == remote_user.username
         assert data['data']['users'][0]['is_remote']
+
+
+class TestDeleteUser(ApiTestCaseMixin):
+    def test_it_deletes_actor_when_deleting_user(
+        self, app_with_federation: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        actor_id = user_2.actor_id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1_admin.email
+        )
+
+        client.delete(
+            f'/api/users/{user_2.username}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert Actor.query.filter_by(id=actor_id).first() is None
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 7b845e631..1efc3144c 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -6,6 +6,7 @@
 
 from flask import Flask
 
+from fittrackee.federation.models import Actor
 from fittrackee.users.models import User, UserSportPreference
 from fittrackee.workouts.models import Sport, Workout
 
@@ -1293,3 +1294,18 @@ def test_it_does_not_enable_registration_on_user_delete(
         data = json.loads(response.data.decode())
         assert data['status'] == 'error'
         assert data['message'] == 'error, registration is disabled'
+
+    def test_it_deletes_actor_when_deleting_user(
+        self, app: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        actor_id = user_2.actor_id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        client.delete(
+            f'/api/users/{user_2.username}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert Actor.query.filter_by(id=actor_id).first() is None
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 43461fa8e..70609bcfc 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -680,6 +680,7 @@ def delete_user(
         db.session.flush()
         user_picture = user.picture
         db.session.delete(user)
+        db.session.delete(user.actor)
         db.session.commit()
         if user_picture:
             picture_path = get_absolute_file_path(user.picture)

From 3ce4b426ab167afb1a048a996af810fb98810c60 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 12:23:11 +0100
Subject: [PATCH 064/238] API - return only local users count in app stats

---
 .../tests/federation/workouts/__init__.py     |  0
 .../federation/workouts/test_stats_api.py     | 26 +++++++++++++++++++
 fittrackee/workouts/stats.py                  |  5 ++--
 3 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 fittrackee/tests/federation/workouts/__init__.py
 create mode 100644 fittrackee/tests/federation/workouts/test_stats_api.py

diff --git a/fittrackee/tests/federation/workouts/__init__.py b/fittrackee/tests/federation/workouts/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/federation/workouts/test_stats_api.py b/fittrackee/tests/federation/workouts/test_stats_api.py
new file mode 100644
index 000000000..0d888f303
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_stats_api.py
@@ -0,0 +1,26 @@
+import json
+
+from flask import Flask
+
+from fittrackee.users.models import User
+
+from ...test_case_mixins import ApiTestCaseMixin
+
+
+class TestGetAllStats(ApiTestCaseMixin):
+    def test_it_returns_local_users_count(
+        self, app_with_federation: Flask, user_1_admin: User, remote_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/stats/all',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['users'] == 1
diff --git a/fittrackee/workouts/stats.py b/fittrackee/workouts/stats.py
index 9c3da1484..7dd4e23e2 100644
--- a/fittrackee/workouts/stats.py
+++ b/fittrackee/workouts/stats.py
@@ -380,7 +380,8 @@ def get_workouts_by_sport(
 @authenticate_as_admin
 def get_application_stats(auth_user: User) -> Dict:
     """
-    Get all application statistics
+    Get all application statistics.
+    Users count is local users count when federation is enabled.
 
     **Example requests**:
 
@@ -417,7 +418,7 @@ def get_application_stats(auth_user: User) -> Dict:
     """
 
     nb_workouts = Workout.query.filter().count()
-    nb_users = User.query.filter().count()
+    nb_users = User.query.filter(User.is_remote == False).count()  # noqa
     nb_sports = (
         db.session.query(func.count(Workout.sport_id))
         .group_by(Workout.sport_id)

From fdeb79c611819e9cd2b176995de559f0c69017b5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 12 Dec 2021 16:27:10 +0100
Subject: [PATCH 065/238] API - fix rollback migration

---
 .../migrations/versions/23_8842c351a2d8_init_federation.py       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index b922b818f..a982bbdc6 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -199,6 +199,7 @@ def downgrade():
     )
     op.drop_constraint('users_actor_id_fkey', 'users', type_='foreignkey')
     op.drop_constraint('users_actor_id_key', 'users', type_='unique')
+    op.drop_column('users', 'is_remote')
     op.drop_column('users', 'manually_approves_followers')
     op.drop_column('users', 'actor_id')
 

From 16a8e686e6a75fe4f1d549cf9197731e73ae43a4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 18:03:14 +0100
Subject: [PATCH 066/238] API - init privacy levels on workouts related data
 (WIP)

Add different visibility levels (private, followers_only, private) on:
- on some user infos
- workouts
- workout map
---
 .../23_8842c351a2d8_init_federation.py        |  33 +-
 fittrackee/tests/users/test_auth_api.py       | 126 ++----
 fittrackee/tests/users/test_users_api.py      | 363 +++++++++---------
 fittrackee/tests/users/test_users_model.py    |  33 +-
 fittrackee/tests/utils.py                     |   7 +-
 fittrackee/users/auth.py                      |  21 +-
 fittrackee/users/decorators.py                |  32 +-
 fittrackee/users/models.py                    |  47 ++-
 fittrackee/users/privacy_levels.py            |   7 +
 fittrackee/users/users.py                     |  79 +++-
 10 files changed, 423 insertions(+), 325 deletions(-)
 create mode 100644 fittrackee/users/privacy_levels.py

diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index a982bbdc6..412d2f33d 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -10,6 +10,7 @@
 
 import sqlalchemy as sa
 from alembic import op
+from sqlalchemy.dialects.postgresql import ENUM
 
 from fittrackee.federation.utils import generate_keys, get_ap_url, remove_url_scheme
 
@@ -20,6 +21,10 @@
 branch_labels = None
 depends_on = None
 
+privacy_levels = ENUM(
+    'PUBLIC', 'FOLLOWERS', 'PRIVATE', name='privacy_levels'
+)
+
 
 def upgrade():
     op.add_column(
@@ -110,7 +115,28 @@ def upgrade():
         'users', 'password', existing_type=sa.VARCHAR(length=255),
         nullable=True
     )
+    # privacy levels
+    privacy_levels.create(op.get_bind())
+    op.add_column(
+        'users',
+        sa.Column(
+            'workouts_visibility',
+            privacy_levels,
+            server_default='PRIVATE',
+            nullable=True,
+        ),
+    )
+    op.add_column(
+        'users',
+        sa.Column(
+            'map_visibility',
+            privacy_levels,
+            server_default='PRIVATE',
+            nullable=True,
+        ),
+    )
     # create local actors with keys (even if federation is not enabled)
+    # and update users
     user_helper = sa.Table(
         'users',
         sa.MetaData(),
@@ -123,7 +149,9 @@ def upgrade():
         op.execute(
             "UPDATE users "
             "SET manually_approves_followers = True, "
-            "    is_remote = False "
+            "    is_remote = False, "
+            "    workouts_visibility = 'PRIVATE', "
+            "    map_visibility = 'PRIVATE' "
             f"WHERE users.id = {user.id}"
         )
         created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
@@ -199,6 +227,9 @@ def downgrade():
     )
     op.drop_constraint('users_actor_id_fkey', 'users', type_='foreignkey')
     op.drop_constraint('users_actor_id_key', 'users', type_='unique')
+    op.drop_column('users', 'map_visibility')
+    op.drop_column('users', 'workouts_visibility')
+    privacy_levels.drop(op.get_bind())
     op.drop_column('users', 'is_remote')
     op.drop_column('users', 'manually_approves_followers')
     op.drop_column('users', 'actor_id')
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index e06f23ada..3cb2f4a42 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -8,11 +8,13 @@
 from freezegun import freeze_time
 
 from fittrackee.users.models import User, UserSportPreference
+from fittrackee.users.roles import UserRole
 from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout
 
 from ..federation.users.test_auth_api import assert_actor_is_created
 from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import jsonify_dict
 
 
 class TestUserRegistration:
@@ -487,24 +489,12 @@ def test_it_returns_user_profile_when_no_workouts_and_no_preferences(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['data'] is not None
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert data['data']['created_at']
-        assert not data['data']['admin']
-        assert data['data']['timezone'] is None
-        assert data['data']['weekm'] is False
-        assert data['data']['imperial_units'] is False
-        assert data['data']['language'] is None
-        assert data['data']['nb_sports'] == 0
-        assert data['data']['nb_workouts'] == 0
-        assert data['data']['records'] == []
-        assert data['data']['sports_list'] == []
-        assert data['data']['total_distance'] == 0
-        assert data['data']['total_duration'] == '0:00:00'
-        assert response.status_code == 200
+        assert data['data'] == jsonify_dict(
+            user_1.serialize(role=UserRole.AUTH_USER)
+        )
 
     def test_it_returns_user_profile_with_updated_fields(
         self, app: Flask, user_1_full: User
@@ -519,28 +509,11 @@ def test_it_returns_user_profile_with_updated_fields(
         )
 
         data = json.loads(response.data.decode())
-        assert data['status'] == 'success'
-        assert data['data'] is not None
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert data['data']['created_at']
-        assert not data['data']['admin']
-        assert data['data']['first_name'] == 'John'
-        assert data['data']['last_name'] == 'Doe'
-        assert data['data']['birth_date']
-        assert data['data']['bio'] == 'just a random guy'
-        assert data['data']['imperial_units'] is False
-        assert data['data']['location'] == 'somewhere'
-        assert data['data']['timezone'] == 'America/New_York'
-        assert data['data']['weekm'] is False
-        assert data['data']['language'] == 'en'
-        assert data['data']['nb_sports'] == 0
-        assert data['data']['nb_workouts'] == 0
-        assert data['data']['records'] == []
-        assert data['data']['sports_list'] == []
-        assert data['data']['total_distance'] == 0
-        assert data['data']['total_duration'] == '0:00:00'
         assert response.status_code == 200
+        assert data['status'] == 'success'
+        assert data['data'] == jsonify_dict(
+            user_1_full.serialize(role=UserRole.AUTH_USER)
+        )
 
     def test_it_returns_user_profile_with_workouts(
         self,
@@ -560,22 +533,12 @@ def test_it_returns_user_profile_with_workouts(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['data'] is not None
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert data['data']['created_at']
-        assert not data['data']['admin']
-        assert data['data']['timezone'] is None
-        assert data['data']['imperial_units'] is False
-        assert data['data']['nb_sports'] == 2
-        assert data['data']['nb_workouts'] == 2
-        assert len(data['data']['records']) == 8
-        assert data['data']['sports_list'] == [1, 2]
-        assert data['data']['total_distance'] == 22
-        assert data['data']['total_duration'] == '2:40:00'
-        assert response.status_code == 200
+        assert data['data'] == jsonify_dict(
+            user_1.serialize(role=UserRole.AUTH_USER)
+        )
 
     def test_it_returns_error_if_headers_are_invalid(self, app: Flask) -> None:
         client = app.test_client()
@@ -611,29 +574,15 @@ def test_it_updates_user_profile(self, app: Flask, user_1: User) -> None:
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert data['message'] == 'user profile updated'
-        assert response.status_code == 200
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert not data['data']['admin']
-        assert data['data']['created_at']
-        assert data['data']['first_name'] == 'John'
-        assert data['data']['last_name'] == 'Doe'
         assert data['data']['birth_date']
         assert data['data']['bio'] == 'Nothing to tell'
-        assert data['data']['imperial_units'] is False
+        assert data['data']['first_name'] == 'John'
         assert data['data']['location'] == 'Somewhere'
-        assert data['data']['timezone'] is None
-        assert data['data']['weekm'] is False
-        assert data['data']['language'] is None
-        assert data['data']['nb_sports'] == 0
-        assert data['data']['nb_workouts'] == 0
-        assert data['data']['records'] == []
-        assert data['data']['sports_list'] == []
-        assert data['data']['total_distance'] == 0
-        assert data['data']['total_duration'] == '0:00:00'
+        assert data['data']['last_name'] == 'Doe'
 
     def test_it_updates_user_profile_without_password(
         self, app: Flask, user_1: User
@@ -657,29 +606,15 @@ def test_it_updates_user_profile_without_password(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert data['message'] == 'user profile updated'
-        assert response.status_code == 200
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert not data['data']['admin']
-        assert data['data']['created_at']
-        assert data['data']['first_name'] == 'John'
-        assert data['data']['last_name'] == 'Doe'
         assert data['data']['birth_date']
         assert data['data']['bio'] == 'Nothing to tell'
-        assert data['data']['imperial_units'] is False
+        assert data['data']['first_name'] == 'John'
         assert data['data']['location'] == 'Somewhere'
-        assert data['data']['timezone'] is None
-        assert data['data']['weekm'] is False
-        assert data['data']['language'] is None
-        assert data['data']['nb_sports'] == 0
-        assert data['data']['nb_workouts'] == 0
-        assert data['data']['records'] == []
-        assert data['data']['sports_list'] == []
-        assert data['data']['total_distance'] == 0
-        assert data['data']['total_duration'] == '0:00:00'
+        assert data['data']['last_name'] == 'Doe'
 
     def test_it_returns_error_if_fields_are_missing(
         self, app: Flask, user_1: User
@@ -800,34 +735,23 @@ def test_it_updates_user_preferences(
                     weekm=True,
                     language='fr',
                     imperial_units=True,
+                    map_visibility='followers_only',
+                    workouts_visibility='public',
                 )
             ),
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert data['message'] == 'user preferences updated'
-        assert response.status_code == 200
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert not data['data']['admin']
-        assert data['data']['created_at']
-        assert data['data']['first_name'] is None
-        assert data['data']['last_name'] is None
-        assert data['data']['birth_date'] is None
-        assert data['data']['bio'] is None
         assert data['data']['imperial_units']
-        assert data['data']['location'] is None
         assert data['data']['timezone'] == 'America/New_York'
         assert data['data']['weekm'] is True
         assert data['data']['language'] == 'fr'
-        assert data['data']['nb_sports'] == 0
-        assert data['data']['nb_workouts'] == 0
-        assert data['data']['records'] == []
-        assert data['data']['sports_list'] == []
-        assert data['data']['total_distance'] == 0
-        assert data['data']['total_duration'] == '0:00:00'
+        assert data['data']['map_visibility'] == 'followers_only'
+        assert data['data']['workouts_visibility'] == 'public'
 
     def test_it_returns_error_if_fields_are_missing(
         self, app: Flask, user_1: User
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 1efc3144c..790a13f10 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -1,59 +1,20 @@
 import json
 from datetime import datetime, timedelta
 from io import BytesIO
-from typing import Dict
 from unittest.mock import patch
 
 from flask import Flask
 
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import User, UserSportPreference
+from fittrackee.users.roles import UserRole
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import jsonify_dict
 
 
-class GetUserTestCase(ApiTestCaseMixin):
-    @staticmethod
-    def assert_user(user_dict: Dict, user: User) -> None:
-        assert user_dict['username'] == user.username
-        assert user_dict['created_at'] == user.created_at.strftime(
-            '%a, %d %b %Y %H:%M:%S GMT'
-        )
-        assert user_dict['admin'] == user.admin
-        assert user_dict['bio'] is None
-        assert user_dict['birth_date'] is None
-        assert user_dict['first_name'] is None
-        assert user_dict['followers'] == 0
-        assert user_dict['following'] == 0
-        assert user_dict['is_remote'] is False
-        assert user_dict['last_name'] is None
-        assert user_dict['location'] is None
-        assert 'imperial_units' not in user_dict
-        assert 'language' not in user_dict
-        assert 'timezone' not in user_dict
-        assert 'weekm' not in user_dict
-
-    @staticmethod
-    def assert_user_2_without_workouts(user_dict: Dict) -> None:
-        assert user_dict['nb_sports'] == 0
-        assert user_dict['nb_workouts'] == 0
-        assert user_dict['records'] == []
-        assert user_dict['sports_list'] == []
-        assert user_dict['total_distance'] == 0
-        assert user_dict['total_duration'] == '0:00:00'
-
-    @staticmethod
-    def assert_user_1_with_workouts(user_dict: Dict) -> None:
-        assert user_dict['nb_sports'] == 2
-        assert user_dict['nb_workouts'] == 2
-        assert len(user_dict['records']) == 8
-        assert user_dict['sports_list'] == [1, 2]
-        assert user_dict['total_distance'] == 22
-        assert user_dict['total_duration'] == '2:40:00'
-
-
-class TestGetUserAsAdmin(GetUserTestCase):
+class TestGetUserAsAdmin(ApiTestCaseMixin):
     def test_it_gets_single_user_without_workouts(
         self, app: Flask, user_1_admin: User, user_2: User
     ) -> None:
@@ -67,16 +28,41 @@ def test_it_gets_single_user_without_workouts(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
-        user = data['data']['users'][0]
-        self.assert_user(user, user_2)
-        self.assert_user_2_without_workouts(user)
-        assert user['email'] == user_2.email
+        assert data['data']['users'][0] == jsonify_dict(
+            user_2.serialize(role=UserRole.ADMIN)
+        )
 
     def test_it_gets_single_user_with_workouts(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0] == jsonify_dict(
+            user_2.serialize(role=UserRole.ADMIN)
+        )
+
+    def test_it_gets_authenticated_user(
         self,
         app: Flask,
         user_1_admin: User,
@@ -95,14 +81,13 @@ def test_it_gets_single_user_with_workouts(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
-        user = data['data']['users'][0]
-        self.assert_user(user, user_1_admin)
-        self.assert_user_1_with_workouts(user)
-        assert user['email'] == user_1_admin.email
+        assert data['data']['users'][0] == jsonify_dict(
+            user_1_admin.serialize(role=UserRole.ADMIN)
+        )
 
     def test_it_returns_error_if_user_does_not_exist(
         self, app: Flask, user_1: User
@@ -116,14 +101,14 @@ def test_it_returns_error_if_user_does_not_exist(
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
-        data = json.loads(response.data.decode())
 
         assert response.status_code == 404
+        data = json.loads(response.data.decode())
         assert 'not found' in data['status']
         assert 'user does not exist' in data['message']
 
 
-class TestGetUserAsUser(GetUserTestCase):
+class TestGetUserAsUser(ApiTestCaseMixin):
     def test_it_gets_single_user_without_workouts(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
@@ -137,42 +122,62 @@ def test_it_gets_single_user_without_workouts(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
-        user = data['data']['users'][0]
-        self.assert_user(user, user_2)
-        self.assert_user_2_without_workouts(user)
-        assert 'email' not in user
+        assert data['data']['users'][0] == jsonify_dict(
+            user_2.serialize(role=UserRole.USER)
+        )
 
     def test_it_gets_single_user_with_workouts(
         self,
         app: Flask,
         user_1: User,
+        user_2: User,
         sport_1_cycling: Sport,
-        sport_2_running: Sport,
-        workout_cycling_user_1: Workout,
-        workout_running_user_1: Workout,
+        workout_cycling_user_2: Workout,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
 
         response = client.get(
-            f'/api/users/{user_1.username}',
+            f'/api/users/{user_2.username}',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
         data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0] == jsonify_dict(
+            user_2.serialize(role=UserRole.USER)
+        )
+
+    def test_it_gets_authenticated_user(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
-        user = data['data']['users'][0]
-        self.assert_user(user, user_1)
-        self.assert_user_1_with_workouts(user)
-        assert 'email' not in user
+        assert data['data']['users'][0] == jsonify_dict(
+            user_1.serialize(role=UserRole.USER)
+        )
 
     def test_it_returns_error_if_user_does_not_exist(
         self, app: Flask, user_1: User
@@ -186,6 +191,61 @@ def test_it_returns_error_if_user_does_not_exist(
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+
+class TestGetUserAsUnauthenticatedUser(ApiTestCaseMixin):
+    def test_it_gets_single_user_without_workouts(
+        self, app: Flask, user_2: User
+    ) -> None:
+        client = app.test_client()
+
+        response = client.get(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0] == jsonify_dict(user_2.serialize())
+
+    def test_it_gets_single_user_with_workouts(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        client = app.test_client()
+
+        response = client.get(
+            f'/api/users/{user_1.username}',
+            content_type='application/json',
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0] == jsonify_dict(user_1.serialize())
+
+    def test_it_returns_error_if_user_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client = app.test_client()
+
+        response = client.get(
+            '/api/users/not_existing',
+            content_type='application/json',
+        )
         data = json.loads(response.data.decode())
 
         assert response.status_code == 404
@@ -193,7 +253,7 @@ def test_it_returns_error_if_user_does_not_exist(
         assert 'user does not exist' in data['message']
 
 
-class TestGetUsersAsAdmin(GetUserTestCase):
+class TestGetUsersAsAdmin(ApiTestCaseMixin):
     def test_it_gets_users_list(
         self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
@@ -206,52 +266,19 @@ def test_it_gets_users_list(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'created_at' in data['data']['users'][0]
-        assert 'created_at' in data['data']['users'][1]
-        assert 'created_at' in data['data']['users'][2]
-        assert 'admin' in data['data']['users'][0]['username']
-        assert 'sam' in data['data']['users'][1]['username']
-        assert 'toto' in data['data']['users'][2]['username']
-        assert 'admin@example.com' in data['data']['users'][0]['email']
-        assert 'sam@test.com' in data['data']['users'][1]['email']
-        assert 'toto@toto.com' in data['data']['users'][2]['email']
-        assert data['data']['users'][0]['is_remote'] is False
-        assert data['data']['users'][0]['nb_sports'] == 0
-        assert data['data']['users'][0]['nb_workouts'] == 0
-        assert data['data']['users'][0]['records'] == []
-        assert data['data']['users'][0]['sports_list'] == []
-        assert data['data']['users'][0]['total_distance'] == 0
-        assert data['data']['users'][0]['total_duration'] == '0:00:00'
-        assert data['data']['users'][1]['is_remote'] is False
-        assert data['data']['users'][1]['records'] == []
-        assert data['data']['users'][1]['nb_sports'] == 0
-        assert data['data']['users'][1]['nb_workouts'] == 0
-        assert data['data']['users'][1]['sports_list'] == []
-        assert data['data']['users'][1]['total_distance'] == 0
-        assert data['data']['users'][1]['total_duration'] == '0:00:00'
-        assert data['data']['users'][2]['is_remote'] is False
-        assert data['data']['users'][2]['nb_sports'] == 0
-        assert data['data']['users'][2]['nb_workouts'] == 0
-        assert data['data']['users'][2]['records'] == []
-        assert data['data']['users'][2]['sports_list'] == []
-        assert data['data']['users'][2]['total_distance'] == 0
-        assert data['data']['users'][2]['total_duration'] == '0:00:00'
-        assert 'imperial_units' not in data['data']['users'][0]
-        assert 'imperial_units' not in data['data']['users'][1]
-        assert 'imperial_units' not in data['data']['users'][2]
-        assert 'language' not in data['data']['users'][0]
-        assert 'language' not in data['data']['users'][1]
-        assert 'language' not in data['data']['users'][2]
-        assert 'timezone' not in data['data']['users'][0]
-        assert 'timezone' not in data['data']['users'][1]
-        assert 'timezone' not in data['data']['users'][2]
-        assert 'weekm' not in data['data']['users'][0]
-        assert 'weekm' not in data['data']['users'][1]
-        assert 'weekm' not in data['data']['users'][2]
+        assert data['data']['users'][0] == jsonify_dict(
+            user_1_admin.serialize(role=UserRole.ADMIN)
+        )
+        assert data['data']['users'][1] == jsonify_dict(
+            user_3.serialize(role=UserRole.ADMIN)
+        )
+        assert data['data']['users'][2] == jsonify_dict(
+            user_2.serialize(role=UserRole.ADMIN)
+        )
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
@@ -281,52 +308,20 @@ def test_it_gets_users_list_with_workouts(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
-        assert 'created_at' in data['data']['users'][0]
-        assert 'created_at' in data['data']['users'][1]
-        assert 'created_at' in data['data']['users'][2]
-        assert 'admin' in data['data']['users'][0]['username']
-        assert 'sam' in data['data']['users'][1]['username']
-        assert 'toto' in data['data']['users'][2]['username']
-        assert 'admin@example.com' in data['data']['users'][0]['email']
-        assert 'sam@test.com' in data['data']['users'][1]['email']
-        assert 'toto@toto.com' in data['data']['users'][2]['email']
-        assert data['data']['users'][0]['is_remote'] is False
-        assert data['data']['users'][0]['nb_sports'] == 2
-        assert data['data']['users'][0]['nb_workouts'] == 2
-        assert len(data['data']['users'][0]['records']) == 8
-        assert data['data']['users'][0]['sports_list'] == [1, 2]
-        assert data['data']['users'][0]['total_distance'] == 22.0
-        assert data['data']['users'][0]['total_duration'] == '2:40:00'
-        assert data['data']['users'][1]['is_remote'] is False
-        assert data['data']['users'][1]['nb_sports'] == 0
-        assert data['data']['users'][1]['nb_workouts'] == 0
-        assert len(data['data']['users'][1]['records']) == 0
-        assert data['data']['users'][1]['sports_list'] == []
-        assert data['data']['users'][1]['total_distance'] == 0
-        assert data['data']['users'][1]['total_duration'] == '0:00:00'
-        assert data['data']['users'][2]['is_remote'] is False
-        assert data['data']['users'][2]['nb_sports'] == 1
-        assert data['data']['users'][2]['nb_workouts'] == 1
-        assert len(data['data']['users'][2]['records']) == 4
-        assert data['data']['users'][2]['sports_list'] == [1]
-        assert data['data']['users'][2]['total_distance'] == 15
-        assert data['data']['users'][2]['total_duration'] == '1:00:00'
-        assert 'imperial_units' not in data['data']['users'][0]
-        assert 'imperial_units' not in data['data']['users'][1]
-        assert 'imperial_units' not in data['data']['users'][2]
-        assert 'language' not in data['data']['users'][0]
-        assert 'language' not in data['data']['users'][1]
-        assert 'language' not in data['data']['users'][2]
-        assert 'timezone' not in data['data']['users'][0]
-        assert 'timezone' not in data['data']['users'][1]
-        assert 'timezone' not in data['data']['users'][2]
-        assert 'weekm' not in data['data']['users'][0]
-        assert 'weekm' not in data['data']['users'][1]
-        assert 'weekm' not in data['data']['users'][2]
+        assert data['data']['users'][0] == jsonify_dict(
+            user_1_admin.serialize(role=UserRole.ADMIN)
+        )
+
+        assert data['data']['users'][1] == jsonify_dict(
+            user_3.serialize(role=UserRole.ADMIN)
+        )
+        assert data['data']['users'][2] == jsonify_dict(
+            user_2.serialize(role=UserRole.ADMIN)
+        )
         assert data['pagination'] == {
             'has_next': False,
             'has_prev': False,
@@ -352,8 +347,8 @@ def test_it_gets_first_page_on_users_list(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 2
         assert data['pagination'] == {
@@ -381,8 +376,8 @@ def test_it_gets_next_page_on_users_list(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
         assert data['pagination'] == {
@@ -409,8 +404,8 @@ def test_it_gets_empty_next_page_on_users_list(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 0
         assert data['pagination'] == {
@@ -437,8 +432,8 @@ def test_it_gets_user_list_with_2_per_page(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 2
         assert data['pagination'] == {
@@ -465,8 +460,8 @@ def test_it_gets_next_page_on_user_list_with_2_per_page(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
         assert data['pagination'] == {
@@ -489,8 +484,8 @@ def test_it_gets_users_list_ordered_by_username(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
@@ -516,8 +511,8 @@ def test_it_gets_users_list_ordered_by_username_ascending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
@@ -543,8 +538,8 @@ def test_it_gets_users_list_ordered_by_username_descending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
@@ -573,8 +568,8 @@ def test_it_gets_users_list_ordered_by_creation_date(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
@@ -603,8 +598,8 @@ def test_it_gets_users_list_ordered_by_creation_date_ascending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
@@ -633,8 +628,8 @@ def test_it_gets_users_list_ordered_by_creation_date_descending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
@@ -660,8 +655,8 @@ def test_it_gets_users_list_ordered_by_admin_rights(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
@@ -687,8 +682,8 @@ def test_it_gets_users_list_ordered_by_admin_rights_ascending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
@@ -714,8 +709,8 @@ def test_it_gets_users_list_ordered_by_admin_rights_descending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
@@ -747,8 +742,8 @@ def test_it_gets_users_list_ordered_by_workouts_count(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
@@ -783,8 +778,8 @@ def test_it_gets_users_list_ordered_by_workouts_count_ascending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'admin' in data['data']['users'][0]['username']
@@ -819,8 +814,8 @@ def test_it_gets_users_list_ordered_by_workouts_count_descending(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert 'toto' in data['data']['users'][0]['username']
@@ -849,8 +844,8 @@ def test_it_gets_users_list_filtering_on_username(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
         assert 'toto' in data['data']['users'][0]['username']
@@ -874,8 +869,8 @@ def test_it_returns_empty_users_list_filtering_on_username(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 0
         assert data['pagination'] == {
@@ -898,8 +893,8 @@ def test_it_users_list_with_complex_query(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
         assert 'admin' in data['data']['users'][0]['username']
@@ -945,8 +940,8 @@ def test_it_return_error_if_user_has_no_picture(
 
         response = client.get(f'/api/users/{user_1.username}/picture')
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 404
+        data = json.loads(response.data.decode())
         assert 'not found' in data['status']
         assert 'No picture.' in data['message']
 
@@ -957,8 +952,8 @@ def test_it_returns_error_if_user_does_not_exist(
 
         response = client.get('/api/users/not_existing/picture')
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 404
+        data = json.loads(response.data.decode())
         assert 'not found' in data['status']
         assert 'user does not exist' in data['message']
 
@@ -978,8 +973,8 @@ def test_it_adds_admin_rights_to_a_user(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
         user = data['data']['users'][0]
@@ -1000,8 +995,8 @@ def test_it_removes_admin_rights_to_a_user(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 200
+        data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['users']) == 1
 
@@ -1023,8 +1018,8 @@ def test_it_returns_error_if_payload_for_admin_rights_is_empty(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'invalid payload' in data['message']
 
@@ -1042,8 +1037,8 @@ def test_it_returns_error_if_payload_for_admin_rights_is_invalid(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 500
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert (
             'error, please try again or contact the administrator'
@@ -1064,8 +1059,8 @@ def test_it_returns_error_if_user_can_not_change_admin_rights(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 403
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'you do not have permissions' in data['message']
 
@@ -1162,8 +1157,8 @@ def test_user_can_not_delete_another_user_account(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 403
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'you do not have permissions' in data['message']
 
@@ -1179,8 +1174,8 @@ def test_it_returns_error_when_deleting_non_existing_user(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 404
+        data = json.loads(response.data.decode())
         assert 'not found' in data['status']
         assert 'user does not exist' in data['message']
 
@@ -1224,8 +1219,8 @@ def test_admin_can_not_delete_its_own_account_if_no_other_admin(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 403
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert (
             'you can not delete your account, no other user has admin rights'
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 872ee3a3a..356c4aa34 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -29,19 +29,22 @@ def assert_serialized_used(serialized_user: Dict) -> None:
         assert serialized_user['location'] is None
         assert serialized_user['birth_date'] is None
         assert serialized_user['picture'] is False
-        assert serialized_user['nb_sports'] == 0
+        assert serialized_user['map_visibility'] == 'private'
         assert serialized_user['nb_workouts'] == 0
-        assert serialized_user['records'] == []
-        assert serialized_user['sports_list'] == []
-        assert serialized_user['total_distance'] == 0
-        assert serialized_user['total_duration'] == '0:00:00'
+        assert serialized_user['workouts_visibility'] == 'private'
 
     def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
         assert '<User \'test\'>' == str(user_1)
 
         serialized_user = user_1.serialize(role=UserRole.AUTH_USER)
+
         self.assert_serialized_used(serialized_user)
         assert 'test@test.com' == serialized_user['email']
+        assert serialized_user['nb_sports'] == 0
+        assert serialized_user['records'] == []
+        assert serialized_user['sports_list'] == []
+        assert serialized_user['total_distance'] == 0
+        assert serialized_user['total_duration'] == '0:00:00'
         assert serialized_user['imperial_units'] is False
         assert serialized_user['language'] is None
         assert serialized_user['timezone'] is None
@@ -51,8 +54,14 @@ def test_user_model_as_admin(self, app: Flask, user_1: User) -> None:
         assert '<User \'test\'>' == str(user_1)
 
         serialized_user = user_1.serialize(role=UserRole.ADMIN)
+
         self.assert_serialized_used(serialized_user)
         assert 'test@test.com' == serialized_user['email']
+        assert serialized_user['nb_sports'] == 0
+        assert serialized_user['records'] == []
+        assert serialized_user['sports_list'] == []
+        assert serialized_user['total_distance'] == 0
+        assert serialized_user['total_duration'] == '0:00:00'
         assert 'imperial_units' not in serialized_user
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
@@ -64,7 +73,13 @@ def test_user_model_as_regular_user(
         assert '<User \'test\'>' == str(user_1)
 
         serialized_user = user_1.serialize(role=UserRole.USER)
+
         self.assert_serialized_used(serialized_user)
+        assert serialized_user['nb_sports'] == 0
+        assert serialized_user['records'] == []
+        assert serialized_user['sports_list'] == []
+        assert serialized_user['total_distance'] == 0
+        assert serialized_user['total_duration'] == '0:00:00'
         assert 'email' not in serialized_user
         assert 'imperial_units' not in serialized_user
         assert 'language' not in serialized_user
@@ -77,8 +92,14 @@ def test_user_model_when_no_role_provided(
         assert '<User \'test\'>' == str(user_1)
 
         serialized_user = user_1.serialize()
+
         self.assert_serialized_used(serialized_user)
         assert 'email' not in serialized_user
+        assert 'nb_sports' not in serialized_user
+        assert 'sports_list' not in serialized_user
+        assert 'records' not in serialized_user
+        assert 'total_distance' not in serialized_user
+        assert 'total_duration' not in serialized_user
         assert 'imperial_units' not in serialized_user
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
@@ -104,7 +125,7 @@ def test_it_returns_user_records(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        serialized_user = user_1.serialize()
+        serialized_user = user_1.serialize(role=UserRole.USER)
         assert len(serialized_user['records']) == 4
         assert serialized_user['records'][0]['record_type'] == 'AS'
         assert serialized_user['records'][0]['sport_id'] == sport_1_cycling.id
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index c81e7d174..e551a81bd 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -2,9 +2,10 @@
 import string
 from dataclasses import dataclass
 from datetime import datetime
-from json import dumps
+from json import dumps, loads
 from typing import Dict, Optional, Union
 
+from flask import json as flask_json
 from requests import Response
 
 from fittrackee import db
@@ -142,3 +143,7 @@ def generate_follow_request(follower: User, followed: User) -> FollowRequest:
     db.session.add(follow_request)
     db.session.commit()
     return follow_request
+
+
+def jsonify_dict(data: Dict) -> Dict:
+    return loads(flask_json.dumps(data))
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index eab5aea0a..1e98c9362 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -27,6 +27,7 @@
 
 from .decorators import authenticate
 from .models import User, UserSportPreference
+from .privacy_levels import PrivacyLevel
 from .roles import UserRole
 from .utils.controls import check_passwords, register_controls
 from .utils.token import decode_user_token
@@ -324,6 +325,7 @@ def get_authenticated_user_profile(
           "language": "en",
           "last_name": null,
           "location": null,
+          "map_visibility": "private",
           "nb_sports": 3,
           "nb_workouts": 6,
           "picture": false,
@@ -374,7 +376,8 @@ def get_authenticated_user_profile(
           "total_distance": 67.895,
           "total_duration": "6:50:27",
           "username": "sam",
-          "weekm": false
+          "weekm": false,
+          "workouts_visibility": "private"
         },
         "status": "success"
       }
@@ -429,6 +432,7 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
           "language": "en",
           "last_name": null,
           "location": null,
+          "map_visibility": "private",
           "nb_sports": 3,
           "nb_workouts": 6,
           "picture": false,
@@ -480,6 +484,7 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
           "total_duration": "6:50:27",
           "username": "sam"
           "weekm": true,
+          "workouts_visibility": "private"
         },
         "message": "user profile updated",
         "status": "success"
@@ -594,6 +599,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
           "language": "en",
           "last_name": null,
           "location": null,
+          "map_visibility": "followers_only",
           "nb_sports": 3,
           "nb_workouts": 6,
           "picture": false,
@@ -643,8 +649,9 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
           "timezone": "Europe/Paris",
           "total_distance": 67.895,
           "total_duration": "6:50:27",
-          "username": "sam"
+          "username": "sam",
           "weekm": true,
+          "workouts_visibility": "public"
         },
         "message": "user preferences updated",
         "status": "success"
@@ -653,6 +660,10 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
     :<json string timezone: user time zone
     :<json string weekm: does week start on Monday?
     :<json string language: language preferences
+    :<json string map_visibility: workouts map visibility
+                                  ('public', 'followers_only', 'private')
+    :<json string workouts_visibility: user workouts visibility
+                                      ('public', 'followers_only', 'private')
 
     :reqheader Authorization: OAuth 2.0 Bearer Token
 
@@ -674,6 +685,8 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
         'language',
         'timezone',
         'weekm',
+        'map_visibility',
+        'workouts_visibility',
     }
     if not post_data or not post_data.keys() >= user_mandatory_data:
         return InvalidPayloadErrorResponse()
@@ -682,12 +695,16 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
     language = post_data.get('language')
     timezone = post_data.get('timezone')
     weekm = post_data.get('weekm')
+    map_visibility = post_data.get('map_visibility')
+    workouts_visibility = post_data.get('workouts_visibility')
 
     try:
         auth_user.imperial_units = imperial_units
         auth_user.language = language
         auth_user.timezone = timezone
         auth_user.weekm = weekm
+        auth_user.map_visibility = PrivacyLevel(map_visibility)
+        auth_user.workouts_visibility = PrivacyLevel(workouts_visibility)
         db.session.commit()
 
         return {
diff --git a/fittrackee/users/decorators.py b/fittrackee/users/decorators.py
index e3215b6c0..1e68e5987 100644
--- a/fittrackee/users/decorators.py
+++ b/fittrackee/users/decorators.py
@@ -1,9 +1,10 @@
 from functools import wraps
-from typing import Any, Callable, Union
+from typing import Any, Callable, Optional, Union
 
-from flask import request
+from flask import Request, request
 
 from fittrackee.responses import HttpResponse
+from fittrackee.users.models import User
 
 from .utils.controls import verify_user
 
@@ -37,3 +38,30 @@ def decorated_function(
         return verify_auth_user(f, verify_admin, *args, **kwargs)
 
     return decorated_function
+
+
+def get_auth_user(
+    current_request: Request,
+) -> Optional[User]:
+    """
+    Return user if a user is authenticated
+    """
+    user = None
+    auth_header = current_request.headers.get('Authorization')
+    if auth_header:
+        auth_token = auth_header.split(' ')[1]
+        resp = User.decode_auth_token(auth_token)
+        if isinstance(resp, int):
+            user = User.query.filter_by(id=resp).first()
+    return user
+
+
+def get_auth_user_if_authenticated(f: Callable) -> Callable:
+    @wraps(f)
+    def decorated_function(
+        *args: Any, **kwargs: Any
+    ) -> Union[Callable, HttpResponse]:
+        user = get_auth_user(request)
+        return f(user, *args, **kwargs)
+
+    return decorated_function
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 1fd467066..8d02dfb20 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -6,6 +6,7 @@
 from sqlalchemy import and_, func
 from sqlalchemy.ext.hybrid import hybrid_property
 from sqlalchemy.sql.expression import select
+from sqlalchemy.types import Enum
 
 from fittrackee import BaseModel, bcrypt, db
 from fittrackee.federation.constants import AP_CTX
@@ -20,6 +21,7 @@
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
+from .privacy_levels import PrivacyLevel
 from .roles import UserRole
 from .utils.token import decode_user_token, get_user_token
 
@@ -134,6 +136,12 @@ class User(BaseModel):
         db.Boolean, default=True, nullable=False
     )
     is_remote = db.Column(db.Boolean, default=False, nullable=False)
+    workouts_visibility = db.Column(
+        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+    )
+    map_visibility = db.Column(
+        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+    )
 
     workouts = db.relationship(
         'Workout',
@@ -347,7 +355,6 @@ def create_actor(self) -> None:
 
     def serialize(self, role: Optional[UserRole] = None) -> Dict:
         sports = []
-        total = (0, '0:00:00')
         if self.workouts_count > 0:  # type: ignore
             sports = (
                 db.session.query(Workout.sport_id)
@@ -356,13 +363,7 @@ def serialize(self, role: Optional[UserRole] = None) -> Dict:
                 .order_by(Workout.sport_id)
                 .all()
             )
-            total = (
-                db.session.query(
-                    func.sum(Workout.distance), func.sum(Workout.duration)
-                )
-                .filter(Workout.user_id == self.id)
-                .first()
-            )
+
         serialized_user = {
             'admin': self.admin,
             'bio': self.bio,
@@ -374,18 +375,34 @@ def serialize(self, role: Optional[UserRole] = None) -> Dict:
             'is_remote': self.is_remote,
             'last_name': self.last_name,
             'location': self.location,
-            'nb_sports': len(sports),
+            'map_visibility': self.map_visibility.value,
             'nb_workouts': self.workouts_count,
             'picture': self.picture is not None,
-            'records': [record.serialize() for record in self.records],
-            'sports_list': [
-                sport for sportslist in sports for sport in sportslist
-            ],
-            'total_distance': float(total[0]),
-            'total_duration': str(total[1]),
+            'workouts_visibility': self.workouts_visibility.value,
             'username': self.username,
         }
 
+        if role is not None:
+            total = (0, '0:00:00')
+            if self.workouts_count > 0:  # type: ignore
+                total = (
+                    db.session.query(
+                        func.sum(Workout.distance), func.sum(Workout.duration)
+                    )
+                    .filter(Workout.user_id == self.id)
+                    .first()
+                )
+
+            serialized_user['nb_sports'] = len(sports)
+            serialized_user['records'] = [
+                record.serialize() for record in self.records
+            ]
+            serialized_user['sports_list'] = [
+                sport for sportslist in sports for sport in sportslist
+            ]
+            serialized_user['total_distance'] = float(total[0])
+            serialized_user['total_duration'] = str(total[1])
+
         if role in [UserRole.AUTH_USER, UserRole.ADMIN]:
             serialized_user['email'] = self.email
 
diff --git a/fittrackee/users/privacy_levels.py b/fittrackee/users/privacy_levels.py
new file mode 100644
index 000000000..744c866c3
--- /dev/null
+++ b/fittrackee/users/privacy_levels.py
@@ -0,0 +1,7 @@
+from enum import Enum
+
+
+class PrivacyLevel(Enum):
+    PUBLIC = 'public'
+    FOLLOWERS = 'followers_only'
+    PRIVATE = 'private'
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 70609bcfc..9596bdca7 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -1,6 +1,6 @@
 import os
 import shutil
-from typing import Any, Dict, Tuple, Union
+from typing import Any, Dict, Optional, Tuple, Union
 
 import click
 from flask import Blueprint, request, send_file
@@ -25,7 +25,11 @@
 )
 from fittrackee.workouts.models import Record, Workout, WorkoutSegment
 
-from .decorators import authenticate, authenticate_as_admin
+from .decorators import (
+    authenticate,
+    authenticate_as_admin,
+    get_auth_user_if_authenticated,
+)
 from .exceptions import (
     FollowRequestAlreadyRejectedError,
     UserNotFoundException,
@@ -152,6 +156,7 @@ def get_users(auth_user: User) -> Dict:
               "is_remote": false,
               "last_name": null,
               "location": null,
+              "map_visibility": "private",
               "nb_sports": 3,
               "nb_workouts": 6,
               "picture": false,
@@ -200,7 +205,8 @@ def get_users(auth_user: User) -> Dict:
               ],
               "total_distance": 67.895,
               "total_duration": "6:50:27",
-              "username": "admin"
+              "username": "admin",
+              "workouts_visibility": "private"
             },
             {
               "admin": false,
@@ -214,6 +220,7 @@ def get_users(auth_user: User) -> Dict:
               "is_remote": false,
               "last_name": null,
               "location": null,
+              "map_visibility": "private",
               "nb_sports": 0,
               "nb_workouts": 0,
               "picture": false,
@@ -221,7 +228,8 @@ def get_users(auth_user: User) -> Dict:
               "sports_list": [],
               "total_distance": 0,
               "total_duration": "0:00:00",
-              "username": "sam"
+              "username": "sam",
+              "workouts_visibility": "private"
             }
           ]
         },
@@ -295,6 +303,7 @@ def get_remote_users(
               "is_remote": true,
               "last_name": null,
               "location": null,
+              "map_visibility": "private",
               "nb_sports": 0,
               "nb_workouts": 0,
               "picture": false,
@@ -302,7 +311,8 @@ def get_remote_users(
               "sports_list": [],
               "total_distance": 0,
               "total_duration": "0:00:00",
-              "username": "sam"
+              "username": "sam",
+              "workouts_visibility": "private"
             }
           ]
         },
@@ -331,9 +341,9 @@ def get_remote_users(
 
 
 @users_blueprint.route('/users/<user_name>', methods=['GET'])
-@authenticate
+@get_auth_user_if_authenticated
 def get_single_user(
-    auth_user: User, user_name: str
+    auth_user: Optional[User], user_name: str
 ) -> Union[Dict, HttpResponse]:
     """
     Get single user details.
@@ -348,6 +358,8 @@ def get_single_user(
 
     **Example response**:
 
+    - when a user is authenticated:
+
     .. sourcecode:: http
 
       HTTP/1.1 200 OK
@@ -367,6 +379,7 @@ def get_single_user(
             "is_remote": false,
             "last_name": null,
             "location": null,
+            "map_visibility": "private",
             "nb_sports": 3,
             "nb_workouts": 6,
             "picture": false,
@@ -415,7 +428,39 @@ def get_single_user(
             ],
             "total_distance": 67.895,
             "total_duration": "6:50:27",
-            "username": "admin"
+            "username": "admin",
+            "workouts_visibility": "private"
+          }
+        ],
+        "status": "success"
+      }
+
+    - when no authentication:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": [
+          {
+            "admin": true,
+            "bio": null,
+            "birth_date": null,
+            "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
+            "email": "admin@example.com",
+            "first_name": null,
+            "followers": 0,
+            "following": 0,
+            "is_remote": false,
+            "last_name": null,
+            "location": null,
+            "map_visibility": "private",
+            "nb_workouts": 6,
+            "picture": false,
+            "username": "admin",
+            "workouts_visibility": "private"
           }
         ],
         "status": "success"
@@ -423,7 +468,7 @@ def get_single_user(
 
     :param integer user_name: user name
 
-    :reqheader Authorization: OAuth 2.0 Bearer Token
+    :reqheader Authorization: OAuth 2.0 Bearer Token if user is authenticated
 
     :statuscode 200: success
     :statuscode 401:
@@ -433,9 +478,11 @@ def get_single_user(
     :statuscode 404:
         - user does not exist
     """
+    role = None
+    if auth_user is not None:
+        role = UserRole.ADMIN if auth_user.admin else UserRole.USER
     try:
         user = User.query.filter_by(username=user_name).first()
-        role = UserRole.ADMIN if auth_user.admin else UserRole.USER
         if user:
             return {
                 'status': 'success',
@@ -520,6 +567,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
             "is_remote": false,
             "last_name": null,
             "location": null,
+            "map_visibility": "private",
             "nb_workouts": 6,
             "nb_sports": 3,
             "picture": false,
@@ -568,7 +616,8 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
             ],
             "total_distance": 67.895,
             "total_duration": "6:50:27",
-            "username": "admin"
+            "username": "admin",
+            "workouts_visibility": "private"
           }
         ],
         "status": "success"
@@ -867,6 +916,7 @@ def get_followers(
               "is_remote": false,
               "last_name": null,
               "location": null,
+              "map_visibility": "followers_only",
               "nb_sports": 0,
               "nb_workouts": 0,
               "picture": false,
@@ -874,7 +924,8 @@ def get_followers(
               "sports_list": [],
               "total_distance": 0.0,
               "total_duration": "0:00:00",
-              "username": "JohnDoe"
+              "username": "JohnDoe",
+              "workouts_visibility": "followers_only"
             }
           ]
         },
@@ -955,6 +1006,7 @@ def get_following(
               "is_remote": false,
               "last_name": null,
               "location": null,
+              "map_visibility": "followers_only",
               "nb_sports": 0,
               "nb_workouts": 0,
               "picture": false,
@@ -962,7 +1014,8 @@ def get_following(
               "sports_list": [],
               "total_distance": 0.0,
               "total_duration": "0:00:00",
-              "username": "JohnDoe"
+              "username": "JohnDoe",
+              "workouts_visibility": "followers_only"
             }
           ]
         },

From d811d6fbc951fe06552f5273914744d0c80f05f8 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 12:25:52 +0100
Subject: [PATCH 067/238] Client - add federation (de-)activation in
 application config

---
 .../Administration/AdminApplication.vue       | 45 +++++++++++++++++++
 .../components/Administration/AdminMenu.vue   | 22 +++++++--
 .../src/locales/en/administration.json        |  3 ++
 .../src/locales/fr/administration.json        |  3 ++
 fittrackee_client/src/types/application.ts    |  3 +-
 fittrackee_client/src/views/AdminView.vue     |  3 +-
 6 files changed, 73 insertions(+), 6 deletions(-)

diff --git a/fittrackee_client/src/components/Administration/AdminApplication.vue b/fittrackee_client/src/components/Administration/AdminApplication.vue
index 36c6a43b7..a0217ee10 100644
--- a/fittrackee_client/src/components/Administration/AdminApplication.vue
+++ b/fittrackee_client/src/components/Administration/AdminApplication.vue
@@ -4,6 +4,27 @@
       <template #title>{{ $t('admin.APP_CONFIG.TITLE') }}</template>
       <template #content>
         <form class="admin-form" @submit.prevent="onSubmit">
+          <div class="federation">
+            <label for="federation_enabled">
+              {{ $t('admin.APP_CONFIG.FEDERATION_ENABLED') }}:
+            </label>
+            <div class="federation-checkbox">
+              <input
+                v-if="edition"
+                id="federation_enabled"
+                name="federation_enabled"
+                type="checkbox"
+                v-model="appData.federation_enabled"
+              />
+              <i
+                v-else
+                :class="`fa fa${
+                  appData.federation_enabled ? '-check' : ''
+                }-square-o`"
+                aria-hidden="true"
+              />
+            </div>
+          </div>
           <label for="max_users">
             {{ $t('admin.APP_CONFIG.MAX_USERS_LABEL') }}:
             <input
@@ -109,6 +130,7 @@
   const router = useRouter()
 
   const appData: TAppConfigForm = reactive({
+    federation_enabled: false,
     max_users: 0,
     max_single_file_size: 0,
     max_zip_file_size: 0,
@@ -160,4 +182,27 @@
       margin-right: $default-margin;
     }
   }
+
+  .federation {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin: $default-margin 0;
+
+    .federation-checkbox {
+      width: 51%;
+      margin-right: $default-margin * 5;
+
+      input[type='checkbox'] {
+        margin-left: -$default-padding;
+      }
+
+      @media screen and (max-width: $medium-limit) {
+        margin-right: 0;
+        input[type='checkbox'] {
+          margin-left: -$default-padding;
+        }
+      }
+    }
+  }
 </style>
diff --git a/fittrackee_client/src/components/Administration/AdminMenu.vue b/fittrackee_client/src/components/Administration/AdminMenu.vue
index 450a92fb1..c26abc4c5 100644
--- a/fittrackee_client/src/components/Administration/AdminMenu.vue
+++ b/fittrackee_client/src/components/Administration/AdminMenu.vue
@@ -11,8 +11,17 @@
                 {{ $t('admin.APPLICATION') }}
               </router-link>
             </dt>
-            <dd>
-              {{ $t('admin.UPDATE_APPLICATION_DESCRIPTION') }}<br />
+            <dd class="application-config-details">
+              {{ $t('admin.UPDATE_APPLICATION_DESCRIPTION') }}
+              <span class="federation-status">
+                {{
+                  $t(
+                    `admin.FEDERATION_${
+                      appConfig.federation_enabled ? 'ENABLED' : 'DISABLED'
+                    }`
+                  )
+                }}
+              </span>
               <span class="registration-status">
                 {{
                   $t(
@@ -82,8 +91,13 @@
         dd {
           margin-bottom: $default-margin * 3;
         }
-        .registration-status {
-          font-weight: bold;
+        .application-config-details {
+          display: flex;
+          flex-direction: column;
+          .federation-status,
+          .registration-status {
+            font-weight: bold;
+          }
         }
       }
     }
diff --git a/fittrackee_client/src/locales/en/administration.json b/fittrackee_client/src/locales/en/administration.json
index e6fb4f5f5..5e089bf17 100644
--- a/fittrackee_client/src/locales/en/administration.json
+++ b/fittrackee_client/src/locales/en/administration.json
@@ -5,6 +5,7 @@
   "ADMINISTRATION": "Administration",
   "APPLICATION": "Application",
   "APP_CONFIG": {
+    "FEDERATION_ENABLED": "Federation enabled",
     "MAX_USERS_LABEL": "Max. number of active users",
     "MAX_USERS_HELP": "If 0, no limitation on registration.",
     "MAX_FILES_IN_ZIP_LABEL": "Max. files of zip archive",
@@ -16,6 +17,8 @@
   "CONFIRM_USER_ACCOUNT_DELETION": "Are you sure you want to delete {0} account? All data will be deleted, this cannot be undone.",
   "DELETE_USER": "Delete user",
   "ENABLE_DISABLE_SPORTS": "Enable/disable sports.",
+  "FEDERATION_DISABLED": "Federation is currently disabled.",
+  "FEDERATION_ENABLED": "Federation is currently enabled.",
   "REGISTRATION_DISABLED": "Registration is currently disabled.",
   "REGISTRATION_ENABLED": "Registration is currently enabled.",
   "SPORTS": {
diff --git a/fittrackee_client/src/locales/fr/administration.json b/fittrackee_client/src/locales/fr/administration.json
index b01cc3d2f..3dc43683c 100644
--- a/fittrackee_client/src/locales/fr/administration.json
+++ b/fittrackee_client/src/locales/fr/administration.json
@@ -5,6 +5,7 @@
   "ADMINISTRATION": "Administration",
   "APPLICATION": "Application",
   "APP_CONFIG": {
+    "FEDERATION_ENABLED": "Fédération activée",
     "MAX_USERS_LABEL": "Nombre maximum d'utilisateurs actifs ",
     "MAX_USERS_HELP": "Si égal à 0, pas limite d'inscription",
     "MAX_FILES_IN_ZIP_LABEL": "Taille max. des archives zip (en Mo) ",
@@ -16,6 +17,8 @@
   "CONFIRM_USER_ACCOUNT_DELETION": "Etes-vous sûr de vouloir supprimer le compte de {0} ? Toutes les données seront définitivement.",
   "DELETE_USER": "Supprimer l'utilisateur",
   "ENABLE_DISABLE_SPORTS": "Activer/désactiver des sports.",
+  "FEDERATION_DISABLED": "La fédération de l'instance est actuellement désactivée.",
+  "FEDERATION_ENABLED": "La fédération de l'instance est actuellement activée.",
   "REGISTRATION_DISABLED": "Les inscriptions sont actuellement désactivées.",
   "REGISTRATION_ENABLED": "Les inscriptions sont actuellement activées.",
   "SPORTS": {
diff --git a/fittrackee_client/src/types/application.ts b/fittrackee_client/src/types/application.ts
index 5a08d72d3..bc451df7d 100644
--- a/fittrackee_client/src/types/application.ts
+++ b/fittrackee_client/src/types/application.ts
@@ -23,7 +23,8 @@ export interface IApplication {
 }
 
 export type TAppConfigForm = {
-  [key: string]: number
+  [key: string]: number | boolean
+  federation_enabled: boolean
   gpx_limit_import: number
   max_single_file_size: number
   max_users: number
diff --git a/fittrackee_client/src/views/AdminView.vue b/fittrackee_client/src/views/AdminView.vue
index 8ba2b84db..cc91f2660 100644
--- a/fittrackee_client/src/views/AdminView.vue
+++ b/fittrackee_client/src/views/AdminView.vue
@@ -57,7 +57,8 @@
             margin: $default-margin 0;
             flex-wrap: wrap;
 
-            input {
+            input[type='text'],
+            input[type='number'] {
               width: 50%;
               font-size: 0.9em;
               margin-right: $default-margin * 5;

From 1f4b27b1aed0566ecd16a45b95a1e18209bd6a81 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 12:26:45 +0100
Subject: [PATCH 068/238] Client - add followers/ing count to user profile +
 update types (WIP)

---
 .../components/Common/StatsChart/index.vue    |  6 +++---
 .../User/ProfileDisplay/UserHeader.vue        | 20 ++++++++++++++++--
 .../User/ProfileDisplay/UserPreferences.vue   |  4 ++--
 .../components/User/UserSportPreferences.vue  |  4 ++--
 fittrackee_client/src/locales/en/user.json    |  2 ++
 fittrackee_client/src/locales/fr/user.json    |  2 ++
 .../src/store/modules/authUser/mutations.ts   |  6 +++---
 .../src/store/modules/authUser/state.ts       |  4 ++--
 .../src/store/modules/authUser/types.ts       |  8 +++----
 fittrackee_client/src/types/user.ts           | 21 ++++++++++++++-----
 10 files changed, 54 insertions(+), 23 deletions(-)

diff --git a/fittrackee_client/src/components/Common/StatsChart/index.vue b/fittrackee_client/src/components/Common/StatsChart/index.vue
index 96330c62e..dcab80b87 100644
--- a/fittrackee_client/src/components/Common/StatsChart/index.vue
+++ b/fittrackee_client/src/components/Common/StatsChart/index.vue
@@ -96,7 +96,7 @@
     TStatisticsFromApi,
     IStatisticsParams,
   } from '@/types/statistics'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { formatStats } from '@/utils/statistics'
 
@@ -111,7 +111,7 @@
         required: true,
       },
       user: {
-        type: Object as PropType<IUserProfile>,
+        type: Object as PropType<IAuthUserProfile>,
         required: true,
       },
       chartParams: {
@@ -169,7 +169,7 @@
       }
       function getApiParams(
         chartParams: IStatisticsDateParams,
-        user: IUserProfile
+        user: IAuthUserProfile
       ): IStatisticsParams {
         return {
           from: format(chartParams.start, 'yyyy-MM-dd'),
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
index fba8a433d..df83938de 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
@@ -10,7 +10,7 @@
             {{ $t('workouts.WORKOUT', user.nb_workouts) }}
           </span>
         </div>
-        <div class="user-stat">
+        <div class="user-stat" v-if="user.total_distance">
           <Distance
             :distance="user.total_distance"
             unitFrom="km"
@@ -22,12 +22,24 @@
             {{ user.imperial_units ? 'miles' : 'km' }}
           </span>
         </div>
-        <div class="user-stat hide-small">
+        <div class="user-stat hide-small" v-if="user.nb_sports">
           <span class="stat-number">{{ user.nb_sports }}</span>
           <span class="stat-label">
             {{ $t('workouts.SPORT', user.nb_sports) }}
           </span>
         </div>
+        <div class="user-stat hide-small">
+          <span class="stat-number">{{ user.following }}</span>
+          <span class="stat-label">
+            {{ $t('user.FOLLOWING', user.following) }}
+          </span>
+        </div>
+        <div class="user-stat hide-small">
+          <span class="stat-number">{{ user.followers }}</span>
+          <span class="stat-label">
+            {{ $t('user.FOLLOWER', user.followers) }}
+          </span>
+        </div>
       </div>
     </div>
   </div>
@@ -54,6 +66,10 @@
     display: flex;
     align-items: stretch;
 
+    ::v-deep(.user-picture) {
+      min-width: 20%;
+    }
+
     .user-details {
       flex-grow: 1;
       padding: $default-padding;
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
index 53caaefa2..ee755f5ee 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
@@ -28,11 +28,11 @@
 <script setup lang="ts">
   import { computed } from 'vue'
 
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { languageLabels } from '@/utils/locales'
 
   interface Props {
-    user: IUserProfile
+    user: IAuthUserProfile
   }
   const props = defineProps<Props>()
 
diff --git a/fittrackee_client/src/components/User/UserSportPreferences.vue b/fittrackee_client/src/components/User/UserSportPreferences.vue
index 96a4662ef..b74cd0d20 100644
--- a/fittrackee_client/src/components/User/UserSportPreferences.vue
+++ b/fittrackee_client/src/components/User/UserSportPreferences.vue
@@ -170,12 +170,12 @@
 
   import { AUTH_USER_STORE, ROOT_STORE, SPORTS_STORE } from '@/store/constants'
   import { ISport, ITranslatedSport } from '@/types/sports'
-  import { IUserProfile, IUserSportPreferencesPayload } from '@/types/user'
+  import { IAuthUserProfile, IUserSportPreferencesPayload } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { translateSports } from '@/utils/sports'
 
   interface Props {
-    user: IUserProfile
+    user: IAuthUserProfile
     isEdition: boolean
   }
   const props = defineProps<Props>()
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index d9ddd7d9f..35e0b1c2a 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -6,6 +6,8 @@
   "ENTER_EMAIL": "Enter an email address",
   "ENTER_PASSWORD": "Enter a password",
   "ENTER_PASSWORD_CONFIRMATION": "Confirm the password",
+  "FOLLOWER": "follower | followers",
+  "FOLLOWING": "following | following",
   "INVALID_TOKEN": "Invalid token, please request a new password reset.",
   "LANGUAGE": "Language",
   "LOGIN": "Login",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 8558aed70..d2246a240 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -6,6 +6,8 @@
   "ENTER_EMAIL": "Saisir une adresse email",
   "ENTER_PASSWORD": "Saisir un mot de passe",
   "ENTER_PASSWORD_CONFIRMATION": "Confirmer le mot de passe",
+  "FOLLOWER": "abonné | abonnés",
+  "FOLLOWING": "abonnement | abonnements",
   "INVALID_TOKEN": "Jeton invalide, veullez demander une nouvelle réinitialisation de mot de passe.",
   "LANGUAGE": "Langue",
   "LOGIN": "Se connecter",
diff --git a/fittrackee_client/src/store/modules/authUser/mutations.ts b/fittrackee_client/src/store/modules/authUser/mutations.ts
index 930846862..f48e3488b 100644
--- a/fittrackee_client/src/store/modules/authUser/mutations.ts
+++ b/fittrackee_client/src/store/modules/authUser/mutations.ts
@@ -5,12 +5,12 @@ import {
   IAuthUserState,
   TAuthUserMutations,
 } from '@/store/modules/authUser/types'
-import { IUserProfile } from '@/types/user'
+import { IAuthUserProfile } from '@/types/user'
 
 export const mutations: MutationTree<IAuthUserState> & TAuthUserMutations = {
   [AUTH_USER_STORE.MUTATIONS.CLEAR_AUTH_USER_TOKEN](state: IAuthUserState) {
     state.authToken = null
-    state.authUserProfile = <IUserProfile>{}
+    state.authUserProfile = <IAuthUserProfile>{}
   },
   [AUTH_USER_STORE.MUTATIONS.UPDATE_AUTH_TOKEN](
     state: IAuthUserState,
@@ -20,7 +20,7 @@ export const mutations: MutationTree<IAuthUserState> & TAuthUserMutations = {
   },
   [AUTH_USER_STORE.MUTATIONS.UPDATE_AUTH_USER_PROFILE](
     state: IAuthUserState,
-    authUserProfile: IUserProfile
+    authUserProfile: IAuthUserProfile
   ) {
     state.authUserProfile = authUserProfile
   },
diff --git a/fittrackee_client/src/store/modules/authUser/state.ts b/fittrackee_client/src/store/modules/authUser/state.ts
index 795a4c4ea..a43a7ca72 100644
--- a/fittrackee_client/src/store/modules/authUser/state.ts
+++ b/fittrackee_client/src/store/modules/authUser/state.ts
@@ -1,8 +1,8 @@
 import { IAuthUserState } from '@/store/modules/authUser/types'
-import { IUserProfile } from '@/types/user'
+import { IAuthUserProfile } from '@/types/user'
 
 export const authUserState: IAuthUserState = {
   authToken: null,
-  authUserProfile: <IUserProfile>{},
+  authUserProfile: <IAuthUserProfile>{},
   loading: false,
 }
diff --git a/fittrackee_client/src/store/modules/authUser/types.ts b/fittrackee_client/src/store/modules/authUser/types.ts
index 28503b46e..98f2c8a6f 100644
--- a/fittrackee_client/src/store/modules/authUser/types.ts
+++ b/fittrackee_client/src/store/modules/authUser/types.ts
@@ -8,7 +8,7 @@ import {
 import { AUTH_USER_STORE } from '@/store/constants'
 import { IRootState } from '@/store/modules/root/types'
 import {
-  IUserProfile,
+  IAuthUserProfile,
   ILoginOrRegisterData,
   IUserDeletionPayload,
   IUserPasswordPayload,
@@ -21,7 +21,7 @@ import {
 
 export interface IAuthUserState {
   authToken: string | null
-  authUserProfile: IUserProfile
+  authUserProfile: IAuthUserProfile
   loading: boolean
 }
 
@@ -93,7 +93,7 @@ export interface IAuthUserGetters {
 
   [AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE](
     state: IAuthUserState
-  ): IUserProfile
+  ): IAuthUserProfile
 
   [AUTH_USER_STORE.GETTERS.IS_ADMIN](state: IAuthUserState): boolean
 
@@ -110,7 +110,7 @@ export type TAuthUserMutations<S = IAuthUserState> = {
   ): void
   [AUTH_USER_STORE.MUTATIONS.UPDATE_AUTH_USER_PROFILE](
     state: S,
-    authUserProfile: IUserProfile
+    authUserProfile: IAuthUserProfile
   ): void
   [AUTH_USER_STORE.MUTATIONS.UPDATE_USER_LOADING](
     state: S,
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index 671835d33..64d0b6de1 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -7,21 +7,32 @@ export interface IUserProfile {
   bio: string | null
   birth_date: string | null
   created_at: string
-  email: string
+  email?: string
   first_name: string | null
-  imperial_units: boolean
-  language: string | null
+  followers: IUserProfile[]
+  following: IUserProfile[]
   last_name: string | null
   location: string | null
-  nb_sports: number
+  nb_sports?: number
   nb_workouts: number
   picture: string | boolean
+  records?: IRecord[]
+  sports_list?: number[]
+  total_distance?: number
+  total_duration?: string
+  username: string
+}
+
+export interface IAuthUserProfile extends IUserProfile {
+  email: string
+  imperial_units: boolean
+  language: string | null
+  nb_sports: number
   records: IRecord[]
   sports_list: number[]
   timezone: string
   total_distance: number
   total_duration: string
-  username: string
   weekm: boolean
 }
 

From 9090ec4bdee7650986d126e1796f807c138b2453 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 12:30:01 +0100
Subject: [PATCH 069/238] Client - user details route is now accessible without
 authentication

---
 .../components/Administration/AdminUsers.vue  |  2 +-
 .../User/ProfileDisplay/UserHeader.vue        |  7 +++--
 .../User/ProfileDisplay/UserInfos.vue         | 30 +++++++++++--------
 fittrackee_client/src/router/index.ts         |  8 ++++-
 fittrackee_client/src/views/user/UserView.vue | 11 ++++---
 5 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/fittrackee_client/src/components/Administration/AdminUsers.vue b/fittrackee_client/src/components/Administration/AdminUsers.vue
index d8f765c40..1f6598b95 100644
--- a/fittrackee_client/src/components/Administration/AdminUsers.vue
+++ b/fittrackee_client/src/components/Administration/AdminUsers.vue
@@ -42,7 +42,7 @@
                   <span class="cell-heading">
                     {{ $t('user.USERNAME') }}
                   </span>
-                  <router-link :to="`/users/${user.username}`">
+                  <router-link :to="`/users/${user.username}?from=admin`">
                     {{ user.username }}
                   </router-link>
                 </td>
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
index df83938de..55b53b6ca 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
@@ -16,7 +16,7 @@
             unitFrom="km"
             :digits="0"
             :displayUnit="false"
-            :useImperialUnits="user.imperial_units"
+            :useImperialUnits="authUser ? authUser.imperial_units : false"
           />
           <span class="stat-label">
             {{ user.imperial_units ? 'miles' : 'km' }}
@@ -49,14 +49,15 @@
   import { toRefs } from 'vue'
 
   import UserPicture from '@/components/User/UserPicture.vue'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
 
   interface Props {
     user: IUserProfile
+    authUser?: IAuthUserProfile
   }
   const props = defineProps<Props>()
 
-  const { user } = toRefs(props)
+  const { authUser, user } = toRefs(props)
 </script>
 
 <style lang="scss" scoped>
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index 85f8fbc4e..2703ed1da 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -24,7 +24,10 @@
         {{ user.bio }}
       </dd>
     </dl>
-    <div class="profile-buttons" v-if="fromAdmin">
+    <div
+      class="profile-buttons"
+      v-if="authUser && authUser.admin && $route.query.from === 'admin'"
+    >
       <button
         class="danger"
         v-if="authUser.username !== user.username"
@@ -35,7 +38,13 @@
       <button @click="$router.go(-1)">{{ $t('buttons.BACK') }}</button>
     </div>
     <div class="profile-buttons" v-else>
-      <button @click="$router.push('/profile/edit')">
+      <button
+        v-if="
+          $route.path === '/profile' ||
+          (authUser && authUser.username === user.username)
+        "
+        @click="$router.push('/profile/edit')"
+      >
         {{ $t('user.PROFILE.EDIT') }}
       </button>
       <button @click="$router.push('/')">{{ $t('common.HOME') }}</button>
@@ -45,26 +54,21 @@
 
 <script setup lang="ts">
   import { format } from 'date-fns'
-  import { ComputedRef, Ref, computed, ref, toRefs, withDefaults } from 'vue'
+  import { Ref, computed, ref, toRefs } from 'vue'
 
-  import { AUTH_USER_STORE, USERS_STORE } from '@/store/constants'
-  import { IUserProfile } from '@/types/user'
+  import { USERS_STORE } from '@/store/constants'
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
   interface Props {
     user: IUserProfile
-    fromAdmin?: boolean
+    authUser?: IAuthUserProfile
   }
-  const props = withDefaults(defineProps<Props>(), {
-    fromAdmin: false,
-  })
+  const props = defineProps<Props>()
 
   const store = useStore()
 
-  const { user, fromAdmin } = toRefs(props)
-  const authUser: ComputedRef<IUserProfile> = computed(
-    () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
-  )
+  const { authUser, user } = toRefs(props)
   const registrationDate = computed(() =>
     props.user.created_at
       ? format(new Date(props.user.created_at), 'dd/MM/yyyy HH:mm')
diff --git a/fittrackee_client/src/router/index.ts b/fittrackee_client/src/router/index.ts
index 1eb317d2b..0f990a346 100644
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@@ -252,12 +252,18 @@ router.beforeEach((to, from, next) => {
   store
     .dispatch(AUTH_USER_STORE.ACTIONS.CHECK_AUTH_USER)
     .then(() => {
+      if (to.path.startsWith('/users')) {
+        return next()
+      }
+
       if (
         store.getters[AUTH_USER_STORE.GETTERS.IS_AUTHENTICATED] &&
         pathsWithoutAuthentication.includes(to.path)
       ) {
         return next('/')
-      } else if (
+      }
+
+      if (
         !store.getters[AUTH_USER_STORE.GETTERS.IS_AUTHENTICATED] &&
         !pathsWithoutAuthentication.includes(to.path)
       ) {
diff --git a/fittrackee_client/src/views/user/UserView.vue b/fittrackee_client/src/views/user/UserView.vue
index 6ec3a1f94..875ea8d2f 100644
--- a/fittrackee_client/src/views/user/UserView.vue
+++ b/fittrackee_client/src/views/user/UserView.vue
@@ -1,8 +1,8 @@
 <template>
   <div id="user" class="view" v-if="user.username">
-    <UserHeader :user="user" />
+    <UserHeader :authUser="authUser" :user="user" />
     <div class="box">
-      <UserInfos :user="user" :from-admin="true" />
+      <UserInfos :authUser="authUser" :user="user" />
     </div>
   </div>
 </template>
@@ -13,13 +13,16 @@
 
   import UserHeader from '@/components/User/ProfileDisplay/UserHeader.vue'
   import UserInfos from '@/components/User/ProfileDisplay/UserInfos.vue'
-  import { USERS_STORE } from '@/store/constants'
-  import { IUserProfile } from '@/types/user'
+  import { AUTH_USER_STORE, USERS_STORE } from '@/store/constants'
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
   const route = useRoute()
   const store = useStore()
 
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
+    () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
+  )
   const user: ComputedRef<IUserProfile> = computed(
     () => store.getters[USERS_STORE.GETTERS.USER]
   )

From 31babdd1bc78d3f2bbc708f6406834b265024cff Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 12:30:38 +0100
Subject: [PATCH 070/238] Client - add workouts and map visibility in user
 preferences

---
 .../User/ProfileDisplay/UserPreferences.vue   |  7 ++-
 .../ProfileEdition/UserPreferencesEdition.vue | 47 +++++++++++++++++--
 fittrackee_client/src/locales/en/user.json    |  9 ++++
 fittrackee_client/src/locales/fr/user.json    |  9 ++++
 fittrackee_client/src/types/user.ts           |  6 +++
 5 files changed, 74 insertions(+), 4 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
index ee755f5ee..1adcd2af6 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
@@ -15,6 +15,10 @@
           )
         }}
       </dd>
+      <dt>{{ $t('user.PRIVACY.WORKOUTS_VISIBILITY') }}:</dt>
+      <dd>{{ $t(`user.PRIVACY.LEVELS.${user.workouts_visibility}`) }}</dd>
+      <dt>{{ $t('user.PRIVACY.MAP_VISIBILITY') }}:</dt>
+      <dd>{{ $t(`user.PRIVACY.LEVELS.${user.map_visibility}`) }}</dd>
     </dl>
     <div class="profile-buttons">
       <button @click="$router.push('/profile/edit/preferences')">
@@ -26,7 +30,7 @@
 </template>
 
 <script setup lang="ts">
-  import { computed } from 'vue'
+  import { computed, toRefs } from 'vue'
 
   import { IAuthUserProfile } from '@/types/user'
   import { languageLabels } from '@/utils/locales'
@@ -36,6 +40,7 @@
   }
   const props = defineProps<Props>()
 
+  const { user } = toRefs(props)
   const language = computed(() =>
     props.user.language
       ? languageLabels[props.user.language]
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
index 4b122d763..a4a2b8408 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
@@ -51,6 +51,30 @@
             </option>
           </select>
         </label>
+        <label class="form-items">
+          {{ $t('user.PRIVACY.WORKOUTS_VISIBILITY') }}
+          <select
+            id="workouts_visibility"
+            v-model="userForm.workouts_visibility"
+            :disabled="loading"
+          >
+            <option v-for="level in privacyLevels" :value="level" :key="level">
+              {{ $t(`user.PRIVACY.LEVELS.${level}`) }}
+            </option>
+          </select>
+        </label>
+        <label class="form-items">
+          {{ $t('user.PRIVACY.MAP_VISIBILITY') }}
+          <select
+            id="map_visibility"
+            v-model="userForm.map_visibility"
+            :disabled="loading"
+          >
+            <option v-for="level in privacyLevels" :value="level" :key="level">
+              {{ $t(`user.PRIVACY.LEVELS.${level}`) }}
+            </option>
+          </select>
+        </label>
         <div class="form-buttons">
           <button class="confirm" type="submit">
             {{ $t('buttons.SUBMIT') }}
@@ -72,12 +96,16 @@
 
   import TimezoneDropdown from '@/components/User/ProfileEdition/TimezoneDropdown.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
-  import { IUserProfile, IUserPreferencesPayload } from '@/types/user'
+  import {
+    IUserPreferencesPayload,
+    TPrivacyLevels,
+    IAuthUserProfile,
+  } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { availableLanguages } from '@/utils/locales'
 
   interface Props {
-    user: IUserProfile
+    user: IAuthUserProfile
   }
   const props = defineProps<Props>()
 
@@ -86,8 +114,10 @@
   const userForm: IUserPreferencesPayload = reactive({
     imperial_units: false,
     language: '',
+    map_visibility: 'private',
     timezone: 'Europe/Paris',
     weekm: false,
+    workouts_visibility: 'private',
   })
   const weekStart = [
     {
@@ -109,6 +139,11 @@
       value: false,
     },
   ]
+  const privacyLevels: TPrivacyLevels[] = [
+    'private',
+    'followers_only',
+    'public',
+  ]
   const loading = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.USER_LOADING]
   )
@@ -122,11 +157,17 @@
     }
   })
 
-  function updateUserForm(user: IUserProfile) {
+  function updateUserForm(user: IAuthUserProfile) {
     userForm.imperial_units = user.imperial_units ? user.imperial_units : false
     userForm.language = user.language ? user.language : 'en'
+    userForm.map_visibility = user.map_visibility
+      ? user.map_visibility
+      : 'private'
     userForm.timezone = user.timezone ? user.timezone : 'Europe/Paris'
     userForm.weekm = user.weekm ? user.weekm : false
+    userForm.workouts_visibility = user.workouts_visibility
+      ? user.workouts_visibility
+      : 'private'
   }
   function updateProfile() {
     store.dispatch(AUTH_USER_STORE.ACTIONS.UPDATE_USER_PREFERENCES, userForm)
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 35e0b1c2a..04c36d9b8 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -19,6 +19,15 @@
   "PASSWORD_RESET": "Password reset",
   "PASSWORD_SENT_EMAIL_TEXT": "Check your email. If your address is in our database, you'll received an email with a link to reset your password.",
   "PASSWORD_UPDATED": "Your password have been updated. Click {0} to log in.",
+  "PRIVACY": {
+    "LEVELS": {
+      "private": "Private (only me)",
+      "followers_only": "Followers only",
+      "public": "Public (everyone)"
+    },
+    "MAP_VISIBILITY": "Map and analysis visibility",
+    "WORKOUTS_VISIBILITY": "Workouts related data visibility"
+  },
   "PROFILE": {
     "BACK_TO_PROFILE": "Back to profile",
     "BIO": "Bio",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index d2246a240..d8c2808f7 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -19,6 +19,15 @@
   "PASSWORD_RESET": "Réinitialisation du mot de passe",
   "PASSWORD_SENT_EMAIL_TEXT": "Vérifiez votre boite mail. Si vote adresse est dans notre base de données, vous recevrez un email avec un lien pour réinitialiser votre mot de passe.",
   "PASSWORD_UPDATED": "Votre mot de passe a été mis à jour. Cliquez {0} pour vous connecter.",
+  "PRIVACY": {
+    "LEVELS": {
+      "private": "Privé (seulement moi)",
+      "followers_only": "Abonnées uniquement",
+      "public": "Public (tout le monde)"
+    },
+    "MAP_VISIBILITY": "Visibilité de la carte et de l'analyse",
+    "WORKOUTS_VISIBILITY": "Visibilité des données relatives aux séances"
+  },
   "PROFILE": {
     "BACK_TO_PROFILE": "Revenir au profil",
     "BIO": "Bio",
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index 64d0b6de1..dff1840e1 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -2,6 +2,8 @@ import { LocationQueryValue } from 'vue-router'
 
 import { IRecord } from '@/types/workouts'
 
+export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
+
 export interface IUserProfile {
   admin: boolean
   bio: string | null
@@ -13,6 +15,7 @@ export interface IUserProfile {
   following: IUserProfile[]
   last_name: string | null
   location: string | null
+  map_visibility: TPrivacyLevels
   nb_sports?: number
   nb_workouts: number
   picture: string | boolean
@@ -21,6 +24,7 @@ export interface IUserProfile {
   total_distance?: number
   total_duration?: string
   username: string
+  workouts_visibility: TPrivacyLevels
 }
 
 export interface IAuthUserProfile extends IUserProfile {
@@ -54,8 +58,10 @@ export interface IAdminUserPayload {
 export interface IUserPreferencesPayload {
   imperial_units: boolean
   language: string
+  map_visibility: TPrivacyLevels
   timezone: string
   weekm: boolean
+  workouts_visibility: TPrivacyLevels
 }
 
 export interface IUserSportPreferencesPayload {

From 5349ed2c8177d0ae110567669d251ca21765c5c0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 6 Feb 2022 12:31:46 +0100
Subject: [PATCH 071/238] Client - fix user header

---
 .../src/components/User/ProfileDisplay/UserHeader.vue         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
index 55b53b6ca..6646f70bb 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
@@ -10,7 +10,7 @@
             {{ $t('workouts.WORKOUT', user.nb_workouts) }}
           </span>
         </div>
-        <div class="user-stat" v-if="user.total_distance">
+        <div class="user-stat" v-if="'total_distance' in user">
           <Distance
             :distance="user.total_distance"
             unitFrom="km"
@@ -22,7 +22,7 @@
             {{ user.imperial_units ? 'miles' : 'km' }}
           </span>
         </div>
-        <div class="user-stat hide-small" v-if="user.nb_sports">
+        <div class="user-stat hide-small" v-if="'nb_sports' in user">
           <span class="stat-number">{{ user.nb_sports }}</span>
           <span class="stat-label">
             {{ $t('workouts.SPORT', user.nb_sports) }}

From cdffeb3ce5d3c554bfaed98e6db9f1013e5480c9 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 2 Jan 2022 20:13:26 +0100
Subject: [PATCH 072/238] Client - init users list (wip)

---
 .../components/Administration/AdminMenu.vue   |   2 +-
 .../components/Administration/AdminUsers.vue  |   2 +-
 .../Administration/AppStatsCards.vue          |   2 +-
 fittrackee_client/src/components/NavBar.vue   |   3 +
 .../User/ProfileDisplay/UserHeader.vue        |  53 +--------
 .../src/components/User/UserCard.vue          |  61 +++++++++++
 .../src/components/User/UserStats.vue         |  73 +++++++++++++
 .../src/components/Users/UsersList.vue        | 103 ++++++++++++++++++
 .../src/components/Workouts/WorkoutsList.vue  |   1 -
 .../src/locales/en/administration.json        |   1 -
 fittrackee_client/src/locales/en/user.json    |   1 +
 .../src/locales/fr/administration.json        |   1 -
 fittrackee_client/src/locales/fr/user.json    |   1 +
 fittrackee_client/src/router/index.ts         |   8 +-
 fittrackee_client/src/views/UsersView.vue     |  21 ++++
 15 files changed, 278 insertions(+), 55 deletions(-)
 create mode 100644 fittrackee_client/src/components/User/UserCard.vue
 create mode 100644 fittrackee_client/src/components/User/UserStats.vue
 create mode 100644 fittrackee_client/src/components/Users/UsersList.vue
 create mode 100644 fittrackee_client/src/views/UsersView.vue

diff --git a/fittrackee_client/src/components/Administration/AdminMenu.vue b/fittrackee_client/src/components/Administration/AdminMenu.vue
index c26abc4c5..ac99f2e59 100644
--- a/fittrackee_client/src/components/Administration/AdminMenu.vue
+++ b/fittrackee_client/src/components/Administration/AdminMenu.vue
@@ -42,7 +42,7 @@
             </dd>
             <dt>
               <router-link to="/admin/users">
-                {{ capitalize($t('admin.USER', 0)) }}
+                {{ capitalize($t('user.USER', 0)) }}
               </router-link>
             </dt>
             <dd>
diff --git a/fittrackee_client/src/components/Administration/AdminUsers.vue b/fittrackee_client/src/components/Administration/AdminUsers.vue
index 1f6598b95..4e7d8cc88 100644
--- a/fittrackee_client/src/components/Administration/AdminUsers.vue
+++ b/fittrackee_client/src/components/Administration/AdminUsers.vue
@@ -1,7 +1,7 @@
 <template>
   <div id="admin-users" class="admin-card">
     <Card>
-      <template #title>{{ capitalize($t('admin.USER', 0)) }}</template>
+      <template #title>{{ capitalize($t('user.USER', 0)) }}</template>
       <template #content>
         <button class="top-button" @click.prevent="$router.push('/admin')">
           {{ $t('admin.BACK_TO_ADMIN') }}
diff --git a/fittrackee_client/src/components/Administration/AppStatsCards.vue b/fittrackee_client/src/components/Administration/AppStatsCards.vue
index 1f4f93ca8..6421ce04d 100644
--- a/fittrackee_client/src/components/Administration/AppStatsCards.vue
+++ b/fittrackee_client/src/components/Administration/AppStatsCards.vue
@@ -3,7 +3,7 @@
     <StatCard
       icon="users"
       :value="appStatistics.users"
-      :text="$t('admin.USER', appStatistics.users)"
+      :text="$t('user.USER', appStatistics.users)"
     />
     <StatCard
       icon="tags"
diff --git a/fittrackee_client/src/components/NavBar.vue b/fittrackee_client/src/components/NavBar.vue
index d685b7eb9..4af23c6a8 100644
--- a/fittrackee_client/src/components/NavBar.vue
+++ b/fittrackee_client/src/components/NavBar.vue
@@ -29,6 +29,9 @@
             <router-link class="nav-item" to="/statistics">
               {{ $t('statistics.STATISTICS') }}
             </router-link>
+            <router-link class="nav-item" to="/users">
+              {{ capitalize($t('user.USER', 0)) }}
+            </router-link>
             <router-link class="nav-item" to="/workouts/add">
               {{ $t('workouts.ADD_WORKOUT') }}
             </router-link>
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
index 6646f70bb..6cdcfdee5 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
@@ -3,44 +3,7 @@
     <UserPicture :user="user" />
     <div class="user-details">
       <div class="user-name">{{ user.username }}</div>
-      <div class="user-stats">
-        <div class="user-stat">
-          <span class="stat-number">{{ user.nb_workouts }}</span>
-          <span class="stat-label">
-            {{ $t('workouts.WORKOUT', user.nb_workouts) }}
-          </span>
-        </div>
-        <div class="user-stat" v-if="'total_distance' in user">
-          <Distance
-            :distance="user.total_distance"
-            unitFrom="km"
-            :digits="0"
-            :displayUnit="false"
-            :useImperialUnits="authUser ? authUser.imperial_units : false"
-          />
-          <span class="stat-label">
-            {{ user.imperial_units ? 'miles' : 'km' }}
-          </span>
-        </div>
-        <div class="user-stat hide-small" v-if="'nb_sports' in user">
-          <span class="stat-number">{{ user.nb_sports }}</span>
-          <span class="stat-label">
-            {{ $t('workouts.SPORT', user.nb_sports) }}
-          </span>
-        </div>
-        <div class="user-stat hide-small">
-          <span class="stat-number">{{ user.following }}</span>
-          <span class="stat-label">
-            {{ $t('user.FOLLOWING', user.following) }}
-          </span>
-        </div>
-        <div class="user-stat hide-small">
-          <span class="stat-number">{{ user.followers }}</span>
-          <span class="stat-label">
-            {{ $t('user.FOLLOWER', user.followers) }}
-          </span>
-        </div>
-      </div>
+      <UserStats :authUser="authUser" :user="user" />
     </div>
   </div>
 </template>
@@ -49,6 +12,7 @@
   import { toRefs } from 'vue'
 
   import UserPicture from '@/components/User/UserPicture.vue'
+  import UserStats from '@/components/User/UserStats.vue'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
 
   interface Props {
@@ -83,21 +47,15 @@
         height: 60%;
       }
 
-      .user-stats {
-        display: flex;
+      ::v-deep(.user-stats) {
         gap: $default-padding * 4;
         .user-stat {
-          display: flex;
           flex-direction: column;
           align-items: center;
           padding-top: $default-padding;
-          .stat-number,
-          .stat-label {
-            padding: 0 $default-padding * 0.5;
-          }
+
           ::v-deep(.distance),
           .stat-number {
-            font-weight: bold;
             font-size: 1.5em;
           }
         }
@@ -108,12 +66,11 @@
           font-size: 1.5em;
         }
 
-        .user-stats {
+        ::v-deep(.user-stats) {
           gap: $default-padding * 2;
           .user-stat {
             ::v-deep(.distance),
             .stat-number {
-              font-weight: bold;
               font-size: 1.2em;
             }
 
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
new file mode 100644
index 000000000..9811b887d
--- /dev/null
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -0,0 +1,61 @@
+<template>
+  <div class="box">
+    <div class="user-card">
+      <div class="user-header">
+        <UserPicture :user="user" />
+        <router-link :to="`/users/${user.username}?from=admin`">
+          {{ user.username }}
+        </router-link>
+      </div>
+      <UserStats :authUser="authUser" :user="user" />
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { toRefs } from 'vue'
+
+  import UserPicture from '@/components/User/UserPicture.vue'
+  import UserStats from '@/components/User/UserStats.vue'
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
+
+  interface Props {
+    authUser: IAuthUserProfile
+    user: IUserProfile
+  }
+  const props = defineProps<Props>()
+
+  const { authUser, user } = toRefs(props)
+</script>
+
+<style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+
+  .user-card {
+    display: flex;
+
+    .user-header {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      gap: $default-margin;
+      margin: $default-margin;
+      width: 50%;
+      ::v-deep(.user-picture) {
+        img {
+          height: 60px;
+          width: 60px;
+        }
+        .no-picture {
+          font-size: 4em;
+        }
+      }
+    }
+    ::v-deep(.user-stats) {
+      flex-direction: column;
+      align-items: flex-end;
+      margin: $default-margin;
+      width: 50%;
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/User/UserStats.vue b/fittrackee_client/src/components/User/UserStats.vue
new file mode 100644
index 000000000..eace9db78
--- /dev/null
+++ b/fittrackee_client/src/components/User/UserStats.vue
@@ -0,0 +1,73 @@
+<template>
+  <div class="user-stats">
+    <div class="user-stat">
+      <span class="stat-number">{{ user.nb_workouts }}</span>
+      <span class="stat-label">
+        {{ $t('workouts.WORKOUT', user.nb_workouts) }}
+      </span>
+    </div>
+    <div class="user-stat" v-if="'total_distance' in user">
+      <Distance
+        :distance="user.total_distance"
+        unitFrom="km"
+        :digits="0"
+        :displayUnit="false"
+        :useImperialUnits="authUser ? authUser.imperial_units : false"
+      />
+      <span class="stat-label">
+        {{ user.imperial_units ? 'miles' : 'km' }}
+      </span>
+    </div>
+    <div class="user-stat hide-small" v-if="'nb_sports' in user">
+      <span class="stat-number">{{ user.nb_sports }}</span>
+      <span class="stat-label">
+        {{ $t('workouts.SPORT', user.nb_sports) }}
+      </span>
+    </div>
+    <div class="user-stat hide-small">
+      <span class="stat-number">{{ user.following }}</span>
+      <span class="stat-label">
+        {{ $t('user.FOLLOWING', user.following) }}
+      </span>
+    </div>
+    <div class="user-stat hide-small">
+      <span class="stat-number">{{ user.followers }}</span>
+      <span class="stat-label">
+        {{ $t('user.FOLLOWER', user.followers) }}
+      </span>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { toRefs } from 'vue'
+
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
+
+  interface Props {
+    authUser: IAuthUserProfile
+    user: IUserProfile
+  }
+  const props = defineProps<Props>()
+
+  const { authUser, user } = toRefs(props)
+</script>
+
+<style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+
+  .user-stats {
+    display: flex;
+    .user-stat {
+      display: flex;
+      .stat-number,
+      .stat-label {
+        padding: 0 $default-padding * 0.5;
+      }
+      ::v-deep(.distance),
+      .stat-number {
+        font-weight: bold;
+      }
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/Users/UsersList.vue b/fittrackee_client/src/components/Users/UsersList.vue
new file mode 100644
index 000000000..8de5f2fae
--- /dev/null
+++ b/fittrackee_client/src/components/Users/UsersList.vue
@@ -0,0 +1,103 @@
+<template>
+  <div class="users-list">
+    <div class="container users-container">
+      <div v-for="user in users" :key="user.username" class="user-box">
+        <UserCard :authUser="authUser" :user="user" />
+      </div>
+    </div>
+    <Pagination
+      v-if="pagination.page"
+      path="/users"
+      :pagination="pagination"
+      :query="query"
+    />
+  </div>
+</template>
+
+<script setup lang="ts">
+  import {
+    ComputedRef,
+    computed,
+    onBeforeMount,
+    onUnmounted,
+    reactive,
+    toRefs,
+    watch,
+  } from 'vue'
+  import { LocationQuery, useRoute } from 'vue-router'
+
+  import Pagination from '@/components/Common/Pagination.vue'
+  import UserCard from '@/components/User/UserCard.vue'
+  import { USERS_STORE } from '@/store/constants'
+  import { IPagination, TPaginationPayload } from '@/types/api'
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
+  import { useStore } from '@/use/useStore'
+  import { getQuery } from '@/utils/api'
+
+  interface Props {
+    authUser: IAuthUserProfile
+  }
+  const props = defineProps<Props>()
+
+  const store = useStore()
+  const route = useRoute()
+
+  const { authUser } = toRefs(props)
+  const orderByList: string[] = ['created_at', 'username', 'workouts_count']
+  const defaultOrderBy = 'created_at'
+  let query: TPaginationPayload = reactive(
+    getQuery(route.query, orderByList, defaultOrderBy)
+  )
+  const users: ComputedRef<IUserProfile[]> = computed(
+    () => store.getters[USERS_STORE.GETTERS.USERS]
+  )
+  const pagination: ComputedRef<IPagination> = computed(
+    () => store.getters[USERS_STORE.GETTERS.USERS_PAGINATION]
+  )
+
+  onBeforeMount(() => loadUsers(query))
+
+  function loadUsers(queryParams: TPaginationPayload) {
+    store.dispatch(USERS_STORE.ACTIONS.GET_USERS, queryParams)
+  }
+
+  onUnmounted(() => {
+    store.dispatch(USERS_STORE.ACTIONS.EMPTY_USERS)
+  })
+
+  watch(
+    () => route.query,
+    (newQuery: LocationQuery) => {
+      query = getQuery(newQuery, orderByList, defaultOrderBy, { query })
+      loadUsers(query)
+    }
+  )
+</script>
+
+<style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+  .users-list {
+    display: flex;
+    flex-direction: column;
+    margin-bottom: 50px;
+    width: 100%;
+
+    .users-container {
+      display: flex;
+      align-content: flex-start;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      padding: 0;
+
+      .user-box {
+        width: 25%;
+        @media screen and (max-width: $medium-limit) {
+          width: 50%;
+        }
+        @media screen and (max-width: $small-limit) {
+          width: 100%;
+        }
+      }
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/Workouts/WorkoutsList.vue b/fittrackee_client/src/components/Workouts/WorkoutsList.vue
index d524a2718..db3ae7076 100644
--- a/fittrackee_client/src/components/Workouts/WorkoutsList.vue
+++ b/fittrackee_client/src/components/Workouts/WorkoutsList.vue
@@ -187,7 +187,6 @@
   import { useStore } from '@/use/useStore'
   import { getQuery, sortList, workoutsPayloadKeys } from '@/utils/api'
   import { getDateWithTZ } from '@/utils/dates'
-  import { getSportColor, getSportLabel } from '@/utils/sports'
   import { convertDistance } from '@/utils/units'
   import { defaultOrder } from '@/utils/workouts'
 
diff --git a/fittrackee_client/src/locales/en/administration.json b/fittrackee_client/src/locales/en/administration.json
index 5e089bf17..1c8fc6b3b 100644
--- a/fittrackee_client/src/locales/en/administration.json
+++ b/fittrackee_client/src/locales/en/administration.json
@@ -31,7 +31,6 @@
     "TITLE": "Sports administration"
   },
   "UPDATE_APPLICATION_DESCRIPTION": "Update application configuration (maximum number of registered users, maximum files size).",
-  "USER": "user | users",
   "USERS": {
     "TABLE": {
       "ADD_ADMIN_RIGHTS": "Add admin rights",
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 04c36d9b8..0cb0297be 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -75,5 +75,6 @@
   "REGISTER_DISABLED": "Sorry, registration is disabled.",
   "RESET_PASSWORD": "Reset your password",
   "USER_PICTURE": "user picture",
+  "USER": "user | users",
   "USERNAME": "Username"
 }
diff --git a/fittrackee_client/src/locales/fr/administration.json b/fittrackee_client/src/locales/fr/administration.json
index 3dc43683c..0e4b55701 100644
--- a/fittrackee_client/src/locales/fr/administration.json
+++ b/fittrackee_client/src/locales/fr/administration.json
@@ -31,7 +31,6 @@
     "TITLE": "Administration - Sports"
   },
   "UPDATE_APPLICATION_DESCRIPTION": "Configurer l'application (nombre maximum d'utilisateurs inscrits, taille maximale des fichers).",
-  "USER": "utilisateur | utilisateurs",
   "USERS": {
     "TABLE": {
       "ADD_ADMIN_RIGHTS": "Ajouter les drois d'admin",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index d8c2808f7..8f74956ad 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -74,6 +74,7 @@
   "REGISTER": "S'inscrire",
   "REGISTER_DISABLED": "Désolé, les inscriptions sont désactivées.",
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
+  "USER": "utilisateur | utilisateurs",
   "USER_PICTURE": "photo de l'utilisateur",
   "USERNAME": "Nom d'utilisateur"
 }
diff --git a/fittrackee_client/src/router/index.ts b/fittrackee_client/src/router/index.ts
index 0f990a346..bff22bb3d 100644
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@@ -149,11 +149,17 @@ const routes: Array<RouteRecordRaw> = [
     component: () =>
       import(/* webpackChunkName: 'statistics' */ '@/views/StatisticsView.vue'),
   },
+  {
+    path: '/users',
+    name: 'Users',
+    component: () =>
+      import(/* webpackChunkName: 'users' */ '@/views/UsersView.vue'),
+  },
   {
     path: '/users/:username',
     name: 'User',
     component: () =>
-      import(/* webpackChunkName: 'profile' */ '@/views/user/UserView.vue'),
+      import(/* webpackChunkName: 'users' */ '@/views/user/UserView.vue'),
   },
   {
     path: '/workouts',
diff --git a/fittrackee_client/src/views/UsersView.vue b/fittrackee_client/src/views/UsersView.vue
new file mode 100644
index 000000000..f08043e5a
--- /dev/null
+++ b/fittrackee_client/src/views/UsersView.vue
@@ -0,0 +1,21 @@
+<template>
+  <div id="users" class="view" v-if="authUser.username">
+    <div class="container">
+      <UsersList :authUser="authUser" />
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { computed, ComputedRef } from 'vue'
+
+  import UsersList from '@/components/Users/UsersList.vue'
+  import { AUTH_USER_STORE } from '@/store/constants'
+  import { IUserProfile } from '@/types/user'
+  import { useStore } from '@/use/useStore'
+
+  const store = useStore()
+  const authUser: ComputedRef<IUserProfile> = computed(
+    () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
+  )
+</script>

From cf547034c98eeef40c936e347ce1d06c53b1b831 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 5 Jan 2022 16:08:39 +0100
Subject: [PATCH 073/238] Client - fix style on users

---
 .../User/ProfileDisplay/UserHeader.vue        | 45 +++++++++++--
 .../src/components/User/UserCard.vue          | 65 ++++++++++++-------
 .../src/components/User/UserStats.vue         |  6 +-
 .../src/components/Users/UsersList.vue        |  4 +-
 4 files changed, 87 insertions(+), 33 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
index 6cdcfdee5..95d8a0be7 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
@@ -48,34 +48,67 @@
       }
 
       ::v-deep(.user-stats) {
+        flex-wrap: nowrap;
         gap: $default-padding * 4;
         .user-stat {
           flex-direction: column;
           align-items: center;
           padding-top: $default-padding;
 
-          ::v-deep(.distance),
+          .distance,
           .stat-number {
             font-size: 1.5em;
           }
         }
       }
+    }
 
-      @media screen and (max-width: $x-small-limit) {
+    @media screen and (max-width: $small-limit) {
+      .user-details {
         .user-name {
           font-size: 1.5em;
         }
 
         ::v-deep(.user-stats) {
-          gap: $default-padding * 2;
+          margin-top: $default-margin * 0.5;
+          align-content: space-between;
+          flex-wrap: wrap;
+          gap: $default-padding;
+
           .user-stat {
-            ::v-deep(.distance),
+            padding: 0;
+            flex-direction: row;
+            .distance,
             .stat-number {
               font-size: 1.2em;
             }
+          }
+        }
+      }
+    }
 
-            &.hide-small {
-              display: none;
+    @media screen and (max-width: $x-small-limit) {
+      ::v-deep(.user-picture) {
+        img {
+          height: 50px;
+          width: 50px;
+        }
+        .no-picture {
+          font-size: 3em;
+        }
+      }
+      .user-details {
+        .user-name {
+          font-size: 1.5em;
+        }
+
+        ::v-deep(.user-stats) {
+          gap: $default-padding * 0.5;
+
+          .user-stat {
+            .distance,
+            .stat-number {
+              font-size: 1em;
             }
           }
         }
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index 9811b887d..2cab26ec1 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -3,7 +3,10 @@
     <div class="user-card">
       <div class="user-header">
         <UserPicture :user="user" />
-        <router-link :to="`/users/${user.username}?from=admin`">
+        <router-link
+          class="user-name"
+          :to="`/users/${user.username}?from=admin`"
+        >
           {{ user.username }}
         </router-link>
       </div>
@@ -31,31 +34,49 @@
 <style lang="scss" scoped>
   @import '~@/scss/vars.scss';
 
-  .user-card {
-    display: flex;
-
-    .user-header {
+  .box {
+    padding: $default-padding $default-padding * 2;
+    .user-card {
       display: flex;
-      flex-direction: column;
-      align-items: center;
-      gap: $default-margin;
-      margin: $default-margin;
-      width: 50%;
-      ::v-deep(.user-picture) {
-        img {
-          height: 60px;
-          width: 60px;
+
+      .user-header {
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        gap: $default-margin;
+        margin: $default-margin 0;
+        width: 50%;
+
+        .user-name {
+          //font-size: 0.8em;
         }
-        .no-picture {
-          font-size: 4em;
+        ::v-deep(.user-picture) {
+          img {
+            height: 70px;
+            width: 70px;
+          }
+          .no-picture {
+            font-size: 4.4em;
+          }
+        }
+      }
+      ::v-deep(.user-stats) {
+        flex-direction: column;
+        align-items: flex-end;
+        margin: $default-margin 0;
+        width: 50%;
+        .distance {
+          padding-right: $default-padding * 0.1;
+        }
+        .stat-number {
+          padding-right: 0;
+        }
+        .distance,
+        .stat-number,
+        .stat-label {
+          font-size: 0.95em;
         }
       }
-    }
-    ::v-deep(.user-stats) {
-      flex-direction: column;
-      align-items: flex-end;
-      margin: $default-margin;
-      width: 50%;
     }
   }
 </style>
diff --git a/fittrackee_client/src/components/User/UserStats.vue b/fittrackee_client/src/components/User/UserStats.vue
index eace9db78..09162aefd 100644
--- a/fittrackee_client/src/components/User/UserStats.vue
+++ b/fittrackee_client/src/components/User/UserStats.vue
@@ -18,19 +18,19 @@
         {{ user.imperial_units ? 'miles' : 'km' }}
       </span>
     </div>
-    <div class="user-stat hide-small" v-if="'nb_sports' in user">
+    <div class="user-stat" v-if="'nb_sports' in user">
       <span class="stat-number">{{ user.nb_sports }}</span>
       <span class="stat-label">
         {{ $t('workouts.SPORT', user.nb_sports) }}
       </span>
     </div>
-    <div class="user-stat hide-small">
+    <div class="user-stat">
       <span class="stat-number">{{ user.following }}</span>
       <span class="stat-label">
         {{ $t('user.FOLLOWING', user.following) }}
       </span>
     </div>
-    <div class="user-stat hide-small">
+    <div class="user-stat">
       <span class="stat-number">{{ user.followers }}</span>
       <span class="stat-label">
         {{ $t('user.FOLLOWER', user.followers) }}
diff --git a/fittrackee_client/src/components/Users/UsersList.vue b/fittrackee_client/src/components/Users/UsersList.vue
index 8de5f2fae..940c89c5e 100644
--- a/fittrackee_client/src/components/Users/UsersList.vue
+++ b/fittrackee_client/src/components/Users/UsersList.vue
@@ -86,11 +86,11 @@
       display: flex;
       align-content: flex-start;
       flex-wrap: wrap;
-      justify-content: space-between;
       padding: 0;
+      width: 100%;
 
       .user-box {
-        width: 25%;
+        width: 33%;
         @media screen and (max-width: $medium-limit) {
           width: 50%;
         }

From a1dbc1c63226a8be703ea220a5ac3e61bac22967 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 5 Jan 2022 16:12:48 +0100
Subject: [PATCH 074/238] Client - update NavBar since one item added

---
 fittrackee_client/src/components/NavBar.vue | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fittrackee_client/src/components/NavBar.vue b/fittrackee_client/src/components/NavBar.vue
index 4af23c6a8..2505f5542 100644
--- a/fittrackee_client/src/components/NavBar.vue
+++ b/fittrackee_client/src/components/NavBar.vue
@@ -47,11 +47,12 @@
         </div>
         <div class="nav-items-user-menu">
           <div class="nav-items-group" v-if="isAuthenticated">
-            <div class="nav-item nav-profile-img">
+            <router-link
+              class="nav-item nav-profile-img"
+              to="/profile"
+              @click="closeMenu"
+            >
               <UserPicture :user="authUser" />
-            </div>
-            <router-link class="nav-item" to="/profile" @click="closeMenu">
-              {{ authUser.username }}
             </router-link>
             <div class="nav-item nav-link" @click="logout">
               {{ $t('user.LOGOUT') }}

From b61f18ac35e5a21e9c8c7bca55dd9e44fd59553d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 18:14:58 +0100
Subject: [PATCH 075/238] API - user serializer refacto

---
 fittrackee/tests/users/test_auth_api.py       |  13 +-
 fittrackee/tests/users/test_users_api.py      | 681 +++++++++++++++++-
 .../tests/users/test_users_followers_api.py   |   2 +-
 fittrackee/tests/users/test_users_model.py    |  28 +-
 fittrackee/users/auth.py                      |   7 +-
 fittrackee/users/models.py                    |  12 +-
 fittrackee/users/users.py                     |  16 +-
 7 files changed, 706 insertions(+), 53 deletions(-)

diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 3cb2f4a42..2ce77ba75 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -8,7 +8,6 @@
 from freezegun import freeze_time
 
 from fittrackee.users.models import User, UserSportPreference
-from fittrackee.users.roles import UserRole
 from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout
 
@@ -492,9 +491,7 @@ def test_it_returns_user_profile_when_no_workouts_and_no_preferences(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['data'] == jsonify_dict(
-            user_1.serialize(role=UserRole.AUTH_USER)
-        )
+        assert data['data'] == jsonify_dict(user_1.serialize(user_1))
 
     def test_it_returns_user_profile_with_updated_fields(
         self, app: Flask, user_1_full: User
@@ -511,9 +508,7 @@ def test_it_returns_user_profile_with_updated_fields(
         data = json.loads(response.data.decode())
         assert response.status_code == 200
         assert data['status'] == 'success'
-        assert data['data'] == jsonify_dict(
-            user_1_full.serialize(role=UserRole.AUTH_USER)
-        )
+        assert data['data'] == jsonify_dict(user_1_full.serialize(user_1_full))
 
     def test_it_returns_user_profile_with_workouts(
         self,
@@ -536,9 +531,7 @@ def test_it_returns_user_profile_with_workouts(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['data'] == jsonify_dict(
-            user_1.serialize(role=UserRole.AUTH_USER)
-        )
+        assert data['data'] == jsonify_dict(user_1.serialize(user_1))
 
     def test_it_returns_error_if_headers_are_invalid(self, app: Flask) -> None:
         client = app.test_client()
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 790a13f10..99974c010 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -7,7 +7,6 @@
 
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import User, UserSportPreference
-from fittrackee.users.roles import UserRole
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
@@ -33,7 +32,7 @@ def test_it_gets_single_user_without_workouts(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0] == jsonify_dict(
-            user_2.serialize(role=UserRole.ADMIN)
+            user_2.serialize(user_1_admin)
         )
 
     def test_it_gets_single_user_with_workouts(
@@ -59,7 +58,7 @@ def test_it_gets_single_user_with_workouts(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0] == jsonify_dict(
-            user_2.serialize(role=UserRole.ADMIN)
+            user_2.serialize(user_1_admin)
         )
 
     def test_it_gets_authenticated_user(
@@ -86,7 +85,7 @@ def test_it_gets_authenticated_user(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0] == jsonify_dict(
-            user_1_admin.serialize(role=UserRole.ADMIN)
+            user_1_admin.serialize(user_1_admin)
         )
 
     def test_it_returns_error_if_user_does_not_exist(
@@ -127,7 +126,7 @@ def test_it_gets_single_user_without_workouts(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0] == jsonify_dict(
-            user_2.serialize(role=UserRole.USER)
+            user_2.serialize(user_1)
         )
 
     def test_it_gets_single_user_with_workouts(
@@ -153,7 +152,7 @@ def test_it_gets_single_user_with_workouts(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0] == jsonify_dict(
-            user_2.serialize(role=UserRole.USER)
+            user_2.serialize(user_1)
         )
 
     def test_it_gets_authenticated_user(
@@ -176,7 +175,7 @@ def test_it_gets_authenticated_user(
         assert data['status'] == 'success'
         assert len(data['data']['users']) == 1
         assert data['data']['users'][0] == jsonify_dict(
-            user_1.serialize(role=UserRole.USER)
+            user_1.serialize(user_1)
         )
 
     def test_it_returns_error_if_user_does_not_exist(
@@ -271,13 +270,13 @@ def test_it_gets_users_list(
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert data['data']['users'][0] == jsonify_dict(
-            user_1_admin.serialize(role=UserRole.ADMIN)
+            user_1_admin.serialize(user_1_admin)
         )
         assert data['data']['users'][1] == jsonify_dict(
-            user_3.serialize(role=UserRole.ADMIN)
+            user_3.serialize(user_1_admin)
         )
         assert data['data']['users'][2] == jsonify_dict(
-            user_2.serialize(role=UserRole.ADMIN)
+            user_2.serialize(user_1_admin)
         )
         assert data['pagination'] == {
             'has_next': False,
@@ -313,14 +312,14 @@ def test_it_gets_users_list_with_workouts(
         assert 'success' in data['status']
         assert len(data['data']['users']) == 3
         assert data['data']['users'][0] == jsonify_dict(
-            user_1_admin.serialize(role=UserRole.ADMIN)
+            user_1_admin.serialize(user_1_admin)
         )
 
         assert data['data']['users'][1] == jsonify_dict(
-            user_3.serialize(role=UserRole.ADMIN)
+            user_3.serialize(user_1_admin)
         )
         assert data['data']['users'][2] == jsonify_dict(
-            user_2.serialize(role=UserRole.ADMIN)
+            user_2.serialize(user_1_admin)
         )
         assert data['pagination'] == {
             'has_next': False,
@@ -907,6 +906,662 @@ def test_it_users_list_with_complex_query(
         }
 
 
+class TestGetUsersAsUser(ApiTestCaseMixin):
+    def test_it_gets_users_list(
+        self, app: Flask, user_1: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/users',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert data['data']['users'][0] == jsonify_dict(
+            user_3.serialize(user_1)
+        )
+        assert data['data']['users'][1] == jsonify_dict(
+            user_1.serialize(user_1)
+        )
+        assert data['data']['users'][2] == jsonify_dict(
+            user_2.serialize(user_1)
+        )
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_with_workouts(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        sport_2_running: Sport,
+        workout_running_user_1: Workout,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/users',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert data['data']['users'][0] == jsonify_dict(
+            user_3.serialize(user_1)
+        )
+
+        assert data['data']['users'][1] == jsonify_dict(
+            user_1.serialize(user_1)
+        )
+        assert data['data']['users'][2] == jsonify_dict(
+            user_2.serialize(user_1)
+        )
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+
+class TestGetUsersPagination(ApiTestCaseMixin):
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 2)
+    def test_it_gets_first_page_on_users_list(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?page=1',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 2
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 3,
+        }
+
+    @patch('fittrackee.users.users.USERS_PER_PAGE', 2)
+    def test_it_gets_next_page_on_users_list(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?page=2',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 3,
+        }
+
+    def test_it_gets_empty_next_page_on_users_list(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?page=2',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_user_list_with_2_per_page(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?per_page=2',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 2
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 3,
+        }
+
+    def test_it_gets_next_page_on_user_list_with_2_per_page(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?page=2&per_page=2',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_username(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=username',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_username_ascending(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=username&order=asc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_username_descending(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=username&order=desc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_creation_date(
+        self, app: Flask, user_2: User, user_3: User, user_1_admin: User
+    ) -> None:
+        user_2.created_at = datetime.utcnow() - timedelta(days=1)
+        user_3.created_at = datetime.utcnow() - timedelta(hours=1)
+        user_1_admin.created_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=created_at',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_creation_date_ascending(
+        self, app: Flask, user_2: User, user_3: User, user_1_admin: User
+    ) -> None:
+        user_2.created_at = datetime.utcnow() - timedelta(days=1)
+        user_3.created_at = datetime.utcnow() - timedelta(hours=1)
+        user_1_admin.created_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=created_at&order=asc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_creation_date_descending(
+        self, app: Flask, user_2: User, user_3: User, user_1_admin: User
+    ) -> None:
+        user_2.created_at = datetime.utcnow() - timedelta(days=1)
+        user_3.created_at = datetime.utcnow() - timedelta(hours=1)
+        user_1_admin.created_at = datetime.utcnow()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=created_at&order=desc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'toto' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_admin_rights(
+        self, app: Flask, user_2: User, user_1_admin: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=admin',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_admin_rights_ascending(
+        self, app: Flask, user_2: User, user_1_admin: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=admin&order=asc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 'admin' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_admin_rights_descending(
+        self, app: Flask, user_2: User, user_3: User, user_1_admin: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=admin&order=desc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 'toto' in data['data']['users'][1]['username']
+        assert 'sam' in data['data']['users'][2]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_workouts_count(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=workouts_count',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 0 == data['data']['users'][0]['nb_workouts']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 0 == data['data']['users'][1]['nb_workouts']
+        assert 'toto' in data['data']['users'][2]['username']
+        assert 1 == data['data']['users'][2]['nb_workouts']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_workouts_count_ascending(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=workouts_count&order=asc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'admin' in data['data']['users'][0]['username']
+        assert 0 == data['data']['users'][0]['nb_workouts']
+        assert 'sam' in data['data']['users'][1]['username']
+        assert 0 == data['data']['users'][1]['nb_workouts']
+        assert 'toto' in data['data']['users'][2]['username']
+        assert 1 == data['data']['users'][2]['nb_workouts']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_ordered_by_workouts_count_descending(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=workouts_count&order=desc',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 3
+        assert 'toto' in data['data']['users'][0]['username']
+        assert 1 == data['data']['users'][0]['nb_workouts']
+        assert 'admin' in data['data']['users'][1]['username']
+        assert 0 == data['data']['users'][1]['nb_workouts']
+        assert 'sam' in data['data']['users'][2]['username']
+        assert 0 == data['data']['users'][2]['nb_workouts']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 3,
+        }
+
+    def test_it_gets_users_list_filtering_on_username(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?q=toto',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        assert 'toto' in data['data']['users'][0]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 1,
+        }
+
+    def test_it_returns_empty_users_list_filtering_on_username(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?q=not_existing',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
+    def test_it_users_list_with_complex_query(
+        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?order_by=username&order=desc&page=2&per_page=2',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        assert 'admin' in data['data']['users'][0]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 3,
+        }
+
+
 class TestGetRemoteUsers(ApiTestCaseMixin):
     def test_it_returns_error_when_federation_is_disabled(
         self,
diff --git a/fittrackee/tests/users/test_users_followers_api.py b/fittrackee/tests/users/test_users_followers_api.py
index a245722c5..d9ca05bb5 100644
--- a/fittrackee/tests/users/test_users_followers_api.py
+++ b/fittrackee/tests/users/test_users_followers_api.py
@@ -327,7 +327,7 @@ def test_it_returns_following_users(
         assert len(data['data']['following']) == 2
         assert data['data']['following'][0]['username'] == user_1.username
         assert data['data']['following'][1]['username'] == user_2.username
-        assert 'email' not in data['data']['following'][0]
+        assert 'email' in data['data']['following'][0]
         assert 'email' not in data['data']['following'][1]
 
 
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 356c4aa34..5a21ef059 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -11,14 +11,12 @@
     NotExistingFollowRequestError,
 )
 from fittrackee.users.models import FollowRequest, User, UserSportPreference
-from fittrackee.users.roles import UserRole
 from fittrackee.workouts.models import Sport, Workout
 
 
 class TestUserModel:
     @staticmethod
     def assert_serialized_used(serialized_user: Dict) -> None:
-        assert 'test' == serialized_user['username']
         assert 'created_at' in serialized_user
         assert serialized_user['admin'] is False
         assert serialized_user['first_name'] is None
@@ -36,9 +34,10 @@ def assert_serialized_used(serialized_user: Dict) -> None:
     def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
         assert '<User \'test\'>' == str(user_1)
 
-        serialized_user = user_1.serialize(role=UserRole.AUTH_USER)
+        serialized_user = user_1.serialize(user_1)
 
         self.assert_serialized_used(serialized_user)
+        assert 'test' == serialized_user['username']
         assert 'test@test.com' == serialized_user['email']
         assert serialized_user['nb_sports'] == 0
         assert serialized_user['records'] == []
@@ -50,13 +49,16 @@ def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
         assert serialized_user['timezone'] is None
         assert serialized_user['weekm'] is False
 
-    def test_user_model_as_admin(self, app: Flask, user_1: User) -> None:
-        assert '<User \'test\'>' == str(user_1)
+    def test_user_model_as_admin(
+        self, app: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        assert '<User \'toto\'>' == str(user_2)
 
-        serialized_user = user_1.serialize(role=UserRole.ADMIN)
+        serialized_user = user_2.serialize(user_1_admin)
 
         self.assert_serialized_used(serialized_user)
-        assert 'test@test.com' == serialized_user['email']
+        assert 'toto' == serialized_user['username']
+        assert 'toto@toto.com' == serialized_user['email']
         assert serialized_user['nb_sports'] == 0
         assert serialized_user['records'] == []
         assert serialized_user['sports_list'] == []
@@ -68,13 +70,14 @@ def test_user_model_as_admin(self, app: Flask, user_1: User) -> None:
         assert 'weekm' not in serialized_user
 
     def test_user_model_as_regular_user(
-        self, app: Flask, user_1: User
+        self, app: Flask, user_1: User, user_2: User
     ) -> None:
-        assert '<User \'test\'>' == str(user_1)
+        assert '<User \'toto\'>' == str(user_2)
 
-        serialized_user = user_1.serialize(role=UserRole.USER)
+        serialized_user = user_2.serialize(user_1)
 
         self.assert_serialized_used(serialized_user)
+        assert 'toto' == serialized_user['username']
         assert serialized_user['nb_sports'] == 0
         assert serialized_user['records'] == []
         assert serialized_user['sports_list'] == []
@@ -86,7 +89,7 @@ def test_user_model_as_regular_user(
         assert 'timezone' not in serialized_user
         assert 'weekm' not in serialized_user
 
-    def test_user_model_when_no_role_provided(
+    def test_user_model_when_no_user_provided(
         self, app: Flask, user_1: User
     ) -> None:
         assert '<User \'test\'>' == str(user_1)
@@ -122,10 +125,11 @@ def test_it_returns_user_records(
         self,
         app: Flask,
         user_1: User,
+        user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        serialized_user = user_1.serialize(role=UserRole.USER)
+        serialized_user = user_1.serialize(user_2)
         assert len(serialized_user['records']) == 4
         assert serialized_user['records'][0]['record_type'] == 'AS'
         assert serialized_user['records'][0]['sport_id'] == sport_1_cycling.id
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 1e98c9362..b586d980c 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -28,7 +28,6 @@
 from .decorators import authenticate
 from .models import User, UserSportPreference
 from .privacy_levels import PrivacyLevel
-from .roles import UserRole
 from .utils.controls import check_passwords, register_controls
 from .utils.token import decode_user_token
 
@@ -393,7 +392,7 @@ def get_authenticated_user_profile(
     """
     return {
         'status': 'success',
-        'data': auth_user.serialize(role=UserRole.AUTH_USER),
+        'data': auth_user.serialize(auth_user),
     }
 
 
@@ -556,7 +555,7 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
         return {
             'status': 'success',
             'message': 'user profile updated',
-            'data': auth_user.serialize(role=UserRole.AUTH_USER),
+            'data': auth_user.serialize(auth_user),
         }
 
     # handler errors
@@ -710,7 +709,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
         return {
             'status': 'success',
             'message': 'user preferences updated',
-            'data': auth_user.serialize(role=UserRole.AUTH_USER),
+            'data': auth_user.serialize(auth_user),
         }
 
     # handler errors
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 8d02dfb20..2ef44408d 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -353,7 +353,17 @@ def create_actor(self) -> None:
         self.actor_id = actor.id
         db.session.commit()
 
-    def serialize(self, role: Optional[UserRole] = None) -> Dict:
+    def serialize(self, current_user: Optional['User'] = None) -> Dict:
+        if current_user is None:
+            role = None
+        else:
+            role = (
+                UserRole.AUTH_USER
+                if current_user.id == self.id
+                else UserRole.ADMIN
+                if current_user.admin
+                else UserRole.USER
+            )
         sports = []
         if self.workouts_count > 0:  # type: ignore
             sports = (
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 9596bdca7..274b7ac2e 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -35,7 +35,6 @@
     UserNotFoundException,
 )
 from .models import FollowRequest, User, UserSportPreference
-from .roles import UserRole
 from .utils.admin import set_admin_rights
 
 users_blueprint = Blueprint('users', __name__)
@@ -97,10 +96,9 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
         .paginate(page, per_page, False)
     )
     users = users_pagination.items
-    role = UserRole.ADMIN if auth_user.admin else UserRole.USER
     return {
         'status': 'success',
-        'data': {'users': [user.serialize(role) for user in users]},
+        'data': {'users': [user.serialize(auth_user) for user in users]},
         'pagination': {
             'has_next': users_pagination.has_next,
             'has_prev': users_pagination.has_prev,
@@ -478,15 +476,12 @@ def get_single_user(
     :statuscode 404:
         - user does not exist
     """
-    role = None
-    if auth_user is not None:
-        role = UserRole.ADMIN if auth_user.admin else UserRole.USER
     try:
         user = User.query.filter_by(username=user_name).first()
         if user:
             return {
                 'status': 'success',
-                'data': {'users': [user.serialize(role=role)]},
+                'data': {'users': [user.serialize(auth_user)]},
             }
     except ValueError:
         pass
@@ -652,7 +647,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         db.session.commit()
         return {
             'status': 'success',
-            'data': {'users': [user.serialize(role=UserRole.ADMIN)]},
+            'data': {'users': [user.serialize(auth_user)]},
         }
     except exc.StatementError as e:
         return handle_error_and_return_response(e, db=db)
@@ -853,10 +848,7 @@ def get_user_relationships(
         'status': 'success',
         'data': {
             relation: [
-                user.serialize(
-                    role=UserRole.ADMIN if auth_user.admin else UserRole.USER
-                )
-                for user in paginated_relations.items
+                user.serialize(auth_user) for user in paginated_relations.items
             ]
         },
         'pagination': {

From 6ed1e56247b6dc2133b055dbe71e6d6c5e851ea5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 5 Jan 2022 18:46:50 +0100
Subject: [PATCH 076/238] API - return relationships for a given user

---
 fittrackee/tests/users/test_users_model.py | 57 ++++++++++++++++++++--
 fittrackee/users/models.py                 | 18 +++++++
 fittrackee/users/users.py                  | 17 +++++++
 3 files changed, 88 insertions(+), 4 deletions(-)

diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 5a21ef059..f708a12d2 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -48,6 +48,8 @@ def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
         assert serialized_user['language'] is None
         assert serialized_user['timezone'] is None
         assert serialized_user['weekm'] is False
+        assert 'follows' not in serialized_user
+        assert 'is_followed_by' not in serialized_user
 
     def test_user_model_as_admin(
         self, app: Flask, user_1_admin: User, user_2: User
@@ -68,6 +70,8 @@ def test_user_model_as_admin(
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
         assert 'weekm' not in serialized_user
+        assert serialized_user['follows'] is False
+        assert serialized_user['is_followed_by'] is False
 
     def test_user_model_as_regular_user(
         self, app: Flask, user_1: User, user_2: User
@@ -88,6 +92,8 @@ def test_user_model_as_regular_user(
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
         assert 'weekm' not in serialized_user
+        assert serialized_user['follows'] is False
+        assert serialized_user['is_followed_by'] is False
 
     def test_user_model_when_no_user_provided(
         self, app: Flask, user_1: User
@@ -107,6 +113,8 @@ def test_user_model_when_no_user_provided(
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
         assert 'weekm' not in serialized_user
+        assert 'follows' not in serialized_user
+        assert 'is_followed_by' not in serialized_user
 
     def test_encode_auth_token(self, app: Flask, user_1: User) -> None:
         auth_token = user_1.encode_auth_token(user_1.id)
@@ -141,29 +149,70 @@ def test_it_returns_user_records(
         )
         assert serialized_user['records'][0]['workout_date']
 
-    def test_it_returns_followers_count(
+    def test_it_returns_user_1_and_user_2_dont_not_follow_each_other(
         self,
         app: Flask,
         user_1: User,
+        user_2: User,
+    ) -> None:
+        serialized_user = user_2.serialize(user_1)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 0
+        assert serialized_user['is_followed_by'] == 0
+
+        serialized_user = user_1.serialize(user_2)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 0
+        assert serialized_user['is_followed_by'] == 0
+
+    def test_it_returns_user_1_is_followed_by_user_2(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
         follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
         follow_request_from_user_2_to_user_1.is_approved = True
         follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
 
-        serialized_user = user_1.serialize()
+        serialized_user = user_2.serialize(user_1)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 1
+        assert serialized_user['follows'] == 1
+        assert serialized_user['is_followed_by'] == 0
+
+        serialized_user = user_1.serialize(user_2)
         assert serialized_user['followers'] == 1
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 0
+        assert serialized_user['is_followed_by'] == 1
 
-    def test_it_returns_following_count(
+    def test_it_returns_user_1_and_user_2_follow_each_other(
         self,
         app: Flask,
         user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
+        follow_request_from_user_2_to_user_1.is_approved = True
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
         follow_request_from_user_1_to_user_2.is_approved = True
         follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
 
-        serialized_user = user_1.serialize()
+        serialized_user = user_2.serialize(user_1)
+        assert serialized_user['followers'] == 1
+        assert serialized_user['following'] == 1
+        assert serialized_user['follows'] == 1
+        assert serialized_user['is_followed_by'] == 1
+
+        serialized_user = user_1.serialize(user_2)
+        assert serialized_user['followers'] == 1
         assert serialized_user['following'] == 1
+        assert serialized_user['follows'] == 1
+        assert serialized_user['is_followed_by'] == 1
 
     def test_user_is_not_remote_when_federation_is_disabled(
         self, app: Flask, user_1: User
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 2ef44408d..39b5a497b 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -337,6 +337,18 @@ def rejects_follow_request_from(self, user: 'User') -> FollowRequest:
         )
         return follow_request
 
+    def is_followed_by(self, user: 'User') -> bool:
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=user.id, followed_user_id=self.id
+        ).first()
+        return follow_request.is_approved if follow_request else False
+
+    def follows(self, user: 'User') -> bool:
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=self.id, followed_user_id=user.id
+        ).first()
+        return follow_request.is_approved if follow_request else False
+
     def get_user_url(self) -> str:
         """Return user url on user interface"""
         return f"{current_app.config['UI_URL']}/users/{self.username}"
@@ -427,6 +439,12 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
                 },
             }
 
+        if current_user is not None and role != UserRole.AUTH_USER:
+            serialized_user['follows'] = self.follows(current_user)
+            serialized_user['is_followed_by'] = self.is_followed_by(
+                current_user
+            )
+
         return serialized_user
 
 
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 274b7ac2e..34c4af94f 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -151,6 +151,8 @@ def get_users(auth_user: User) -> Dict:
               "first_name": null,
               "followers": 0,
               "following": 0,
+              "follows": false,
+              "is_followed_by": false,
               "is_remote": false,
               "last_name": null,
               "location": null,
@@ -215,6 +217,8 @@ def get_users(auth_user: User) -> Dict:
               "first_name": null,
               "followers": 0,
               "following": 0,
+              "follows": false,
+              "is_followed_by": false,
               "is_remote": false,
               "last_name": null,
               "location": null,
@@ -298,6 +302,8 @@ def get_remote_users(
               "first_name": null,
               "followers": 0,
               "following": 0,
+              "follows": false,
+              "is_followed_by": false,
               "is_remote": true,
               "last_name": null,
               "location": null,
@@ -345,6 +351,7 @@ def get_single_user(
 ) -> Union[Dict, HttpResponse]:
     """
     Get single user details.
+    If a user is authenticated, it returns relationships.
     If authenticated user has admin rights, user email is returned.
 
     **Example request**:
@@ -374,6 +381,8 @@ def get_single_user(
             "first_name": null,
             "followers": 0,
             "following": 0,
+            "follows": false,
+            "is_followed_by": false,
             "is_remote": false,
             "last_name": null,
             "location": null,
@@ -451,6 +460,8 @@ def get_single_user(
             "first_name": null,
             "followers": 0,
             "following": 0,
+            "follows": false,
+            "is_followed_by": false,
             "is_remote": false,
             "last_name": null,
             "location": null,
@@ -559,6 +570,8 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
             "first_name": null,
             "followers": 0,
             "following": 0,
+            "follows": false,
+            "is_followed_by": false,
             "is_remote": false,
             "last_name": null,
             "location": null,
@@ -905,6 +918,8 @@ def get_followers(
               "first_name": null,
               "followers": 1,
               "following": 1,
+              "follows": true,
+              "is_followed_by": false,
               "is_remote": false,
               "last_name": null,
               "location": null,
@@ -995,6 +1010,8 @@ def get_following(
               "first_name": null,
               "followers": 1,
               "following": 1,
+              "follows": false,
+              "is_followed_by": true,
               "is_remote": false,
               "last_name": null,
               "location": null,

From df5922a3e91cbba20dff3a9073af46463c77a7b2 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 8 Jan 2022 16:52:00 +0100
Subject: [PATCH 077/238] API - add "pending" in follow request status

---
 fittrackee/tests/users/test_users_model.py | 74 +++++++++++++++++-----
 fittrackee/users/models.py                 | 18 ++++--
 fittrackee/users/users.py                  | 32 +++++-----
 3 files changed, 88 insertions(+), 36 deletions(-)

diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index f708a12d2..cfa891fc6 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -70,8 +70,8 @@ def test_user_model_as_admin(
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
         assert 'weekm' not in serialized_user
-        assert serialized_user['follows'] is False
-        assert serialized_user['is_followed_by'] is False
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'false'
 
     def test_user_model_as_regular_user(
         self, app: Flask, user_1: User, user_2: User
@@ -92,8 +92,8 @@ def test_user_model_as_regular_user(
         assert 'language' not in serialized_user
         assert 'timezone' not in serialized_user
         assert 'weekm' not in serialized_user
-        assert serialized_user['follows'] is False
-        assert serialized_user['is_followed_by'] is False
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'false'
 
     def test_user_model_when_no_user_provided(
         self, app: Flask, user_1: User
@@ -158,14 +158,34 @@ def test_it_returns_user_1_and_user_2_dont_not_follow_each_other(
         serialized_user = user_2.serialize(user_1)
         assert serialized_user['followers'] == 0
         assert serialized_user['following'] == 0
-        assert serialized_user['follows'] == 0
-        assert serialized_user['is_followed_by'] == 0
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'false'
 
         serialized_user = user_1.serialize(user_2)
         assert serialized_user['followers'] == 0
         assert serialized_user['following'] == 0
-        assert serialized_user['follows'] == 0
-        assert serialized_user['is_followed_by'] == 0
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'false'
+
+    def test_it_returns_pending_follow_request(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+
+        serialized_user = user_2.serialize(user_1)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 'pending'
+        assert serialized_user['is_followed_by'] == 'false'
+
+        serialized_user = user_1.serialize(user_2)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'pending'
 
     def test_it_returns_user_1_is_followed_by_user_2(
         self,
@@ -180,14 +200,36 @@ def test_it_returns_user_1_is_followed_by_user_2(
         serialized_user = user_2.serialize(user_1)
         assert serialized_user['followers'] == 0
         assert serialized_user['following'] == 1
-        assert serialized_user['follows'] == 1
-        assert serialized_user['is_followed_by'] == 0
+        assert serialized_user['follows'] == 'true'
+        assert serialized_user['is_followed_by'] == 'false'
 
         serialized_user = user_1.serialize(user_2)
         assert serialized_user['followers'] == 1
         assert serialized_user['following'] == 0
-        assert serialized_user['follows'] == 0
-        assert serialized_user['is_followed_by'] == 1
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'true'
+
+    def test_it_returns_user_1_is_not_followed_by_user_2_when_followed_request_is_rejected(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        follow_request_from_user_2_to_user_1.is_approved = False
+        follow_request_from_user_2_to_user_1.updated_at = datetime.utcnow()
+
+        serialized_user = user_2.serialize(user_1)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'false'
+
+        serialized_user = user_1.serialize(user_2)
+        assert serialized_user['followers'] == 0
+        assert serialized_user['following'] == 0
+        assert serialized_user['follows'] == 'false'
+        assert serialized_user['is_followed_by'] == 'false'
 
     def test_it_returns_user_1_and_user_2_follow_each_other(
         self,
@@ -205,14 +247,14 @@ def test_it_returns_user_1_and_user_2_follow_each_other(
         serialized_user = user_2.serialize(user_1)
         assert serialized_user['followers'] == 1
         assert serialized_user['following'] == 1
-        assert serialized_user['follows'] == 1
-        assert serialized_user['is_followed_by'] == 1
+        assert serialized_user['follows'] == 'true'
+        assert serialized_user['is_followed_by'] == 'true'
 
         serialized_user = user_1.serialize(user_2)
         assert serialized_user['followers'] == 1
         assert serialized_user['following'] == 1
-        assert serialized_user['follows'] == 1
-        assert serialized_user['is_followed_by'] == 1
+        assert serialized_user['follows'] == 'true'
+        assert serialized_user['is_followed_by'] == 'true'
 
     def test_user_is_not_remote_when_federation_is_disabled(
         self, app: Flask, user_1: User
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 39b5a497b..8b37585e1 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -337,17 +337,27 @@ def rejects_follow_request_from(self, user: 'User') -> FollowRequest:
         )
         return follow_request
 
-    def is_followed_by(self, user: 'User') -> bool:
+    @staticmethod
+    def follow_request_status(follow_request: FollowRequest) -> str:
+        if follow_request is None or (
+            follow_request.updated_at and not follow_request.is_approved
+        ):
+            return 'false'
+        if follow_request.is_approved:
+            return 'true'
+        return 'pending'
+
+    def is_followed_by(self, user: 'User') -> str:
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=user.id, followed_user_id=self.id
         ).first()
-        return follow_request.is_approved if follow_request else False
+        return self.follow_request_status(follow_request)
 
-    def follows(self, user: 'User') -> bool:
+    def follows(self, user: 'User') -> str:
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=self.id, followed_user_id=user.id
         ).first()
-        return follow_request.is_approved if follow_request else False
+        return self.follow_request_status(follow_request)
 
     def get_user_url(self) -> str:
         """Return user url on user interface"""
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 34c4af94f..9c6d4587c 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -151,8 +151,8 @@ def get_users(auth_user: User) -> Dict:
               "first_name": null,
               "followers": 0,
               "following": 0,
-              "follows": false,
-              "is_followed_by": false,
+              "follows": "false",
+              "is_followed_by": "false",
               "is_remote": false,
               "last_name": null,
               "location": null,
@@ -217,8 +217,8 @@ def get_users(auth_user: User) -> Dict:
               "first_name": null,
               "followers": 0,
               "following": 0,
-              "follows": false,
-              "is_followed_by": false,
+              "follows": "false",
+              "is_followed_by": "false",
               "is_remote": false,
               "last_name": null,
               "location": null,
@@ -302,8 +302,8 @@ def get_remote_users(
               "first_name": null,
               "followers": 0,
               "following": 0,
-              "follows": false,
-              "is_followed_by": false,
+              "follows": "false",
+              "is_followed_by": "false",
               "is_remote": true,
               "last_name": null,
               "location": null,
@@ -381,8 +381,8 @@ def get_single_user(
             "first_name": null,
             "followers": 0,
             "following": 0,
-            "follows": false,
-            "is_followed_by": false,
+            "follows": "false",
+            "is_followed_by": "false",
             "is_remote": false,
             "last_name": null,
             "location": null,
@@ -460,8 +460,8 @@ def get_single_user(
             "first_name": null,
             "followers": 0,
             "following": 0,
-            "follows": false,
-            "is_followed_by": false,
+            "follows": "false",
+            "is_followed_by": "false",
             "is_remote": false,
             "last_name": null,
             "location": null,
@@ -570,8 +570,8 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
             "first_name": null,
             "followers": 0,
             "following": 0,
-            "follows": false,
-            "is_followed_by": false,
+            "follows": "false",
+            "is_followed_by": "false",
             "is_remote": false,
             "last_name": null,
             "location": null,
@@ -918,8 +918,8 @@ def get_followers(
               "first_name": null,
               "followers": 1,
               "following": 1,
-              "follows": true,
-              "is_followed_by": false,
+              "follows": "true",
+              "is_followed_by": "false",
               "is_remote": false,
               "last_name": null,
               "location": null,
@@ -1010,8 +1010,8 @@ def get_following(
               "first_name": null,
               "followers": 1,
               "following": 1,
-              "follows": false,
-              "is_followed_by": true,
+              "follows": "false",
+              "is_followed_by": "true",
               "is_remote": false,
               "last_name": null,
               "location": null,

From c42bd0f046bb34ca99588167b02e367d1ee850b6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 8 Jan 2022 20:53:36 +0100
Subject: [PATCH 078/238] API - add endpoint to unfollow (and init UNDO
 activity for ActivityPub)

---
 fittrackee/federation/activities.py           |  33 ++-
 fittrackee/federation/enums.py                |   1 +
 .../federation/test_federation_activities.py  | 100 ++++++++-
 .../federation/users/test_users_follow_api.py | 197 ++++++++++++++++++
 .../federation/users/test_users_model.py      |  27 +++
 fittrackee/tests/test_case_mixins.py          |   7 +-
 .../tests/users/test_users_follow_api.py      |  85 ++++++++
 fittrackee/tests/users/test_users_model.py    |  54 +++++
 fittrackee/users/models.py                    |  69 ++++--
 fittrackee/users/users.py                     |  78 +++++++
 10 files changed, 625 insertions(+), 26 deletions(-)

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
index f60f53f2a..bc0550b0f 100644
--- a/fittrackee/federation/activities.py
+++ b/fittrackee/federation/activities.py
@@ -23,8 +23,6 @@ def activity_name(self) -> str:
     def process_activity(self) -> None:
         pass
 
-
-class FollowBaseActivity(AbstractActivity):
     def get_actors(
         self, create_remote_actor: bool = False
     ) -> Tuple[Actor, Actor]:
@@ -42,11 +40,14 @@ def get_actors(
                     f'actor not found for {self.activity_name()}'
                 )
 
-        object_actor_activitypub_id = (
-            self.activity['object']
-            if isinstance(self.activity['object'], str)
-            else self.activity['object']['actor']
-        )
+        if isinstance(self.activity['object'], str):
+            object_actor_activitypub_id = self.activity['object']
+        else:
+            object_actor_activitypub_id = (
+                self.activity['object']['object']
+                if self.activity['type'] == 'Undo'
+                else self.activity['object']['actor']
+            )
         object_actor = Actor.query.filter_by(
             activitypub_id=object_actor_activitypub_id
         ).first()
@@ -56,6 +57,8 @@ def get_actors(
             )
         return actor, object_actor
 
+
+class FollowBaseActivity(AbstractActivity):
     @abstractmethod
     def process_activity(self) -> None:
         pass
@@ -109,3 +112,19 @@ def process_activity(self) -> None:
                 f'{self.activity_name()}: follow request already processed.'
             )
             raise e
+
+
+class UndoActivity(AbstractActivity):
+    def process_activity(self) -> None:
+        if self.activity['object']['type'] == 'Follow':
+            self.undoes_follow()
+
+    def undoes_follow(self) -> None:
+        follower_actor, followed_actor = self.get_actors()
+        try:
+            followed_actor.user.undoes_follow(follower_actor.user)
+        except NotExistingFollowRequestError as e:
+            appLog.error(
+                f'{self.activity_name()}: follow request does not exist.'
+            )
+            raise e
diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index 831188339..fa8c3c581 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -5,6 +5,7 @@ class ActivityType(Enum):
     ACCEPT = 'Accept'
     FOLLOW = 'Follow'
     REJECT = 'Reject'
+    UNDO = 'Undo'
 
 
 class ActorType(Enum):
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index 6aa85f5c4..989d6d090 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -59,7 +59,7 @@ def generate_follow_activity(
         }
 
     @staticmethod
-    def generate_accept_or_reject_activity(
+    def generate_activity_from_type(
         activity_type: ActivityType,
         follower_actor: Optional[Union[Actor, RandomActor]] = None,
         followed_actor: Optional[Union[Actor, RandomActor]] = None,
@@ -68,15 +68,22 @@ def generate_accept_or_reject_activity(
             follower_actor = RandomActor()
         if followed_actor is None:
             followed_actor = RandomActor()
+        activity_action = (
+            f'{activity_type.value.lower()}e'
+            if activity_type == ActivityType.UNDO
+            else activity_type.value.lower()
+        )
         return {
             '@context': AP_CTX,
             'id': (
                 f'{followed_actor.activitypub_id}#'
-                f'{activity_type.value.lower()}s/follow/'
+                f'{activity_action}s/follow/'
                 f'{follower_actor.fullname}'
             ),
             'type': activity_type.value,
-            'actor': followed_actor.activitypub_id,
+            'actor': follower_actor.activitypub_id
+            if activity_type == ActivityType.UNDO
+            else followed_actor.activitypub_id,
             'object': {
                 'id': (
                     f'{follower_actor.activitypub_id}#follows/'
@@ -93,7 +100,7 @@ def generate_accept_activity(
         follower_actor: Optional[Union[Actor, RandomActor]] = None,
         followed_actor: Optional[Union[Actor, RandomActor]] = None,
     ) -> Dict:
-        return self.generate_accept_or_reject_activity(
+        return self.generate_activity_from_type(
             ActivityType.ACCEPT, follower_actor, followed_actor
         )
 
@@ -102,10 +109,19 @@ def generate_reject_activity(
         follower_actor: Optional[Union[Actor, RandomActor]] = None,
         followed_actor: Optional[Union[Actor, RandomActor]] = None,
     ) -> Dict:
-        return self.generate_accept_or_reject_activity(
+        return self.generate_activity_from_type(
             ActivityType.REJECT, follower_actor, followed_actor
         )
 
+    def generate_undo_activity(
+        self,
+        follower_actor: Optional[Union[Actor, RandomActor]] = None,
+        followed_actor: Optional[Union[Actor, RandomActor]] = None,
+    ) -> Dict:
+        return self.generate_activity_from_type(
+            ActivityType.UNDO, follower_actor, followed_actor
+        )
+
 
 class TestFollowActivity(FollowRequestActivitiesTestCase):
     def test_it_raises_error_if_followed_actor_does_not_exist(
@@ -397,3 +413,77 @@ def test_it_rejects_follow_request(
 
         assert follow_request.is_approved is False
         assert follow_request.updated_at is not None
+
+
+class TestUndoActivityForFollowRequest(FollowRequestActivitiesTestCase):
+    def test_it_raises_error_if_follower_actor_does_not_exist(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        undo_activity = self.generate_undo_activity(
+            followed_actor=remote_user.actor
+        )
+        activity = get_activity_instance({'type': undo_activity['type']})(
+            activity_dict=undo_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for UndoActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_followed_actor_does_not_exist(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        undo_activity = self.generate_undo_activity(
+            follower_actor=user_1.actor
+        )
+        activity = get_activity_instance({'type': undo_activity['type']})(
+            activity_dict=undo_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for UndoActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+    ) -> None:
+        undo_activity = self.generate_undo_activity(
+            follower_actor=user_1.actor,
+            followed_actor=remote_user.actor,
+        )
+        activity = get_activity_instance({'type': undo_activity['type']})(
+            activity_dict=undo_activity
+        )
+
+        with pytest.raises(NotExistingFollowRequestError):
+            activity.process_activity()
+
+    def test_it_undoes_follow_request_regardless_its_status(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        undo_activity = self.generate_undo_activity(
+            follower_actor=user_1.actor, followed_actor=remote_user.actor
+        )
+        activity = get_activity_instance({'type': undo_activity['type']})(
+            activity_dict=undo_activity
+        )
+
+        activity.process_activity()
+
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=user_1.id,
+            followed_user_id=remote_user.id,
+        ).first()
+
+        assert follow_request is None
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index 7aacf46c2..9db38d71c 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -255,3 +255,200 @@ def test_it_calls_send_to_user_inbox(
             remote_actor=remote_actor,
             base_object=follow_request,
         )
+
+
+class TestUnfollowWithFederation(ApiTestCaseMixin):
+    """Follow user belonging to the same instance"""
+
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{random_string()}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self, app_with_federation: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'relationship does not exist'
+
+    def test_it_removes_follow_request(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == (
+            "Undo for a follow request to user "
+            f"'{user_2.username}' is sent."
+        )
+        assert user_1.following.count() == 0
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_not_called()
+
+
+class TestRemoteUnfollowWithFederation(ApiTestCaseMixin, UserInboxTestMixin):
+    """Follow user from another instance"""
+
+    def test_it_raise_error_if_remote_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{random_actor.fullname}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domain(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{random_actor.fullname}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_removes_follow_request(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_actor = remote_user.actor
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{remote_actor.fullname}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == (
+            "Undo for a follow request to user "
+            f"'{remote_actor.fullname}' is sent."
+        )
+        assert user_1.following.count() == 0
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_calls_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_actor = remote_user.actor
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        follow_request = FollowRequest.query.filter_by(
+            follower_user_id=user_1.id,
+            followed_user_id=remote_actor.user.id,
+        ).first()
+
+        client.post(
+            f'/api/users/{remote_actor.fullname}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_send_to_users_inbox_called_once(
+            send_to_users_inbox_mock,
+            local_actor=user_1.actor,
+            remote_actor=remote_actor,
+            base_object=follow_request,
+            activity_args={'undo': True},
+        )
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index d16c19f66..80d126209 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -160,3 +160,30 @@ def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(
             activity=follow_request.get_activity(),
             recipients=[remote_actor.inbox_url],
         )
+
+
+class TestUserUnfollowModelWithFederation:
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_local_actor_sends_undo_activity_to_remote_actor(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_remote_user.is_approved = True
+        follow_request_from_user_1_to_remote_user.updated_at = (
+            datetime.utcnow()
+        )
+        expected_activity = (
+            follow_request_from_user_1_to_remote_user.get_activity(undo=True)
+        )
+
+        user_1.unfollows(remote_user)
+
+        send_to_users_inbox_mock.send.assert_called_with(
+            sender_id=user_1.actor.id,
+            activity=expected_activity,
+            recipients=[remote_user.actor.inbox_url],
+        )
diff --git a/fittrackee/tests/test_case_mixins.py b/fittrackee/tests/test_case_mixins.py
index 5e077e3a3..300a4e22c 100644
--- a/fittrackee/tests/test_case_mixins.py
+++ b/fittrackee/tests/test_case_mixins.py
@@ -1,6 +1,6 @@
 import json
 import sys
-from typing import Any, Dict, List, Tuple
+from typing import Any, Dict, List, Optional, Tuple
 from unittest.mock import Mock
 
 from flask import Flask
@@ -79,6 +79,7 @@ def assert_send_to_users_inbox_called_once(
         local_actor: Actor,
         remote_actor: Actor,
         base_object: Any,
+        activity_args: Optional[Dict] = None,
     ) -> None:
         send_to_users_inbox_mock.send.assert_called_once()
         self.assert_call_args_keys_equal(
@@ -88,7 +89,9 @@ def assert_send_to_users_inbox_called_once(
         call_args = self.get_call_kwargs(send_to_users_inbox_mock.send)
         assert call_args['sender_id'] == local_actor.id
         assert call_args['recipients'] == [remote_actor.inbox_url]
-        activity = base_object.get_activity()
+        activity = base_object.get_activity(
+            {} if activity_args is None else activity_args
+        )
         del activity['id']
         self.assert_dict_contains_subset(call_args['activity'], activity)
 
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index 96773ba6c..4690d00bd 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -118,3 +118,88 @@ def test_it_does_not_call_send_to_user_inbox(
         )
 
         send_to_users_inbox_mock.send.assert_not_called()
+
+
+class TestUnfollowWithoutFederation(ApiTestCaseMixin):
+    def test_it_raises_error_if_target_user_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{random_string()}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'relationship does not exist'
+
+    def test_it_removes_follow_request(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == (
+            "Undo for a follow request to user "
+            f"'{user_2.username}' is sent."
+        )
+        assert user_1.following.count() == 0
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_user_inbox(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_users_inbox_mock.send.assert_not_called()
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index cfa891fc6..b4a17dd86 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -424,6 +424,60 @@ def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(
         assert follow_request.updated_at is not None
 
 
+class TestUserUnfollowModel:
+    def test_it_raises_error_if_follow_request_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+
+        with pytest.raises(NotExistingFollowRequestError):
+            user_1.unfollows(user_2)
+
+    def test_user_1_unfollows_user_2(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = True
+        follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
+
+        user_1.unfollows(user_2)
+
+        assert user_1.following.count() == 0
+        assert user_2.followers.count() == 0
+
+    def test_it_removes_pending_follow_request(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_1.unfollows(user_2)
+
+        assert user_1.sent_follow_requests.all() == []
+
+    @patch('fittrackee.users.models.send_to_users_inbox')
+    def test_it_does_not_call_send_to_user_inbox_when_federation_is_disabled(
+        self,
+        send_to_users_inbox_mock: Mock,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        follow_request_from_user_1_to_user_2.is_approved = True
+        follow_request_from_user_1_to_user_2.updated_at = datetime.utcnow()
+
+        user_1.unfollows(user_2)
+
+        send_to_users_inbox_mock.send.assert_not_called()
+
+
 class TestUserFollowers:
     def test_it_returns_empty_list_if_no_followers(
         self,
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 8b37585e1..143266d19 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -70,7 +70,7 @@ def serialize(self) -> Dict:
             'to_user': self.to_user.serialize(),
         }
 
-    def get_activity(self) -> Dict:
+    def get_activity(self, undo: bool = False) -> Dict:
         if not current_app.config['federation_enabled']:
             raise FederationDisabledException()
         follow_activity = {
@@ -85,20 +85,33 @@ def get_activity(self) -> Dict:
         if self.updated_at is None:
             activity = follow_activity.copy()
         else:
-            activity = {
-                'id': (
-                    f'{self.to_user.actor.activitypub_id}#'
-                    f'{"accept" if self.is_approved else "reject"}s/'
-                    f'follow/{self.from_user.actor.fullname}'
-                ),
-                'type': (
+            if undo:
+                activity = {
+                    'id': (
+                        f'{self.from_user.actor.activitypub_id}#'
+                        f'undoes/'
+                        f'follow/{self.from_user.actor.fullname}'
+                    ),
+                    'type': ActivityType.UNDO.value,
+                    'actor': self.from_user.actor.activitypub_id,
+                    'object': follow_activity,
+                }
+            else:
+                activity_type = (
                     ActivityType.ACCEPT.value
                     if self.is_approved
                     else ActivityType.REJECT.value
-                ),
-                'actor': self.to_user.actor.activitypub_id,
-                'object': follow_activity,
-            }
+                )
+                activity = {
+                    'id': (
+                        f'{self.to_user.actor.activitypub_id}#'
+                        f'{"accept" if self.is_approved else "reject"}s/'
+                        f'follow/{self.from_user.actor.fullname}'
+                    ),
+                    'type': activity_type,
+                    'actor': self.to_user.actor.activitypub_id,
+                    'object': follow_activity,
+                }
         activity['@context'] = AP_CTX
         return activity
 
@@ -302,6 +315,38 @@ def send_follow_request_to(self, target: 'User') -> FollowRequest:
 
         return follow_request
 
+    def unfollows(self, target: 'User') -> None:
+        existing_follow_request = FollowRequest.query.filter_by(
+            follower_user_id=self.id, followed_user_id=target.id
+        ).first()
+        if not existing_follow_request:
+            raise NotExistingFollowRequestError()
+
+        if current_app.config['federation_enabled']:
+            undo_activity = existing_follow_request.get_activity(undo=True)
+
+            # send Undo activity to remote followed user
+            if target.actor.is_remote:
+                send_to_users_inbox.send(
+                    sender_id=self.actor.id,
+                    activity=undo_activity,
+                    recipients=[target.actor.inbox_url],
+                )
+
+        db.session.delete(existing_follow_request)
+        db.session.commit()
+        return None
+
+    def undoes_follow(self, follower: 'User') -> None:
+        existing_follow_request = FollowRequest.query.filter_by(
+            followed_user_id=self.id, follower_user_id=follower.id
+        ).first()
+        if not existing_follow_request:
+            raise NotExistingFollowRequestError()
+        db.session.delete(existing_follow_request)
+        db.session.commit()
+        return None
+
     def _processes_follow_request_from(
         self, user: 'User', approved: bool
     ) -> FollowRequest:
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 9c6d4587c..50f51d0dd 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -32,6 +32,7 @@
 )
 from .exceptions import (
     FollowRequestAlreadyRejectedError,
+    NotExistingFollowRequestError,
     UserNotFoundException,
 )
 from .models import FollowRequest, User, UserSportPreference
@@ -836,6 +837,83 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
     return successful_response_dict
 
 
+@users_blueprint.route('/users/<user_name>/unfollow', methods=['POST'])
+@authenticate
+def unfollow_user(
+    auth_user: User, user_name: str
+) -> Union[Dict, HttpResponse]:
+    """
+    Unfollow a user.
+    If federation is enabled, it sends a Undo activity to the remote instance
+    if the targeted user is a remote user.
+
+    **Example request**:
+
+    - unfollow local user
+
+    .. sourcecode:: http
+
+      POST /api/users/john_doe/unfollow HTTP/1.1
+      Content-Type: application/json
+
+    - unfollow remote user
+
+    .. sourcecode:: http
+
+      POST /api/users/sam@remote-instance.net/unfollow HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success",
+        "message": "Undo for a follow request to user 'john_doe' is sent.",
+      }
+
+
+    :param string user_name: user name
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 403:
+        - you do not have permissions
+    :statuscode 404:
+        - user does not exist
+    :statuscode 500: error, please try again or contact the administrator
+
+    """
+    successful_response_dict = {
+        'status': 'success',
+        'message': f"Undo for a follow request to user '{user_name}' is sent.",
+    }
+
+    try:
+        target_user = get_user_from_username(user_name)
+    except (
+        ActorNotFoundException,
+        DomainNotFoundException,
+        UserNotFoundException,
+    ) as e:
+        appLog.error(f'Error when following a user: {e}')
+        return UserNotFoundErrorResponse()
+
+    try:
+        auth_user.unfollows(target_user)
+    except NotExistingFollowRequestError:
+        return NotFoundErrorResponse(message='relationship does not exist')
+    return successful_response_dict
+
+
 def get_user_relationships(
     auth_user: User, user_name: str, relation: str
 ) -> Union[Dict, HttpResponse]:

From 7add3c7c0eb606a07d3688f2c19261d5a2d12639 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 9 Jan 2022 14:23:05 +0100
Subject: [PATCH 079/238] Client - fix workouts list

---
 fittrackee_client/src/components/Workouts/WorkoutsList.vue | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fittrackee_client/src/components/Workouts/WorkoutsList.vue b/fittrackee_client/src/components/Workouts/WorkoutsList.vue
index db3ae7076..d5bf0ed0f 100644
--- a/fittrackee_client/src/components/Workouts/WorkoutsList.vue
+++ b/fittrackee_client/src/components/Workouts/WorkoutsList.vue
@@ -166,11 +166,11 @@
   import {
     ComputedRef,
     Ref,
+    capitalize,
     computed,
     ref,
     toRefs,
     watch,
-    capitalize,
     onBeforeMount,
   } from 'vue'
   import { LocationQuery, useRoute, useRouter } from 'vue-router'
@@ -182,16 +182,17 @@
   import { WORKOUTS_STORE } from '@/store/constants'
   import { IPagination } from '@/types/api'
   import { ITranslatedSport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { IWorkout, TWorkoutsPayload } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
   import { getQuery, sortList, workoutsPayloadKeys } from '@/utils/api'
   import { getDateWithTZ } from '@/utils/dates'
+  import { getSportColor, getSportLabel } from '@/utils/sports'
   import { convertDistance } from '@/utils/units'
   import { defaultOrder } from '@/utils/workouts'
 
   interface Props {
-    user: IUserProfile
+    user: IAuthUserProfile
     sports: ITranslatedSport[]
   }
   const props = defineProps<Props>()

From 6c0f867e7699ff16878e32fe4d3234cb318ed914 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 9 Jan 2022 15:21:06 +0100
Subject: [PATCH 080/238] Client - follow/unfollow a local user

---
 .../User/ProfileDisplay/UserInfos.vue         | 28 +++++-
 .../src/components/User/UserCard.vue          | 33 +++++--
 .../User/UserRelationshipActions.vue          | 90 +++++++++++++++++++
 .../src/components/Users/UsersList.vue        | 13 ++-
 fittrackee_client/src/locales/en/user.json    |  7 +-
 fittrackee_client/src/locales/fr/user.json    |  7 +-
 fittrackee_client/src/scss/base.scss          |  1 +
 fittrackee_client/src/scss/colors.scss        |  3 +-
 .../src/store/modules/users/actions.ts        | 37 +++++++-
 .../src/store/modules/users/enums.ts          |  1 +
 .../src/store/modules/users/types.ts          |  5 ++
 fittrackee_client/src/types/user.ts           |  9 ++
 12 files changed, 220 insertions(+), 14 deletions(-)
 create mode 100644 fittrackee_client/src/components/User/UserRelationshipActions.vue

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index 2703ed1da..638de07ec 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -47,16 +47,35 @@
       >
         {{ $t('user.PROFILE.EDIT') }}
       </button>
-      <button @click="$router.push('/')">{{ $t('common.HOME') }}</button>
+      <UserRelationshipActions
+        v-if="authUser?.username"
+        :authUser="authUser"
+        :user="user"
+        :fromUserInfos="true"
+      />
+      <div>
+        <button
+          @click="
+            $route.query.from === 'users' ? $router.go(-1) : $router.push('/')
+          "
+        >
+          {{
+            $t($route.query.from === 'users' ? 'buttons.BACK' : 'common.HOME')
+          }}
+        </button>
+      </div>
     </div>
+
+    <ErrorMessage :message="errorMessages" v-if="errorMessages" />
   </div>
 </template>
 
 <script setup lang="ts">
   import { format } from 'date-fns'
-  import { Ref, computed, ref, toRefs } from 'vue'
+  import { Ref, computed, ref, toRefs, ComputedRef } from 'vue'
 
-  import { USERS_STORE } from '@/store/constants'
+  import UserRelationshipActions from '@/components/User/UserRelationshipActions.vue'
+  import { ROOT_STORE, USERS_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
@@ -69,6 +88,9 @@
   const store = useStore()
 
   const { authUser, user } = toRefs(props)
+  const errorMessages: ComputedRef<string | string[] | null> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
+  )
   const registrationDate = computed(() =>
     props.user.created_at
       ? format(new Date(props.user.created_at), 'dd/MM/yyyy HH:mm')
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index 2cab26ec1..dd836be4e 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -5,30 +5,54 @@
         <UserPicture :user="user" />
         <router-link
           class="user-name"
-          :to="`/users/${user.username}?from=admin`"
+          :to="`/users/${user.username}?from=users`"
         >
           {{ user.username }}
         </router-link>
       </div>
       <UserStats :authUser="authUser" :user="user" />
     </div>
+    <UserRelationshipActions
+      :authUser="authUser"
+      :user="user"
+      :fromUserInfos="false"
+      @updatedUser="emitUser"
+    />
+    <ErrorMessage
+      :message="errorMessages"
+      v-if="errorMessages && updatedUser === user.username"
+    />
   </div>
 </template>
 
 <script setup lang="ts">
-  import { toRefs } from 'vue'
+  import { ComputedRef, computed, toRefs } from 'vue'
 
   import UserPicture from '@/components/User/UserPicture.vue'
+  import UserRelationshipActions from '@/components/User/UserRelationshipActions.vue'
   import UserStats from '@/components/User/UserStats.vue'
+  import { ROOT_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
+  import { useStore } from '@/use/useStore'
 
   interface Props {
     authUser: IAuthUserProfile
     user: IUserProfile
+    updatedUser?: string
   }
   const props = defineProps<Props>()
 
-  const { authUser, user } = toRefs(props)
+  const store = useStore()
+
+  const { authUser, updatedUser, user } = toRefs(props)
+  const errorMessages: ComputedRef<string | string[] | null> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
+  )
+  const emit = defineEmits(['updatedUserRelationship'])
+
+  function emitUser(username: string) {
+    emit('updatedUserRelationship', username)
+  }
 </script>
 
 <style lang="scss" scoped>
@@ -47,9 +71,6 @@
         margin: $default-margin 0;
         width: 50%;
 
-        .user-name {
-          //font-size: 0.8em;
-        }
         ::v-deep(.user-picture) {
           img {
             height: 70px;
diff --git a/fittrackee_client/src/components/User/UserRelationshipActions.vue b/fittrackee_client/src/components/User/UserRelationshipActions.vue
new file mode 100644
index 000000000..b5549a50b
--- /dev/null
+++ b/fittrackee_client/src/components/User/UserRelationshipActions.vue
@@ -0,0 +1,90 @@
+<template>
+  <div class="user-actions" v-if="user.username !== authUser.username">
+    <div v-if="user.is_followed_by !== 'pending'">
+      <button
+        @click="
+          updateRelationship(user.username, user.is_followed_by === 'true')
+        "
+        :class="{ danger: user.is_followed_by === 'true' }"
+      >
+        {{
+          capitalize(
+            $t(`user.${user.is_followed_by === 'true' ? 'UN' : ''}FOLLOW`)
+          )
+        }}
+      </button>
+    </div>
+    <div v-else>
+      <button @click="updateRelationship(user.username, true)">
+        {{ capitalize($t('user.CANCEL_FOLLOW_REQUEST')) }}
+      </button>
+    </div>
+    <div class="follows-you" v-if="user.follows === 'true'">
+      {{ $t('user.FOLLOWS_YOU') }}
+    </div>
+  </div>
+  <div
+    class="user-actions"
+    v-if="user.username === authUser.username && !fromUserInfos"
+  >
+    <div class="follows-you">
+      {{ $t('user.YOU') }}
+    </div>
+  </div>
+</template>
+
+<script lang="ts" setup>
+  import { capitalize, toRefs } from 'vue'
+
+  import { USERS_STORE } from '@/store/constants'
+  import { IAuthUserProfile, IUserProfile } from '@/types/user'
+  import { useStore } from '@/use/useStore'
+
+  interface Props {
+    authUser: IAuthUserProfile
+    user: IUserProfile
+    fromUserInfos: boolean
+  }
+  const props = defineProps<Props>()
+
+  const store = useStore()
+
+  const { authUser, fromUserInfos, user } = toRefs(props)
+
+  const emit = defineEmits(['updatedUser'])
+
+  function updateRelationship(username: string, following: boolean) {
+    emit('updatedUser', username)
+    store.dispatch(USERS_STORE.ACTIONS.UPDATE_RELATIONSHIP, {
+      username,
+      action: `${following ? 'un' : ''}follow`,
+      fromUserInfos: fromUserInfos.value,
+    })
+  }
+</script>
+
+<style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+
+  .user-actions {
+    display: flex;
+    justify-content: space-between;
+    align-items: flex-end;
+    min-height: 35px;
+
+    .follows-you {
+      font-size: 0.7em;
+      font-style: italic;
+      text-transform: uppercase;
+      padding: $default-padding * 0.5 $default-padding;
+      background-color: var(--text-background-color);
+      border-radius: $border-radius;
+    }
+
+    .pending {
+      border-radius: $border-radius;
+      padding: $default-padding * 0.5 $default-padding;
+      background-color: var(--text-background-color);
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/Users/UsersList.vue b/fittrackee_client/src/components/Users/UsersList.vue
index 940c89c5e..dfae121f8 100644
--- a/fittrackee_client/src/components/Users/UsersList.vue
+++ b/fittrackee_client/src/components/Users/UsersList.vue
@@ -2,7 +2,12 @@
   <div class="users-list">
     <div class="container users-container">
       <div v-for="user in users" :key="user.username" class="user-box">
-        <UserCard :authUser="authUser" :user="user" />
+        <UserCard
+          :authUser="authUser"
+          :user="user"
+          :updatedUser="updatedUser"
+          @updatedUserRelationship="storeUser"
+        />
       </div>
     </div>
     <Pagination
@@ -17,10 +22,12 @@
 <script setup lang="ts">
   import {
     ComputedRef,
+    Ref,
     computed,
     onBeforeMount,
     onUnmounted,
     reactive,
+    ref,
     toRefs,
     watch,
   } from 'vue'
@@ -54,12 +61,16 @@
   const pagination: ComputedRef<IPagination> = computed(
     () => store.getters[USERS_STORE.GETTERS.USERS_PAGINATION]
   )
+  const updatedUser: Ref<string | null> = ref(null)
 
   onBeforeMount(() => loadUsers(query))
 
   function loadUsers(queryParams: TPaginationPayload) {
     store.dispatch(USERS_STORE.ACTIONS.GET_USERS, queryParams)
   }
+  function storeUser(username: string) {
+    updatedUser.value = username
+  }
 
   onUnmounted(() => {
     store.dispatch(USERS_STORE.ACTIONS.EMPTY_USERS)
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 0cb0297be..8fa6eaf54 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -1,13 +1,16 @@
 {
   "ADMIN": "Admin",
   "ALREADY_HAVE_ACCOUNT": "Already have an account?",
+  "CANCEL_FOLLOW_REQUEST": "Cancel follow request",
   "CONFIRM_ACCOUNT_DELETION": "Are you sure you want to delete your account? All data will be deleted, this cannot be undone",
   "EMAIL": "Email",
   "ENTER_EMAIL": "Enter an email address",
   "ENTER_PASSWORD": "Enter a password",
   "ENTER_PASSWORD_CONFIRMATION": "Confirm the password",
+  "FOLLOW": "follow",
   "FOLLOWER": "follower | followers",
   "FOLLOWING": "following | following",
+  "FOLLOWS_YOU": "follows you",
   "INVALID_TOKEN": "Invalid token, please request a new password reset.",
   "LANGUAGE": "Language",
   "LOGIN": "Login",
@@ -73,8 +76,10 @@
   },
   "REGISTER": "Register",
   "REGISTER_DISABLED": "Sorry, registration is disabled.",
+  "UNFOLLOW": "unfollow",
   "RESET_PASSWORD": "Reset your password",
   "USER_PICTURE": "user picture",
   "USER": "user | users",
-  "USERNAME": "Username"
+  "USERNAME": "Username",
+  "YOU": "you"
 }
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 8f74956ad..eee9c0c92 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -1,13 +1,16 @@
 {
   "ADMIN": "Admin",
   "ALREADY_HAVE_ACCOUNT": "Vous avez déjà un compte ?",
+  "CANCEL_FOLLOW_REQUEST": "Annuler la demande",
   "CONFIRM_ACCOUNT_DELETION": "Etes-vous sûr de vouloir supprimer votre compte ? Toutes les données seront définitivement effacés.",
   "EMAIL": "Email",
   "ENTER_EMAIL": "Saisir une adresse email",
   "ENTER_PASSWORD": "Saisir un mot de passe",
   "ENTER_PASSWORD_CONFIRMATION": "Confirmer le mot de passe",
+  "FOLLOW": "s'abonner",
   "FOLLOWER": "abonné | abonnés",
   "FOLLOWING": "abonnement | abonnements",
+  "FOLLOWS_YOU": "vous suit",
   "INVALID_TOKEN": "Jeton invalide, veullez demander une nouvelle réinitialisation de mot de passe.",
   "LANGUAGE": "Langue",
   "LOGIN": "Se connecter",
@@ -74,7 +77,9 @@
   "REGISTER": "S'inscrire",
   "REGISTER_DISABLED": "Désolé, les inscriptions sont désactivées.",
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
+  "UNFOLLOW": "se désabonner",
   "USER": "utilisateur | utilisateurs",
   "USER_PICTURE": "photo de l'utilisateur",
-  "USERNAME": "Nom d'utilisateur"
+  "USERNAME": "Nom d'utilisateur",
+  "YOU": "vous"
 }
diff --git a/fittrackee_client/src/scss/base.scss b/fittrackee_client/src/scss/base.scss
index d7c2e7f2c..ba7aae9f7 100644
--- a/fittrackee_client/src/scss/base.scss
+++ b/fittrackee_client/src/scss/base.scss
@@ -343,6 +343,7 @@ button {
 
 .profile-buttons {
   display: flex;
+  align-items: baseline;
   gap: $default-padding;
 }
 
diff --git a/fittrackee_client/src/scss/colors.scss b/fittrackee_client/src/scss/colors.scss
index d1349bdb9..d7a0f493b 100644
--- a/fittrackee_client/src/scss/colors.scss
+++ b/fittrackee_client/src/scss/colors.scss
@@ -66,6 +66,7 @@
   --cell-heading-bg-color: #eeeeee;
   --cell-heading-color: #696969;
 
-  --svg-filter: drop-shadow(10px 10px 10px var(--app-shadow-color))
+  --svg-filter: drop-shadow(10px 10px 10px var(--app-shadow-color));
 
+  --text-background-color: rgb(114, 114, 114, 0.1);
 }
\ No newline at end of file
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index 8a61be437..d0aaba80e 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -7,7 +7,11 @@ import { IAuthUserState } from '@/store/modules/authUser/types'
 import { IRootState } from '@/store/modules/root/types'
 import { IUsersActions, IUsersState } from '@/store/modules/users/types'
 import { TPaginationPayload } from '@/types/api'
-import { IAdminUserPayload, IUserDeletionPayload } from '@/types/user'
+import {
+  IAdminUserPayload,
+  IUserDeletionPayload,
+  IUserRelationshipPayload,
+} from '@/types/user'
 import { handleError } from '@/utils'
 
 export const deleteUserAccount = (
@@ -121,6 +125,37 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
         context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, false)
       )
   },
+  [USERS_STORE.ACTIONS.UPDATE_RELATIONSHIP](
+    context: ActionContext<IUsersState, IRootState>,
+    payload: IUserRelationshipPayload
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
+    authApi
+      .post(`users/${payload.username}/${payload.action}`)
+      .then((res) => {
+        if (res.data.status === 'success') {
+          authApi.get(`users/${payload.username}`).then((res) => {
+            if (res.data.status === 'success') {
+              context.commit(
+                payload.fromUserInfos
+                  ? USERS_STORE.MUTATIONS.UPDATE_USER
+                  : USERS_STORE.MUTATIONS.UPDATE_USER_IN_USERS,
+                res.data.data.users[0]
+              )
+            } else {
+              handleError(context, null)
+            }
+          })
+        } else {
+          handleError(context, null)
+        }
+      })
+      .catch((error) => handleError(context, error))
+      .finally(() =>
+        context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, false)
+      )
+  },
   [USERS_STORE.ACTIONS.DELETE_USER_ACCOUNT](
     context: ActionContext<IUsersState, IRootState>,
     payload: IUserDeletionPayload
diff --git a/fittrackee_client/src/store/modules/users/enums.ts b/fittrackee_client/src/store/modules/users/enums.ts
index 2a870f0a4..f4834b766 100644
--- a/fittrackee_client/src/store/modules/users/enums.ts
+++ b/fittrackee_client/src/store/modules/users/enums.ts
@@ -5,6 +5,7 @@ export enum UsersActions {
   GET_USERS = 'GET_USERS',
   UPDATE_USER = 'UPDATE_USER',
   DELETE_USER_ACCOUNT = 'DELETE_USER_ACCOUNT',
+  UPDATE_RELATIONSHIP = 'UPDATE_RELATIONSHIP',
 }
 
 export enum UsersGetters {
diff --git a/fittrackee_client/src/store/modules/users/types.ts b/fittrackee_client/src/store/modules/users/types.ts
index 79c0088fd..9283d564f 100644
--- a/fittrackee_client/src/store/modules/users/types.ts
+++ b/fittrackee_client/src/store/modules/users/types.ts
@@ -12,6 +12,7 @@ import {
   IAdminUserPayload,
   IUserDeletionPayload,
   IUserProfile,
+  IUserRelationshipPayload,
 } from '@/types/user'
 
 export interface IUsersState {
@@ -40,6 +41,10 @@ export interface IUsersActions {
     context: ActionContext<IUsersState, IRootState>,
     payload: IAdminUserPayload
   ): void
+  [USERS_STORE.ACTIONS.UPDATE_RELATIONSHIP](
+    context: ActionContext<IUsersState, IRootState>,
+    payload: IUserRelationshipPayload
+  ): void
   [USERS_STORE.ACTIONS.DELETE_USER_ACCOUNT](
     context: ActionContext<IUsersState, IRootState>,
     payload: IUserDeletionPayload
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index dff1840e1..b3c2a642d 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -3,6 +3,7 @@ import { LocationQueryValue } from 'vue-router'
 import { IRecord } from '@/types/workouts'
 
 export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
+export type TRelationships = 'follow' | 'unfollow'
 
 export interface IUserProfile {
   admin: boolean
@@ -13,6 +14,8 @@ export interface IUserProfile {
   first_name: string | null
   followers: IUserProfile[]
   following: IUserProfile[]
+  follows: string
+  is_followed_by: string
   last_name: string | null
   location: string | null
   map_visibility: TPrivacyLevels
@@ -55,6 +58,12 @@ export interface IAdminUserPayload {
   admin: boolean
 }
 
+export interface IUserRelationshipPayload {
+  username: string
+  action: TRelationships
+  fromUserInfos: boolean
+}
+
 export interface IUserPreferencesPayload {
   imperial_units: boolean
   language: string

From f13599cbed83555b83799cb8f0f87b9fcf09c84f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 9 Jan 2022 18:41:23 +0100
Subject: [PATCH 081/238] API - filtering on user name is case insensitive

---
 fittrackee/tests/users/test_users_api.py | 21 +++++++++++++++++++++
 fittrackee/users/users.py                |  2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 99974c010..d343b3a2f 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -856,6 +856,27 @@ def test_it_gets_users_list_filtering_on_username(
             'total': 1,
         }
 
+    def test_filtering_on_username_is_case_insensitive(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?q=TOTO',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        assert 'toto' in data['data']['users'][0]['username']
+
     def test_it_returns_empty_users_list_filtering_on_username(
         self, app: Flask, user_1_admin: User, user_2: User, user_3: User
     ) -> None:
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 50f51d0dd..cacffb4f3 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -65,7 +65,7 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
     query = params.get('q')
     users_pagination = (
         User.query.filter(
-            User.username.like('%' + query + '%') if query else True,
+            User.username.ilike('%' + query + '%') if query else True,
             User.is_remote == remote,
         )
         .order_by(

From 35ee2d11cf23fe4481d1d563273b9565f091a792 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 9 Jan 2022 19:33:27 +0100
Subject: [PATCH 082/238] Client - search local users

---
 .../components/Administration/AdminUsers.vue  |  4 +-
 .../src/components/Users/UsersFilters.vue     | 96 +++++++++++++++++++
 .../src/components/Users/UsersList.vue        | 38 ++++++--
 .../src/store/modules/users/actions.ts        |  4 +-
 .../src/store/modules/users/types.ts          |  5 +-
 fittrackee_client/src/types/user.ts           |  5 +
 6 files changed, 137 insertions(+), 15 deletions(-)
 create mode 100644 fittrackee_client/src/components/Users/UsersFilters.vue

diff --git a/fittrackee_client/src/components/Administration/AdminUsers.vue b/fittrackee_client/src/components/Administration/AdminUsers.vue
index 4e7d8cc88..4fe3d1ce2 100644
--- a/fittrackee_client/src/components/Administration/AdminUsers.vue
+++ b/fittrackee_client/src/components/Administration/AdminUsers.vue
@@ -133,7 +133,7 @@
   import UserPicture from '@/components/User/UserPicture.vue'
   import { AUTH_USER_STORE, ROOT_STORE, USERS_STORE } from '@/store/constants'
   import { IPagination, TPaginationPayload } from '@/types/api'
-  import { IUserProfile } from '@/types/user'
+  import { IUserProfile, TUsersPayload } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { getQuery, sortList } from '@/utils/api'
   import { getDateWithTZ } from '@/utils/dates'
@@ -167,7 +167,7 @@
 
   onBeforeMount(() => loadUsers(query))
 
-  function loadUsers(queryParams: TPaginationPayload) {
+  function loadUsers(queryParams: TUsersPayload) {
     store.dispatch(USERS_STORE.ACTIONS.GET_USERS, queryParams)
   }
   function updateUser(username: string, admin: boolean) {
diff --git a/fittrackee_client/src/components/Users/UsersFilters.vue b/fittrackee_client/src/components/Users/UsersFilters.vue
new file mode 100644
index 000000000..bf7ffc46c
--- /dev/null
+++ b/fittrackee_client/src/components/Users/UsersFilters.vue
@@ -0,0 +1,96 @@
+<template>
+  <div class="users-filters">
+    <div class="search-username">
+      <input id="username" name="username" v-model="username" />
+      <i
+        v-if="username !== ''"
+        class="fa fa-times position-absolute"
+        aria-hidden="true"
+        @click="resetFilter"
+      />
+    </div>
+    <i
+      class="fa fa-search"
+      :class="{ 'fa-disabled': username === '' }"
+      aria-hidden="true"
+      @click="searchUsers"
+    />
+  </div>
+</template>
+
+<script lang="ts" setup>
+  import { ref } from 'vue'
+  import { useRoute } from 'vue-router'
+
+  const route = useRoute()
+  const username = ref(route.query.q ? route.query.q : '')
+
+  const emit = defineEmits(['filterOnUsername'])
+  function searchUsers() {
+    if (username.value !== '') {
+      emit('filterOnUsername', username)
+    }
+  }
+  function resetFilter() {
+    username.value = ''
+    emit('filterOnUsername', username.value)
+  }
+</script>
+
+<style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+
+  .users-filters {
+    display: flex;
+    align-items: center;
+    padding: $default-padding;
+    gap: $default-padding;
+    position: relative;
+
+    .fa {
+      font-size: 1.5em;
+    }
+    .fa-disabled {
+      color: var(--disabled-color);
+    }
+
+    .search-username {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      gap: $default-padding;
+
+      border: solid 1px var(--card-border-color);
+      border-radius: $border-radius;
+      color: var(--info-color);
+      width: 45%;
+
+      input {
+        border: none;
+        height: 12px;
+        width: 90%;
+      }
+      input:focus {
+        outline: none;
+      }
+      .fa-times {
+        padding-right: 10px;
+      }
+    }
+  }
+
+  @media screen and (max-width: $small-limit) {
+    .users-filters {
+      .search-username {
+        width: 400px;
+      }
+    }
+  }
+  @media screen and (max-width: $x-small-limit) {
+    .users-filters {
+      .search-username {
+        width: 90%;
+      }
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/Users/UsersList.vue b/fittrackee_client/src/components/Users/UsersList.vue
index dfae121f8..208d553e2 100644
--- a/fittrackee_client/src/components/Users/UsersList.vue
+++ b/fittrackee_client/src/components/Users/UsersList.vue
@@ -1,5 +1,6 @@
 <template>
   <div class="users-list">
+    <UsersFilters @filterOnUsername="searchUsers" />
     <div class="container users-container">
       <div v-for="user in users" :key="user.username" class="user-box">
         <UserCard
@@ -26,18 +27,18 @@
     computed,
     onBeforeMount,
     onUnmounted,
-    reactive,
     ref,
     toRefs,
     watch,
   } from 'vue'
-  import { LocationQuery, useRoute } from 'vue-router'
+  import { LocationQuery, useRoute, useRouter } from 'vue-router'
 
   import Pagination from '@/components/Common/Pagination.vue'
   import UserCard from '@/components/User/UserCard.vue'
+  import UsersFilters from '@/components/Users/UsersFilters.vue'
   import { USERS_STORE } from '@/store/constants'
-  import { IPagination, TPaginationPayload } from '@/types/api'
-  import { IAuthUserProfile, IUserProfile } from '@/types/user'
+  import { IPagination } from '@/types/api'
+  import { IAuthUserProfile, IUserProfile, TUsersPayload } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { getQuery } from '@/utils/api'
 
@@ -48,13 +49,12 @@
 
   const store = useStore()
   const route = useRoute()
+  const router = useRouter()
 
   const { authUser } = toRefs(props)
   const orderByList: string[] = ['created_at', 'username', 'workouts_count']
   const defaultOrderBy = 'created_at'
-  let query: TPaginationPayload = reactive(
-    getQuery(route.query, orderByList, defaultOrderBy)
-  )
+  let query: TUsersPayload = getUsersQuery(route.query)
   const users: ComputedRef<IUserProfile[]> = computed(
     () => store.getters[USERS_STORE.GETTERS.USERS]
   )
@@ -65,12 +65,32 @@
 
   onBeforeMount(() => loadUsers(query))
 
-  function loadUsers(queryParams: TPaginationPayload) {
+  function loadUsers(queryParams: TUsersPayload) {
+    queryParams.per_page = 9
     store.dispatch(USERS_STORE.ACTIONS.GET_USERS, queryParams)
   }
   function storeUser(username: string) {
     updatedUser.value = username
   }
+  function searchUsers(username: Ref<string>) {
+    if (username.value !== '') {
+      query = { q: username.value }
+    } else {
+      const newQuery: LocationQuery = Object.assign({}, route.query)
+      query = getUsersQuery(newQuery)
+    }
+    router.push({ path: '/users', query })
+  }
+
+  function getUsersQuery(newQuery: LocationQuery): TUsersPayload {
+    query = getQuery(newQuery, orderByList, defaultOrderBy)
+    if (newQuery.q) {
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      query.q = newQuery.q
+    }
+    return query
+  }
 
   onUnmounted(() => {
     store.dispatch(USERS_STORE.ACTIONS.EMPTY_USERS)
@@ -79,7 +99,7 @@
   watch(
     () => route.query,
     (newQuery: LocationQuery) => {
-      query = getQuery(newQuery, orderByList, defaultOrderBy, { query })
+      query = getUsersQuery(newQuery)
       loadUsers(query)
     }
   )
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index d0aaba80e..1269bb66f 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -6,11 +6,11 @@ import { AUTH_USER_STORE, ROOT_STORE, USERS_STORE } from '@/store/constants'
 import { IAuthUserState } from '@/store/modules/authUser/types'
 import { IRootState } from '@/store/modules/root/types'
 import { IUsersActions, IUsersState } from '@/store/modules/users/types'
-import { TPaginationPayload } from '@/types/api'
 import {
   IAdminUserPayload,
   IUserDeletionPayload,
   IUserRelationshipPayload,
+  TUsersPayload,
 } from '@/types/user'
 import { handleError } from '@/utils'
 
@@ -78,7 +78,7 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
   },
   [USERS_STORE.ACTIONS.GET_USERS](
     context: ActionContext<IUsersState, IRootState>,
-    payload: TPaginationPayload
+    payload: TUsersPayload
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
diff --git a/fittrackee_client/src/store/modules/users/types.ts b/fittrackee_client/src/store/modules/users/types.ts
index 9283d564f..b84a7d610 100644
--- a/fittrackee_client/src/store/modules/users/types.ts
+++ b/fittrackee_client/src/store/modules/users/types.ts
@@ -7,12 +7,13 @@ import {
 
 import { USERS_STORE } from '@/store/constants'
 import { IRootState } from '@/store/modules/root/types'
-import { IPagination, TPaginationPayload } from '@/types/api'
+import { IPagination } from '@/types/api'
 import {
   IAdminUserPayload,
   IUserDeletionPayload,
   IUserProfile,
   IUserRelationshipPayload,
+  TUsersPayload,
 } from '@/types/user'
 
 export interface IUsersState {
@@ -35,7 +36,7 @@ export interface IUsersActions {
   ): void
   [USERS_STORE.ACTIONS.GET_USERS](
     context: ActionContext<IUsersState, IRootState>,
-    payload: TPaginationPayload
+    payload: TUsersPayload
   ): void
   [USERS_STORE.ACTIONS.UPDATE_USER](
     context: ActionContext<IUsersState, IRootState>,
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index b3c2a642d..c55fdef3c 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -1,5 +1,6 @@
 import { LocationQueryValue } from 'vue-router'
 
+import { TPaginationPayload } from '@/types/api'
 import { IRecord } from '@/types/workouts'
 
 export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
@@ -111,3 +112,7 @@ export interface ILoginOrRegisterData {
   formData: ILoginRegisterFormData
   redirectUrl?: string | null | LocationQueryValue[]
 }
+
+export type TUsersPayload = TPaginationPayload & {
+  q?: string
+}

From 75ff36ab7befcf5d8ee49f4c1fdadd3aea09a2d9 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 12 Jan 2022 17:28:53 +0100
Subject: [PATCH 083/238] Client - update authenticated user profile on
 relationship update

---
 fittrackee_client/src/components/Users/UsersFilters.vue | 7 ++++++-
 fittrackee_client/src/store/modules/users/actions.ts    | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/fittrackee_client/src/components/Users/UsersFilters.vue b/fittrackee_client/src/components/Users/UsersFilters.vue
index bf7ffc46c..d88a4cbfc 100644
--- a/fittrackee_client/src/components/Users/UsersFilters.vue
+++ b/fittrackee_client/src/components/Users/UsersFilters.vue
@@ -1,7 +1,12 @@
 <template>
   <div class="users-filters">
     <div class="search-username">
-      <input id="username" name="username" v-model="username" />
+      <input
+        id="username"
+        name="username"
+        v-model="username"
+        @keyup.enter="searchUsers"
+      />
       <i
         v-if="username !== ''"
         class="fa fa-times position-absolute"
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index 1269bb66f..048a8261a 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -143,6 +143,7 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
                   : USERS_STORE.MUTATIONS.UPDATE_USER_IN_USERS,
                 res.data.data.users[0]
               )
+              context.dispatch(AUTH_USER_STORE.ACTIONS.GET_USER_PROFILE)
             } else {
               handleError(context, null)
             }

From 9e5a3da4543609f4552db3656606f8b5dc63e939 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 12 Jan 2022 17:53:00 +0100
Subject: [PATCH 084/238] Client - minor refactoring

---
 .../components/User/UserRelationshipActions.vue    | 10 +++++++---
 .../src/components/User/UserStats.vue              |  4 ++--
 fittrackee_client/src/locales/en/user.json         | 14 ++++++++------
 fittrackee_client/src/locales/fr/user.json         | 14 ++++++++------
 .../src/store/modules/users/actions.ts             |  4 ++--
 fittrackee_client/src/store/modules/users/types.ts |  4 ++--
 fittrackee_client/src/types/user.ts                |  6 +++---
 7 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/fittrackee_client/src/components/User/UserRelationshipActions.vue b/fittrackee_client/src/components/User/UserRelationshipActions.vue
index b5549a50b..8ff418de1 100644
--- a/fittrackee_client/src/components/User/UserRelationshipActions.vue
+++ b/fittrackee_client/src/components/User/UserRelationshipActions.vue
@@ -9,18 +9,22 @@
       >
         {{
           capitalize(
-            $t(`user.${user.is_followed_by === 'true' ? 'UN' : ''}FOLLOW`)
+            $t(
+              `user.RELATIONSHIPS.${
+                user.is_followed_by === 'true' ? 'UN' : ''
+              }FOLLOW`
+            )
           )
         }}
       </button>
     </div>
     <div v-else>
       <button @click="updateRelationship(user.username, true)">
-        {{ capitalize($t('user.CANCEL_FOLLOW_REQUEST')) }}
+        {{ capitalize($t('user.RELATIONSHIPS.CANCEL_FOLLOW_REQUEST')) }}
       </button>
     </div>
     <div class="follows-you" v-if="user.follows === 'true'">
-      {{ $t('user.FOLLOWS_YOU') }}
+      {{ $t('user.RELATIONSHIPS.FOLLOWS_YOU') }}
     </div>
   </div>
   <div
diff --git a/fittrackee_client/src/components/User/UserStats.vue b/fittrackee_client/src/components/User/UserStats.vue
index 09162aefd..0f3c10ee2 100644
--- a/fittrackee_client/src/components/User/UserStats.vue
+++ b/fittrackee_client/src/components/User/UserStats.vue
@@ -27,13 +27,13 @@
     <div class="user-stat">
       <span class="stat-number">{{ user.following }}</span>
       <span class="stat-label">
-        {{ $t('user.FOLLOWING', user.following) }}
+        {{ $t('user.RELATIONSHIPS.FOLLOWING', user.following) }}
       </span>
     </div>
     <div class="user-stat">
       <span class="stat-number">{{ user.followers }}</span>
       <span class="stat-label">
-        {{ $t('user.FOLLOWER', user.followers) }}
+        {{ $t('user.RELATIONSHIPS.FOLLOWER', user.followers) }}
       </span>
     </div>
   </div>
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 8fa6eaf54..11030d313 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -1,16 +1,11 @@
 {
   "ADMIN": "Admin",
   "ALREADY_HAVE_ACCOUNT": "Already have an account?",
-  "CANCEL_FOLLOW_REQUEST": "Cancel follow request",
   "CONFIRM_ACCOUNT_DELETION": "Are you sure you want to delete your account? All data will be deleted, this cannot be undone",
   "EMAIL": "Email",
   "ENTER_EMAIL": "Enter an email address",
   "ENTER_PASSWORD": "Enter a password",
   "ENTER_PASSWORD_CONFIRMATION": "Confirm the password",
-  "FOLLOW": "follow",
-  "FOLLOWER": "follower | followers",
-  "FOLLOWING": "following | following",
-  "FOLLOWS_YOU": "follows you",
   "INVALID_TOKEN": "Invalid token, please request a new password reset.",
   "LANGUAGE": "Language",
   "LOGIN": "Login",
@@ -76,7 +71,14 @@
   },
   "REGISTER": "Register",
   "REGISTER_DISABLED": "Sorry, registration is disabled.",
-  "UNFOLLOW": "unfollow",
+  "RELATIONSHIPS": {
+    "CANCEL_FOLLOW_REQUEST": "Cancel follow request",
+    "FOLLOW": "follow",
+    "FOLLOWER": "follower | followers",
+    "FOLLOWING": "following | following",
+    "FOLLOWS_YOU": "follows you",
+    "UNFOLLOW": "unfollow"
+  },
   "RESET_PASSWORD": "Reset your password",
   "USER_PICTURE": "user picture",
   "USER": "user | users",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index eee9c0c92..8daf619f9 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -1,16 +1,11 @@
 {
   "ADMIN": "Admin",
   "ALREADY_HAVE_ACCOUNT": "Vous avez déjà un compte ?",
-  "CANCEL_FOLLOW_REQUEST": "Annuler la demande",
   "CONFIRM_ACCOUNT_DELETION": "Etes-vous sûr de vouloir supprimer votre compte ? Toutes les données seront définitivement effacés.",
   "EMAIL": "Email",
   "ENTER_EMAIL": "Saisir une adresse email",
   "ENTER_PASSWORD": "Saisir un mot de passe",
   "ENTER_PASSWORD_CONFIRMATION": "Confirmer le mot de passe",
-  "FOLLOW": "s'abonner",
-  "FOLLOWER": "abonné | abonnés",
-  "FOLLOWING": "abonnement | abonnements",
-  "FOLLOWS_YOU": "vous suit",
   "INVALID_TOKEN": "Jeton invalide, veullez demander une nouvelle réinitialisation de mot de passe.",
   "LANGUAGE": "Langue",
   "LOGIN": "Se connecter",
@@ -76,8 +71,15 @@
   },
   "REGISTER": "S'inscrire",
   "REGISTER_DISABLED": "Désolé, les inscriptions sont désactivées.",
+  "RELATIONSHIPS": {
+    "CANCEL_FOLLOW_REQUEST": "Annuler la demande",
+    "FOLLOW": "s'abonner",
+    "FOLLOWER": "abonné | abonnés",
+    "FOLLOWING": "abonnement | abonnements",
+    "FOLLOWS_YOU": "vous suit",
+    "UNFOLLOW": "se désabonner"
+  },
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
-  "UNFOLLOW": "se désabonner",
   "USER": "utilisateur | utilisateurs",
   "USER_PICTURE": "photo de l'utilisateur",
   "USERNAME": "Nom d'utilisateur",
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index 048a8261a..25b89e808 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -9,7 +9,7 @@ import { IUsersActions, IUsersState } from '@/store/modules/users/types'
 import {
   IAdminUserPayload,
   IUserDeletionPayload,
-  IUserRelationshipPayload,
+  IUserRelationshipActionPayload,
   TUsersPayload,
 } from '@/types/user'
 import { handleError } from '@/utils'
@@ -127,7 +127,7 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
   },
   [USERS_STORE.ACTIONS.UPDATE_RELATIONSHIP](
     context: ActionContext<IUsersState, IRootState>,
-    payload: IUserRelationshipPayload
+    payload: IUserRelationshipActionPayload
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
diff --git a/fittrackee_client/src/store/modules/users/types.ts b/fittrackee_client/src/store/modules/users/types.ts
index b84a7d610..d59c24a3d 100644
--- a/fittrackee_client/src/store/modules/users/types.ts
+++ b/fittrackee_client/src/store/modules/users/types.ts
@@ -12,7 +12,7 @@ import {
   IAdminUserPayload,
   IUserDeletionPayload,
   IUserProfile,
-  IUserRelationshipPayload,
+  IUserRelationshipActionPayload,
   TUsersPayload,
 } from '@/types/user'
 
@@ -44,7 +44,7 @@ export interface IUsersActions {
   ): void
   [USERS_STORE.ACTIONS.UPDATE_RELATIONSHIP](
     context: ActionContext<IUsersState, IRootState>,
-    payload: IUserRelationshipPayload
+    payload: IUserRelationshipActionPayload
   ): void
   [USERS_STORE.ACTIONS.DELETE_USER_ACCOUNT](
     context: ActionContext<IUsersState, IRootState>,
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index c55fdef3c..ab647eb9c 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -4,7 +4,7 @@ import { TPaginationPayload } from '@/types/api'
 import { IRecord } from '@/types/workouts'
 
 export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
-export type TRelationships = 'follow' | 'unfollow'
+export type TRelationshipAction = 'follow' | 'unfollow'
 
 export interface IUserProfile {
   admin: boolean
@@ -59,9 +59,9 @@ export interface IAdminUserPayload {
   admin: boolean
 }
 
-export interface IUserRelationshipPayload {
+export interface IUserRelationshipActionPayload {
   username: string
-  action: TRelationships
+  action: TRelationshipAction
   fromUserInfos: boolean
 }
 

From 42360224347478774df7d3faea47144401472fc0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 12 Jan 2022 19:42:58 +0100
Subject: [PATCH 085/238] Client - init followers/following list display

---
 .../User/ProfileDisplay/UserInfos.vue         |   2 +-
 .../components/User/ProfileDisplay/index.vue  |   7 +-
 .../src/components/User/UserCard.vue          |   5 +-
 .../User/UserRelationshipActions.vue          |   8 +-
 .../src/components/User/UserRelationships.vue | 134 ++++++++++++++++++
 .../src/components/User/UserStats.vue         |  22 ++-
 fittrackee_client/src/locales/en/user.json    |   2 +
 fittrackee_client/src/locales/fr/user.json    |   2 +
 fittrackee_client/src/router/index.ts         |  27 ++++
 .../src/store/modules/users/actions.ts        |  43 +++++-
 .../src/store/modules/users/enums.ts          |   5 +
 .../src/store/modules/users/getters.ts        |   3 +
 .../src/store/modules/users/mutations.ts      |  17 +++
 .../src/store/modules/users/state.ts          |   1 +
 .../src/store/modules/users/types.ts          |  18 +++
 fittrackee_client/src/types/user.ts           |  10 +-
 fittrackee_client/src/views/user/UserView.vue |  36 ++++-
 17 files changed, 324 insertions(+), 18 deletions(-)
 create mode 100644 fittrackee_client/src/components/User/UserRelationships.vue

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index 638de07ec..4d2973ca8 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -51,7 +51,7 @@
         v-if="authUser?.username"
         :authUser="authUser"
         :user="user"
-        :fromUserInfos="true"
+        from="userInfos"
       />
       <div>
         <button
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/index.vue b/fittrackee_client/src/components/User/ProfileDisplay/index.vue
index 63da634db..8a2dd2993 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/index.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/index.vue
@@ -2,7 +2,12 @@
   <div id="user-profile">
     <UserHeader :user="user" />
     <div class="box">
-      <UserProfileTabs :tabs="tabs" :selectedTab="tab" :edition="false" />
+      <UserProfileTabs
+        v-if="tab in tabs"
+        :tabs="tabs"
+        :selectedTab="tab"
+        :edition="false"
+      />
       <router-view :user="user"></router-view>
     </div>
   </div>
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index dd836be4e..00a6fdf02 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -15,7 +15,7 @@
     <UserRelationshipActions
       :authUser="authUser"
       :user="user"
-      :fromUserInfos="false"
+      :from="from ? from : 'userCard'"
       @updatedUser="emitUser"
     />
     <ErrorMessage
@@ -39,11 +39,14 @@
     authUser: IAuthUserProfile
     user: IUserProfile
     updatedUser?: string
+    from?: string
   }
   const props = defineProps<Props>()
 
   const store = useStore()
 
+  const { from } = toRefs(props)
+
   const { authUser, updatedUser, user } = toRefs(props)
   const errorMessages: ComputedRef<string | string[] | null> = computed(
     () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
diff --git a/fittrackee_client/src/components/User/UserRelationshipActions.vue b/fittrackee_client/src/components/User/UserRelationshipActions.vue
index 8ff418de1..57a04a0a0 100644
--- a/fittrackee_client/src/components/User/UserRelationshipActions.vue
+++ b/fittrackee_client/src/components/User/UserRelationshipActions.vue
@@ -29,7 +29,7 @@
   </div>
   <div
     class="user-actions"
-    v-if="user.username === authUser.username && !fromUserInfos"
+    v-if="user.username === authUser.username && from !== 'userInfos'"
   >
     <div class="follows-you">
       {{ $t('user.YOU') }}
@@ -47,13 +47,13 @@
   interface Props {
     authUser: IAuthUserProfile
     user: IUserProfile
-    fromUserInfos: boolean
+    from: string
   }
   const props = defineProps<Props>()
 
   const store = useStore()
 
-  const { authUser, fromUserInfos, user } = toRefs(props)
+  const { authUser, from, user } = toRefs(props)
 
   const emit = defineEmits(['updatedUser'])
 
@@ -62,7 +62,7 @@
     store.dispatch(USERS_STORE.ACTIONS.UPDATE_RELATIONSHIP, {
       username,
       action: `${following ? 'un' : ''}follow`,
-      fromUserInfos: fromUserInfos.value,
+      from: from.value,
     })
   }
 </script>
diff --git a/fittrackee_client/src/components/User/UserRelationships.vue b/fittrackee_client/src/components/User/UserRelationships.vue
new file mode 100644
index 000000000..f4ae52696
--- /dev/null
+++ b/fittrackee_client/src/components/User/UserRelationships.vue
@@ -0,0 +1,134 @@
+<template>
+  <div class="relationships">
+    <div v-if="relationships.length > 0">
+      <div class="user-relationships">
+        <UserCard
+          v-for="user in relationships"
+          :key="user.username"
+          :authUser="authUser"
+          :user="user"
+          from="relationship"
+        />
+      </div>
+      <Pagination
+        :path="`/profile/${relationship}`"
+        :pagination="pagination"
+        :query="{}"
+      />
+    </div>
+    <p v-else class="no-relationships">
+      {{ $t(`user.RELATIONSHIPS.NO_${relationship.toUpperCase()}`) }}
+    </p>
+  </div>
+</template>
+
+<script lang="ts" setup>
+  import {
+    ComputedRef,
+    computed,
+    onBeforeMount,
+    watch,
+    onUnmounted,
+    toRefs,
+  } from 'vue'
+  import { LocationQuery, useRoute } from 'vue-router'
+
+  import Pagination from '@/components/Common/Pagination.vue'
+  import UserCard from '@/components/User/UserCard.vue'
+  import { AUTH_USER_STORE, USERS_STORE } from '@/store/constants'
+  import { IPagination } from '@/types/api'
+  import {
+    IUserProfile,
+    IUserRelationshipsPayload,
+    TRelationships,
+  } from '@/types/user'
+  import { useStore } from '@/use/useStore'
+
+  interface Props {
+    user: IUserProfile
+    relationship: TRelationships
+  }
+  const props = defineProps<Props>()
+
+  const store = useStore()
+  const route = useRoute()
+
+  const { relationship, user } = toRefs(props)
+  const payload: IUserRelationshipsPayload = {
+    username: user.value.username,
+    relationship: relationship.value,
+    page: 1,
+  }
+  const authUser: ComputedRef<IUserProfile> = computed(
+    () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
+  )
+  const relationships: ComputedRef<IUserProfile[]> = computed(
+    () => store.getters[USERS_STORE.GETTERS.USER_RELATIONSHIPS]
+  )
+  const pagination: ComputedRef<IPagination> = computed(
+    () => store.getters[USERS_STORE.GETTERS.USERS_PAGINATION]
+  )
+
+  onBeforeMount(() => loadRelationships(payload))
+
+  function loadRelationships(payload: IUserRelationshipsPayload) {
+    store.dispatch(USERS_STORE.ACTIONS.GET_RELATIONSHIPS, payload)
+  }
+
+  onUnmounted(() => {
+    store.dispatch(USERS_STORE.ACTIONS.EMPTY_RELATIONSHIPS)
+  })
+
+  watch(
+    () => route.path,
+    (newPath: string) => {
+      payload.page = pagination.value.page
+      payload.relationship = newPath.includes('following')
+        ? 'following'
+        : 'followers'
+      loadRelationships(payload)
+    }
+  )
+  watch(
+    () => route.query,
+    (newQuery: LocationQuery) => {
+      payload.page = newQuery.page ? +newQuery.page : 1
+      loadRelationships(payload)
+    }
+  )
+  watch(
+    () => authUser.value.following,
+    () => {
+      loadRelationships(payload)
+    }
+  )
+  watch(
+    () => authUser.value.followers,
+    () => {
+      loadRelationships(payload)
+    }
+  )
+</script>
+
+<style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+
+  .relationships {
+    min-height: 40px;
+    .user-relationships {
+      display: flex;
+      justify-content: space-between;
+      flex-wrap: wrap;
+
+      ::v-deep(.box) {
+        width: 40%;
+        @media screen and (max-width: $small-limit) {
+          width: 100%;
+        }
+      }
+    }
+    .no-relationships {
+      padding: 0 $default-padding;
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/User/UserStats.vue b/fittrackee_client/src/components/User/UserStats.vue
index 0f3c10ee2..49aadbc22 100644
--- a/fittrackee_client/src/components/User/UserStats.vue
+++ b/fittrackee_client/src/components/User/UserStats.vue
@@ -25,13 +25,31 @@
       </span>
     </div>
     <div class="user-stat">
-      <span class="stat-number">{{ user.following }}</span>
+      <router-link
+        :to="`/${
+          $route.path.includes('/profile')
+            ? 'profile'
+            : `users/${user.username}`
+        }/following`"
+        class="stat-number"
+      >
+        {{ user.following }}
+      </router-link>
       <span class="stat-label">
         {{ $t('user.RELATIONSHIPS.FOLLOWING', user.following) }}
       </span>
     </div>
     <div class="user-stat">
-      <span class="stat-number">{{ user.followers }}</span>
+      <router-link
+        :to="`/${
+          $route.path.includes('/profile')
+            ? 'profile'
+            : `users/${user.username}`
+        }/followers`"
+        class="stat-number"
+      >
+        {{ user.followers }}
+      </router-link>
       <span class="stat-label">
         {{ $t('user.RELATIONSHIPS.FOLLOWER', user.followers) }}
       </span>
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 11030d313..684d27e51 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -77,6 +77,8 @@
     "FOLLOWER": "follower | followers",
     "FOLLOWING": "following | following",
     "FOLLOWS_YOU": "follows you",
+    "NO_FOLLOWERS": "No followers yet.",
+    "NO_FOLLOWING": "No following yet.",
     "UNFOLLOW": "unfollow"
   },
   "RESET_PASSWORD": "Reset your password",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 8daf619f9..2968d794a 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -77,6 +77,8 @@
     "FOLLOWER": "abonné | abonnés",
     "FOLLOWING": "abonnement | abonnements",
     "FOLLOWS_YOU": "vous suit",
+    "NO_FOLLOWERS": "Pas d'abonnés pour le moment.",
+    "NO_FOLLOWING": "Pas d'abonnements pour le moment.",
     "UNFOLLOW": "se désabonner"
   },
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
diff --git a/fittrackee_client/src/router/index.ts b/fittrackee_client/src/router/index.ts
index bff22bb3d..47e1d8c88 100644
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@@ -11,6 +11,7 @@ import ProfileEdition from '@/components/User/ProfileEdition/index.vue'
 import UserInfosEdition from '@/components/User/ProfileEdition/UserInfosEdition.vue'
 import UserPictureEdition from '@/components/User/ProfileEdition/UserPictureEdition.vue'
 import UserPreferencesEdition from '@/components/User/ProfileEdition/UserPreferencesEdition.vue'
+import UserRelationships from '@/components/User/UserRelationships.vue'
 import UserSportPreferences from '@/components/User/UserSportPreferences.vue'
 import store from '@/store'
 import { AUTH_USER_STORE } from '@/store/constants'
@@ -108,6 +109,18 @@ const routes: Array<RouteRecordRaw> = [
             component: UserSportPreferences,
             props: { isEdition: false },
           },
+          {
+            path: 'followers',
+            name: 'AuthUserFollowers',
+            component: UserRelationships,
+            props: { relationship: 'followers' },
+          },
+          {
+            path: 'following',
+            name: 'AuthUserFollowing',
+            component: UserRelationships,
+            props: { relationship: 'following' },
+          },
         ],
       },
       {
@@ -160,6 +173,20 @@ const routes: Array<RouteRecordRaw> = [
     name: 'User',
     component: () =>
       import(/* webpackChunkName: 'users' */ '@/views/user/UserView.vue'),
+    children: [
+      {
+        path: 'followers',
+        name: 'UserFollowers',
+        component: UserRelationships,
+        props: { relationship: 'followers' },
+      },
+      {
+        path: 'following',
+        name: 'UserFollowing',
+        component: UserRelationships,
+        props: { relationship: 'following' },
+      },
+    ],
   },
   {
     path: '/workouts',
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index 25b89e808..06889c4a9 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -10,6 +10,7 @@ import {
   IAdminUserPayload,
   IUserDeletionPayload,
   IUserRelationshipActionPayload,
+  IUserRelationshipsPayload,
   TUsersPayload,
 } from '@/types/user'
 import { handleError } from '@/utils'
@@ -53,6 +54,13 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
     context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS, [])
     context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION, {})
   },
+  [USERS_STORE.ACTIONS.EMPTY_RELATIONSHIPS](
+    context: ActionContext<IUsersState, IRootState>
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    context.commit(USERS_STORE.MUTATIONS.UPDATE_USER_RELATIONSHIPS, [])
+    context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION, {})
+  },
   [USERS_STORE.ACTIONS.GET_USER](
     context: ActionContext<IUsersState, IRootState>,
     username: string
@@ -138,9 +146,11 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
           authApi.get(`users/${payload.username}`).then((res) => {
             if (res.data.status === 'success') {
               context.commit(
-                payload.fromUserInfos
+                payload.from === 'userInfos'
                   ? USERS_STORE.MUTATIONS.UPDATE_USER
-                  : USERS_STORE.MUTATIONS.UPDATE_USER_IN_USERS,
+                  : payload.from === 'userCard'
+                  ? USERS_STORE.MUTATIONS.UPDATE_USER_IN_USERS
+                  : USERS_STORE.MUTATIONS.UPDATE_USER_IN_RELATIONSHIPS,
                 res.data.data.users[0]
               )
               context.dispatch(AUTH_USER_STORE.ACTIONS.GET_USER_PROFILE)
@@ -157,6 +167,35 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
         context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, false)
       )
   },
+  [USERS_STORE.ACTIONS.GET_RELATIONSHIPS](
+    context: ActionContext<IUsersState, IRootState>,
+    payload: IUserRelationshipsPayload
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
+    authApi
+      .get(`users/${payload.username}/${payload.relationship}`, {
+        params: { page: payload.page },
+      })
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.commit(
+            USERS_STORE.MUTATIONS.UPDATE_USER_RELATIONSHIPS,
+            res.data.data[payload.relationship]
+          )
+          context.commit(
+            USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION,
+            res.data.pagination
+          )
+        } else {
+          handleError(context, null)
+        }
+      })
+      .catch((error) => handleError(context, error))
+      .finally(() =>
+        context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, false)
+      )
+  },
   [USERS_STORE.ACTIONS.DELETE_USER_ACCOUNT](
     context: ActionContext<IUsersState, IRootState>,
     payload: IUserDeletionPayload
diff --git a/fittrackee_client/src/store/modules/users/enums.ts b/fittrackee_client/src/store/modules/users/enums.ts
index f4834b766..d96b6f585 100644
--- a/fittrackee_client/src/store/modules/users/enums.ts
+++ b/fittrackee_client/src/store/modules/users/enums.ts
@@ -6,10 +6,13 @@ export enum UsersActions {
   UPDATE_USER = 'UPDATE_USER',
   DELETE_USER_ACCOUNT = 'DELETE_USER_ACCOUNT',
   UPDATE_RELATIONSHIP = 'UPDATE_RELATIONSHIP',
+  GET_RELATIONSHIPS = 'GET_RELATIONSHIPS',
+  EMPTY_RELATIONSHIPS = 'EMPTY_RELATIONSHIPS',
 }
 
 export enum UsersGetters {
   USER = 'USER',
+  USER_RELATIONSHIPS = 'USER_RELATIONSHIPS',
   USERS = 'USERS',
   USERS_LOADING = 'USERS_LOADING',
   USERS_PAGINATION = 'USERS_PAGINATION',
@@ -18,6 +21,8 @@ export enum UsersGetters {
 export enum UsersMutations {
   UPDATE_USER = 'UPDATE_USER',
   UPDATE_USER_IN_USERS = 'UPDATE_USER_IN_USERS',
+  UPDATE_USER_IN_RELATIONSHIPS = 'UPDATE_USER_IN_RELATIONSHIPS',
+  UPDATE_USER_RELATIONSHIPS = 'UPDATE_USER_RELATIONSHIPS',
   UPDATE_USERS = 'UPDATE_USERS',
   UPDATE_USERS_LOADING = 'UPDATE_USERS_LOADING',
   UPDATE_USERS_PAGINATION = 'UPDATE_USERS_PAGINATION',
diff --git a/fittrackee_client/src/store/modules/users/getters.ts b/fittrackee_client/src/store/modules/users/getters.ts
index 2dbf3e1db..f5c789b09 100644
--- a/fittrackee_client/src/store/modules/users/getters.ts
+++ b/fittrackee_client/src/store/modules/users/getters.ts
@@ -8,6 +8,9 @@ export const getters: GetterTree<IUsersState, IRootState> & IUsersGetters = {
   [USERS_STORE.GETTERS.USER]: (state: IUsersState) => {
     return state.user
   },
+  [USERS_STORE.GETTERS.USER_RELATIONSHIPS]: (state: IUsersState) => {
+    return state.user_relationships
+  },
   [USERS_STORE.GETTERS.USERS]: (state: IUsersState) => {
     return state.users
   },
diff --git a/fittrackee_client/src/store/modules/users/mutations.ts b/fittrackee_client/src/store/modules/users/mutations.ts
index c61873920..107461b02 100644
--- a/fittrackee_client/src/store/modules/users/mutations.ts
+++ b/fittrackee_client/src/store/modules/users/mutations.ts
@@ -20,6 +20,23 @@ export const mutations: MutationTree<IUsersState> & TUsersMutations = {
       return user
     })
   },
+  [USERS_STORE.MUTATIONS.UPDATE_USER_IN_RELATIONSHIPS](
+    state: IUsersState,
+    updatedUser: IUserProfile
+  ) {
+    state.user_relationships = state.user_relationships.map((user) => {
+      if (user.username === updatedUser.username) {
+        return updatedUser
+      }
+      return user
+    })
+  },
+  [USERS_STORE.MUTATIONS.UPDATE_USER_RELATIONSHIPS](
+    state: IUsersState,
+    relationships: IUserProfile[]
+  ) {
+    state.user_relationships = relationships
+  },
   [USERS_STORE.MUTATIONS.UPDATE_USERS](
     state: IUsersState,
     users: IUserProfile[]
diff --git a/fittrackee_client/src/store/modules/users/state.ts b/fittrackee_client/src/store/modules/users/state.ts
index 365979aa1..ea764bc33 100644
--- a/fittrackee_client/src/store/modules/users/state.ts
+++ b/fittrackee_client/src/store/modules/users/state.ts
@@ -4,6 +4,7 @@ import { IUserProfile } from '@/types/user'
 
 export const usersState: IUsersState = {
   user: <IUserProfile>{},
+  user_relationships: [],
   users: [],
   loading: false,
   pagination: <IPagination>{},
diff --git a/fittrackee_client/src/store/modules/users/types.ts b/fittrackee_client/src/store/modules/users/types.ts
index d59c24a3d..44f1af416 100644
--- a/fittrackee_client/src/store/modules/users/types.ts
+++ b/fittrackee_client/src/store/modules/users/types.ts
@@ -13,11 +13,13 @@ import {
   IUserDeletionPayload,
   IUserProfile,
   IUserRelationshipActionPayload,
+  IUserRelationshipsPayload,
   TUsersPayload,
 } from '@/types/user'
 
 export interface IUsersState {
   user: IUserProfile
+  user_relationships: IUserProfile[]
   users: IUserProfile[]
   loading: boolean
   pagination: IPagination
@@ -30,6 +32,9 @@ export interface IUsersActions {
   [USERS_STORE.ACTIONS.EMPTY_USERS](
     context: ActionContext<IUsersState, IRootState>
   ): void
+  [USERS_STORE.ACTIONS.EMPTY_RELATIONSHIPS](
+    context: ActionContext<IUsersState, IRootState>
+  ): void
   [USERS_STORE.ACTIONS.GET_USER](
     context: ActionContext<IUsersState, IRootState>,
     username: string
@@ -46,6 +51,10 @@ export interface IUsersActions {
     context: ActionContext<IUsersState, IRootState>,
     payload: IUserRelationshipActionPayload
   ): void
+  [USERS_STORE.ACTIONS.GET_RELATIONSHIPS](
+    context: ActionContext<IUsersState, IRootState>,
+    payload: IUserRelationshipsPayload
+  ): void
   [USERS_STORE.ACTIONS.DELETE_USER_ACCOUNT](
     context: ActionContext<IUsersState, IRootState>,
     payload: IUserDeletionPayload
@@ -54,6 +63,7 @@ export interface IUsersActions {
 
 export interface IUsersGetters {
   [USERS_STORE.GETTERS.USER](state: IUsersState): IUserProfile
+  [USERS_STORE.GETTERS.USER_RELATIONSHIPS](state: IUsersState): IUserProfile[]
   [USERS_STORE.GETTERS.USERS](state: IUsersState): IUserProfile[]
   [USERS_STORE.GETTERS.USERS_LOADING](state: IUsersState): boolean
   [USERS_STORE.GETTERS.USERS_PAGINATION](state: IUsersState): IPagination
@@ -65,6 +75,14 @@ export type TUsersMutations<S = IUsersState> = {
     state: S,
     updatedUser: IUserProfile
   ): void
+  [USERS_STORE.MUTATIONS.UPDATE_USER_IN_RELATIONSHIPS](
+    state: S,
+    updatedUser: IUserProfile
+  ): void
+  [USERS_STORE.MUTATIONS.UPDATE_USER_RELATIONSHIPS](
+    state: S,
+    relationship: IUserProfile[]
+  ): void
   [USERS_STORE.MUTATIONS.UPDATE_USERS](state: S, users: IUserProfile[]): void
   [USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING](state: S, loading: boolean): void
   [USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION](
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index ab647eb9c..de174efe1 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -5,6 +5,7 @@ import { IRecord } from '@/types/workouts'
 
 export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
 export type TRelationshipAction = 'follow' | 'unfollow'
+export type TRelationships = 'followers' | 'following'
 
 export interface IUserProfile {
   admin: boolean
@@ -62,7 +63,7 @@ export interface IAdminUserPayload {
 export interface IUserRelationshipActionPayload {
   username: string
   action: TRelationshipAction
-  fromUserInfos: boolean
+  from: string
 }
 
 export interface IUserPreferencesPayload {
@@ -115,4 +116,11 @@ export interface ILoginOrRegisterData {
 
 export type TUsersPayload = TPaginationPayload & {
   q?: string
+  username?: string
+}
+
+export interface IUserRelationshipsPayload {
+  username: string
+  relationship: TRelationships
+  page: number
 }
diff --git a/fittrackee_client/src/views/user/UserView.vue b/fittrackee_client/src/views/user/UserView.vue
index 875ea8d2f..1b717f34e 100644
--- a/fittrackee_client/src/views/user/UserView.vue
+++ b/fittrackee_client/src/views/user/UserView.vue
@@ -2,14 +2,25 @@
   <div id="user" class="view" v-if="user.username">
     <UserHeader :authUser="authUser" :user="user" />
     <div class="box">
-      <UserInfos :authUser="authUser" :user="user" />
+      <router-view
+        v-if="$route.path.includes('follow')"
+        :authUser="authUser"
+        :user="user"
+      />
+      <UserInfos v-else :authUser="authUser" :user="user" />
     </div>
   </div>
 </template>
 
 <script setup lang="ts">
-  import { ComputedRef, computed, onBeforeMount, onBeforeUnmount } from 'vue'
-  import { useRoute } from 'vue-router'
+  import {
+    ComputedRef,
+    computed,
+    onBeforeMount,
+    onBeforeUnmount,
+    watch,
+  } from 'vue'
+  import { LocationQuery, useRoute } from 'vue-router'
 
   import UserHeader from '@/components/User/ProfileDisplay/UserHeader.vue'
   import UserInfos from '@/components/User/ProfileDisplay/UserInfos.vue'
@@ -28,14 +39,27 @@
   )
 
   onBeforeMount(() => {
-    if (route.params.username && typeof route.params.username === 'string') {
-      store.dispatch(USERS_STORE.ACTIONS.GET_USER, route.params.username)
-    }
+    getUser(route.params)
   })
 
+  function getUser(params: LocationQuery) {
+    if (params.username && typeof params.username === 'string') {
+      store.dispatch(USERS_STORE.ACTIONS.GET_USER, params.username)
+      store.dispatch(USERS_STORE.ACTIONS.EMPTY_RELATIONSHIPS)
+    }
+  }
+
   onBeforeUnmount(() => {
     store.dispatch(USERS_STORE.ACTIONS.EMPTY_USER)
+    store.dispatch(USERS_STORE.ACTIONS.EMPTY_RELATIONSHIPS)
   })
+
+  watch(
+    () => route.params,
+    (newParam: LocationQuery) => {
+      getUser(newParam)
+    }
+  )
 </script>
 
 <style lang="scss" scoped>

From 19ee4f4a9f4996dfea5f7e42be53b244032f1729 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 18:52:47 +0100
Subject: [PATCH 086/238] API & Client - user update and fix

---
 fittrackee/federation/activities.py           | 18 ++---
 fittrackee/federation/utils_user.py           | 15 ++--
 .../23_8842c351a2d8_init_federation.py        |  4 +-
 .../federation/test_federation_activities.py  | 31 +-------
 .../federation/test_federation_utils_user.py  | 45 +++++++++++-
 fittrackee/tests/users/test_auth_api.py       | 70 +++++++++++--------
 fittrackee/tests/users/test_users_utils.py    |  8 +--
 fittrackee/users/auth.py                      |  6 +-
 fittrackee/users/utils/controls.py            |  4 +-
 .../src/components/User/UserAuthForm.vue      |  2 +-
 10 files changed, 111 insertions(+), 92 deletions(-)

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
index bc0550b0f..65d68af30 100644
--- a/fittrackee/federation/activities.py
+++ b/fittrackee/federation/activities.py
@@ -4,7 +4,6 @@
 from fittrackee import appLog
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
-from fittrackee.federation.utils_user import create_remote_user
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
@@ -23,9 +22,7 @@ def activity_name(self) -> str:
     def process_activity(self) -> None:
         pass
 
-    def get_actors(
-        self, create_remote_actor: bool = False
-    ) -> Tuple[Actor, Actor]:
+    def get_actors(self) -> Tuple[Actor, Actor]:
         """
         return actors from activity 'actor' and 'object'
         """
@@ -33,12 +30,9 @@ def get_actors(
             activitypub_id=self.activity['actor']
         ).first()
         if not actor:
-            if create_remote_actor:
-                actor = create_remote_user(self.activity['actor'])
-            else:
-                raise ActorNotFoundException(
-                    f'actor not found for {self.activity_name()}'
-                )
+            raise ActorNotFoundException(
+                f'actor not found for {self.activity_name()}'
+            )
 
         if isinstance(self.activity['object'], str):
             object_actor_activitypub_id = self.activity['object']
@@ -66,9 +60,7 @@ def process_activity(self) -> None:
 
 class FollowActivity(FollowBaseActivity):
     def process_activity(self) -> None:
-        follower_actor, followed_actor = self.get_actors(
-            create_remote_actor=True
-        )
+        follower_actor, followed_actor = self.get_actors()
         try:
             follower_actor.user.send_follow_request_to(followed_actor.user)
         except FollowRequestAlreadyRejectedError as e:
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 8759d373d..744e0fa9d 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -1,5 +1,5 @@
 import re
-from typing import Optional
+from typing import Optional, Tuple
 from urllib.parse import urlparse
 
 from fittrackee import db
@@ -12,17 +12,18 @@
 from .exceptions import ActorNotFoundException, DomainNotFoundException
 
 
-def get_username_and_domain(full_name: str) -> Optional[re.Match]:
-    full_name_pattern = r'([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
-    return re.match(full_name_pattern, full_name)
+def get_username_and_domain(full_name: str) -> Tuple:
+    full_name_pattern = r'@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
+    if re.match(full_name_pattern, full_name) is None:
+        return None, None
+    return re.match(full_name_pattern, full_name).groups()  # type: ignore
 
 
 def get_user_from_username(user_name: str) -> User:
-    user_name_and_domain = get_username_and_domain(user_name)
-    if user_name_and_domain is None:  # local actor
+    name, domain_name = get_username_and_domain(user_name)
+    if domain_name is None:  # local actor
         user = User.query.filter_by(username=user_name).first()
     else:  # remote actor
-        name, domain_name = user_name_and_domain.groups()
         domain = Domain.query.filter_by(name=domain_name).first()
         if not domain:
             raise DomainNotFoundException(domain_name)
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 412d2f33d..63c0ca33c 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -105,7 +105,7 @@ def upgrade():
     op.drop_constraint('users_username_key', 'users', type_='unique')
     op.alter_column(
         'users', 'username', existing_type=sa.String(length=20),
-        type_=sa.String(length=50), existing_nullable=False
+        type_=sa.String(length=30), existing_nullable=False
     )
     # user email and password are empty for remote actors
     op.alter_column(
@@ -215,7 +215,7 @@ def downgrade():
     )
     op.drop_constraint('username_actor_id_unique', 'users', type_='unique')
     op.alter_column(
-        'users', 'username', existing_type=sa.String(length=50),
+        'users', 'username', existing_type=sa.String(length=30),
         type_=sa.String(length=20), existing_nullable=False
     )
     op.alter_column(
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index 989d6d090..204a153ce 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -1,5 +1,4 @@
 from typing import Dict, Optional, Union
-from unittest.mock import patch
 
 import pytest
 from flask import Flask
@@ -125,10 +124,10 @@ def generate_undo_activity(
 
 class TestFollowActivity(FollowRequestActivitiesTestCase):
     def test_it_raises_error_if_followed_actor_does_not_exist(
-        self, app_with_federation: Flask, remote_user: User
+        self, app_with_federation: Flask, user_1: User
     ) -> None:
         follow_activity = self.generate_follow_activity(
-            follower_actor_id=remote_user.actor.activitypub_id
+            follower_actor_id=user_1.actor.activitypub_id
         )
         activity = get_activity_instance({'type': follow_activity['type']})(
             activity_dict=follow_activity
@@ -140,32 +139,6 @@ def test_it_raises_error_if_followed_actor_does_not_exist(
         ):
             activity.process_activity()
 
-    def test_it_creates_actor_if_remote_actor_does_not_exist(
-        self,
-        app_with_federation: Flask,
-        user_1: User,
-        random_actor: RandomActor,
-    ) -> None:
-        follow_activity = self.generate_follow_activity(
-            follower_actor_id=random_actor.activitypub_id,
-            followed_actor=user_1.actor,
-        )
-        activity = get_activity_instance({'type': follow_activity['type']})(
-            activity_dict=follow_activity
-        )
-        with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = (
-                random_actor.get_remote_user_object()
-            )
-            activity.process_activity()
-
-        remote_actor = Actor.query.filter_by(
-            activitypub_id=follow_activity['actor']
-        )
-        assert remote_actor is not None
-
     def test_it_raises_error_if_follow_request_already_rejected(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 4e035ef35..1ad902fb8 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -9,12 +9,55 @@
     RemoteActorException,
 )
 from fittrackee.federation.models import Actor, Domain
-from fittrackee.federation.utils_user import create_remote_user
+from fittrackee.federation.utils_user import (
+    create_remote_user,
+    get_username_and_domain,
+)
 from fittrackee.users.models import User
 
 from ...utils import RandomActor, random_string
 
 
+class TestGetUsernameAndDomain:
+    @pytest.mark.parametrize(
+        'input_user_account, expected_username_and_domain',
+        [
+            ('@sam@example.com', ('sam', 'example.com')),
+            (
+                '@john.doe@test.example.social',
+                ('john.doe', 'test.example.social'),
+            ),
+        ],
+    )
+    def test_it_returns_user_name_and_domain(
+        self,
+        input_user_account: str,
+        expected_username_and_domain: Union[str, None],
+    ) -> None:
+        print(input_user_account)
+        assert (
+            get_username_and_domain(input_user_account)
+            == expected_username_and_domain
+        )
+
+    @pytest.mark.parametrize(
+        'input_description, input_user_account',
+        [
+            ('sam', 'sam'),
+            ('@sam', '@sam'),
+            ('sam@', 'sam@'),
+            ('example.com', 'example.com'),
+            ('@example.com', '@example.com'),
+        ],
+    )
+    def test_it_returns_none_if_it_does_not_match(
+        self,
+        input_description: str,
+        input_user_account: str,
+    ) -> None:
+        assert get_username_and_domain(input_user_account) == (None, None)
+
+
 class TestCreateRemoteUser:
     @pytest.mark.parametrize(
         'input_description, input_actor_url',
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 2ce77ba75..c98a9616b 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -114,21 +114,22 @@ def test_it_returns_error_if_username_is_too_short(
             content_type='application/json',
         )
 
-        data = json.loads(response.data.decode())
-        assert data['status'] == 'error'
-        assert data['message'] == "username: 3 to 12 characters required\n"
         assert response.content_type == 'application/json'
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'error'
+        assert data['message'] == 'username: 3 to 30 characters required\n'
 
     def test_it_returns_error_if_username_is_too_long(
         self, app: Flask
     ) -> None:
         client = app.test_client()
+
         response = client.post(
             '/api/auth/register',
             data=json.dumps(
                 dict(
-                    username='testestestestestest',
+                    username='a' * 31,
                     email='test@test.com',
                     password='12345678',
                     password_conf='12345678',
@@ -136,11 +137,42 @@ def test_it_returns_error_if_username_is_too_long(
             ),
             content_type='application/json',
         )
+
+        assert response.content_type == 'application/json'
+        assert response.status_code == 400
         data = json.loads(response.data.decode())
         assert data['status'] == 'error'
-        assert data['message'] == "username: 3 to 12 characters required\n"
-        assert response.content_type == 'application/json'
+        assert data['message'] == 'username: 3 to 30 characters required\n'
+
+    @pytest.mark.parametrize(
+        'input_description,input_username',
+        [
+            ('account_handle', '@sam@example.com'),
+            ('with special characters', 'sam*'),
+        ],
+    )
+    def test_it_returns_error_if_username_is_invalid(
+        self, app: Flask, input_description: str, input_username: str
+    ) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            '/api/auth/register',
+            data=json.dumps(
+                dict(
+                    username=input_username,
+                    email='test@test.com',
+                    password='12345678',
+                    password_conf='12345678',
+                )
+            ),
+            content_type='application/json',
+        )
+
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'invalid payload', data['message']
+        assert 'error', data['status']
 
     def test_it_returns_error_if_email_is_invalid(self, app: Flask) -> None:
         client = app.test_client()
@@ -160,7 +192,7 @@ def test_it_returns_error_if_email_is_invalid(self, app: Flask) -> None:
 
         data = json.loads(response.data.decode())
         assert data['status'] == 'error'
-        assert data['message'] == "email: valid email must be provided\n"
+        assert data['message'] == 'email: valid email must be provided\n'
         assert response.content_type == 'application/json'
         assert response.status_code == 400
 
@@ -303,30 +335,6 @@ def test_it_returns_error_if_password_confirmation_is_missing(
         assert 'invalid payload' in data['message']
         assert 'error' in data['status']
 
-    def test_it_returns_error_if_username_is_invalid(self, app: Flask) -> None:
-        client = app.test_client()
-
-        response = client.post(
-            '/api/auth/register',
-            data=json.dumps(
-                dict(
-                    username=1,
-                    email='test@test.com',
-                    password='12345678',
-                    password_conf='12345678',
-                )
-            ),
-            content_type='application/json',
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 500
-        assert (
-            'error, please try again or contact the administrator'
-            in data['message']
-        )
-        assert 'error' in data['status']
-
 
 class TestUserLogin:
     @pytest.mark.parametrize(
diff --git a/fittrackee/tests/users/test_users_utils.py b/fittrackee/tests/users/test_users_utils.py
index d5c9dd247..38c49d4fd 100644
--- a/fittrackee/tests/users/test_users_utils.py
+++ b/fittrackee/tests/users/test_users_utils.py
@@ -120,7 +120,7 @@ class TestIsUsernameValid:
         ('input_username_length',),
         [
             (2,),
-            (13,),
+            (31,),
         ],
     )
     def test_it_returns_error_message_when_username_length_is_invalid(
@@ -130,7 +130,7 @@ def test_it_returns_error_message_when_username_length_is_invalid(
             check_username(
                 username=random_string(input_username_length),
             )
-            == 'username: 3 to 12 characters required\n'
+            == 'username: 3 to 30 characters required\n'
         )
 
     @pytest.mark.parametrize(
@@ -156,7 +156,7 @@ def test_it_returns_empty_string_when_username_is_valid(self) -> None:
     def test_it_returns_multiple_errors(self) -> None:
         username = random_string(1) + '.'
         assert check_username(username=username) == (
-            'username: 3 to 12 characters required\n'
+            'username: 3 to 30 characters required\n'
             'username: only alphanumeric characters and the underscore '
             'character "_" allowed\n'
         )
@@ -208,7 +208,7 @@ def test_it_returns_multiple_errors_when_inputs_are_invalid(self) -> None:
             password=random_string(8),
             password_conf=random_string(8),
         ) == (
-            'username: 3 to 12 characters required\n'
+            'username: 3 to 30 characters required\n'
             'email: valid email must be provided\n'
             'password: password and password confirmation do not match\n'
         )
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index b586d980c..bea08982f 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -75,7 +75,7 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
         "status": "error"
       }
 
-    :<json string username: user name (3 to 12 characters required)
+    :<json string username: user name (3 to 30 characters required)
     :<json string email: user email
     :<json string password: password (8 characters required)
     :<json string password_conf: password confirmation
@@ -85,7 +85,9 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
         - invalid payload
         - sorry, that user already exists
         - Errors:
-            - username: 3 to 12 characters required
+            - username: 3 to 30 characters required
+            - username: only alphanumeric characters and the underscore
+                        character "_" allowed
             - email: valid email must be provided
             - password: password and password confirmation don't match
             - password: 8 characters required
diff --git a/fittrackee/users/utils/controls.py b/fittrackee/users/utils/controls.py
index cd3a9c905..32c4c830e 100644
--- a/fittrackee/users/utils/controls.py
+++ b/fittrackee/users/utils/controls.py
@@ -40,8 +40,8 @@ def check_username(username: str) -> str:
     Return if username is valid
     """
     ret = ''
-    if not 2 < len(username) < 13:
-        ret += 'username: 3 to 12 characters required\n'
+    if not 2 < len(username) < 31:
+        ret += 'username: 3 to 30 characters required\n'
     if not re.match(r'^[a-zA-Z0-9_]+$', username):
         ret += (
             'username: only alphanumeric characters and the '
diff --git a/fittrackee_client/src/components/User/UserAuthForm.vue b/fittrackee_client/src/components/User/UserAuthForm.vue
index a4f829360..f569f0a09 100644
--- a/fittrackee_client/src/components/User/UserAuthForm.vue
+++ b/fittrackee_client/src/components/User/UserAuthForm.vue
@@ -23,7 +23,7 @@
               required
               pattern="[a-zA-Z0-9_]+"
               minlength="3"
-              maxlength="12"
+              maxlength="30"
               @invalid="invalidateForm"
               v-model="formData.username"
               :placeholder="$t('user.USERNAME')"

From 49b39dcaea0c3d2f87b8861abaa54c142e0f3e6a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 18:32:24 +0100
Subject: [PATCH 087/238] API - search (and create if not exists) a remote user
 (WIP)

---
 fittrackee/federation/federation.py           |  92 +----
 fittrackee/federation/remote_actor.py         |  12 +
 fittrackee/federation/utils_user.py           |  94 +++--
 .../federation/test_federation_federation.py  | 113 ------
 .../federation/test_federation_utils_user.py  | 328 ++++++++++++------
 .../tests/federation/users/test_users_api.py  | 100 ++++++
 fittrackee/tests/users/test_users_api.py      |  20 +-
 fittrackee/tests/utils.py                     |  12 +
 fittrackee/users/users.py                     |  43 ++-
 9 files changed, 471 insertions(+), 343 deletions(-)

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 3b3fc38c9..46e944ecc 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -2,15 +2,8 @@
 
 from flask import Blueprint, request
 
-from fittrackee.federation.exceptions import RemoteActorException
-from fittrackee.federation.utils_user import create_remote_user
-from fittrackee.responses import (
-    HttpResponse,
-    InvalidPayloadErrorResponse,
-    handle_error_and_return_response,
-)
-from fittrackee.users.decorators import authenticate
-from fittrackee.users.models import FollowRequest, User
+from fittrackee.responses import HttpResponse, handle_error_and_return_response
+from fittrackee.users.models import FollowRequest
 
 from .collections import OrderedCollection, OrderedCollectionPage
 from .decorators import federation_required, get_local_actor_from_username
@@ -86,87 +79,6 @@ def get_actor(
     )
 
 
-@ap_federation_blueprint.route('/remote-user', methods=['POST'])
-@federation_required
-@authenticate
-def remote_actor(
-    app_domain: Domain, auth_user: User
-) -> Union[Dict, HttpResponse]:
-    """
-    Add a remote actor to local instance if it does not exist.
-    Otherwise it updates it.
-
-    **Example request**:
-
-    .. sourcecode:: http
-
-      POST /federation/remote_user HTTP/1.1
-      Content-Type: application/json
-
-    **Example response**:
-
-    .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Content-Type: application/jrd+json; charset=utf-8
-
-      {
-        "@context": [
-          "https://www.w3.org/ns/activitystreams",
-          "https://w3id.org/security/v1"
-        ],
-        "id": "https://remote-instance.social/user/Sam",
-        "type": "Person",
-        "preferredUsername": "Sam",
-        "name": "Sam",
-        "url": "https://remote-instance.social/@Sam",
-        "inbox": "https://remote-instance.social/user/Sam/inbox",
-        "outbox": "https://remote-instance.social/user/Sam/outbox",
-        "followers": "https://remote-instance.social/user/Sam/followers",
-        "following": "https://remote-instance.social/user/Sam/following",
-        "manuallyApprovesFollowers": true,
-        "publicKey": {
-          "id": "https://remote-instance.social/user/Sam#main-key",
-          "owner": "https://remote-instance.social/user/Sam",
-          "publicKeyPem": "-----BEGIN PUBLIC KEY---(...)---END PUBLIC KEY-----"
-        },
-        "endpoints": {
-          "sharedInbox": "https://remote-instance.social/inbox"
-        }
-      }
-
-    :<json string actor_url: remote actor activitypub id
-
-    :reqheader Authorization: OAuth 2.0 Bearer Token
-
-    :statuscode 200: success
-    :statuscode 400:
-      - invalid payload
-      - The provided account is not a remote account.
-      - Can not fetch remote actor.
-      - Invalid remote actor object.
-    :statuscode 401:
-        - provide a valid auth token
-        - signature expired, please log in again
-        - invalid token, please log in again
-    :statuscode 403: error, federation is disabled for this instance
-
-    """
-    remote_actor_url = (
-        request.get_json(silent=True).get('actor_url')  # type: ignore
-        if request.get_json(silent=True) is not None
-        else None
-    )
-    try:
-        actor = create_remote_user(remote_actor_url)
-    except RemoteActorException as e:
-        return InvalidPayloadErrorResponse(e.message)
-    return HttpResponse(
-        response=actor.serialize(),
-        content_type='application/jrd+json; charset=utf-8',
-    )
-
-
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>/inbox', methods=['POST']
 )
diff --git a/fittrackee/federation/remote_actor.py b/fittrackee/federation/remote_actor.py
index 573eef8dc..29ae110f5 100644
--- a/fittrackee/federation/remote_actor.py
+++ b/fittrackee/federation/remote_actor.py
@@ -14,3 +14,15 @@ def get_remote_actor(actor_url: str) -> Dict:
         raise ActorNotFoundException()
 
     return response.json()
+
+
+def fetch_remote_actor(username: str, domain: str) -> Dict:
+    response = requests.get(
+        f'https://{domain}/.well-known/webfinger?'
+        f'resource=acct:{username}@{domain}',
+        headers={'Accept': 'application/activity+json'},
+    )
+    if response.status_code >= 400:
+        raise ActorNotFoundException()
+
+    return response.json()
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 744e0fa9d..7c31e89f2 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -1,62 +1,58 @@
 import re
-from typing import Optional, Tuple
-from urllib.parse import urlparse
+from typing import Tuple
+
+from flask import current_app
 
 from fittrackee import db
 from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.models import Actor, Domain
-from fittrackee.federation.remote_actor import get_remote_actor
+from fittrackee.federation.remote_actor import (
+    fetch_remote_actor,
+    get_remote_actor,
+)
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
 from .exceptions import ActorNotFoundException, DomainNotFoundException
 
+FULL_NAME_REGEX = r'^@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})$'
+
 
 def get_username_and_domain(full_name: str) -> Tuple:
-    full_name_pattern = r'@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})'
-    if re.match(full_name_pattern, full_name) is None:
+    result = re.match(FULL_NAME_REGEX, full_name)
+    if result is None:
         return None, None
-    return re.match(full_name_pattern, full_name).groups()  # type: ignore
-
-
-def get_user_from_username(user_name: str) -> User:
-    name, domain_name = get_username_and_domain(user_name)
-    if domain_name is None:  # local actor
-        user = User.query.filter_by(username=user_name).first()
-    else:  # remote actor
-        domain = Domain.query.filter_by(name=domain_name).first()
-        if not domain:
-            raise DomainNotFoundException(domain_name)
-        actor = Actor.query.filter_by(
-            preferred_username=name, domain_id=domain.id
-        ).first()
-        if not actor:
-            raise ActorNotFoundException()
-        user = actor.user
-    if not user:
-        raise UserNotFoundException()
-    return user
+    return result.groups()  # type: ignore
 
 
-def create_remote_user(remote_actor_url: Optional[str]) -> Actor:
-    if not remote_actor_url:
-        raise RemoteActorException('invalid remote actor url')
+def create_remote_user(username: str, domain: str) -> User:
+    if domain == current_app.config['UI_URL']:
+        raise RemoteActorException(
+            'the provided account is not a remote account'
+        )
 
-    # check if domain already exists
-    remote_domain_name = urlparse(remote_actor_url).netloc
-    remote_domain = Domain.query.filter_by(name=remote_domain_name).first()
+    remote_domain = Domain.query.filter_by(name=domain).first()
     if not remote_domain:
-        remote_domain = Domain(name=remote_domain_name)
+        remote_domain = Domain(name=domain)
         db.session.add(remote_domain)
         db.session.flush()
 
-    if not remote_domain.is_remote:
+    # get account links via Webfinger
+    try:
+        webfinger = fetch_remote_actor(username, domain)
+    except ActorNotFoundException:
+        raise RemoteActorException('can not fetch remote actor')
+    remote_actor_url = next(
+        (item for item in webfinger.get('links', []) if item['rel'] == 'self'),
+        None,
+    )
+    if not remote_actor_url:
         raise RemoteActorException(
-            'the provided account is not a remote account'
+            'invalid data fetched from webfinger endpoint'
         )
 
     try:
-        remote_actor_object = get_remote_actor(remote_actor_url)
+        remote_actor_object = get_remote_actor(remote_actor_url['href'])
     except ActorNotFoundException:
         raise RemoteActorException('can not fetch remote actor')
 
@@ -95,4 +91,30 @@ def create_remote_user(remote_actor_url: Optional[str]) -> Actor:
         'manuallyApprovesFollowers'
     ]
     db.session.commit()
-    return actor
+    return actor.user
+
+
+def get_user_from_username(
+    user_name: str, with_creation: bool = False
+) -> User:
+    name, domain_name = get_username_and_domain(user_name)
+    if domain_name is None:  # local actor
+        user = User.query.filter_by(username=user_name).first()
+    else:  # remote actor
+        actor = None
+        domain = Domain.query.filter_by(name=domain_name).first()
+        if not domain and not with_creation:
+            raise DomainNotFoundException(domain_name)
+        if domain:
+            actor = Actor.query.filter_by(
+                preferred_username=name, domain_id=domain.id
+            ).first()
+        if not actor:
+            if with_creation:
+                return create_remote_user(name, domain_name)
+            else:
+                raise ActorNotFoundException()
+        user = actor.user
+    if not user:
+        raise UserNotFoundException()
+    return user
diff --git a/fittrackee/tests/federation/federation/test_federation_federation.py b/fittrackee/tests/federation/federation/test_federation_federation.py
index fe97e17a0..27ed5d388 100644
--- a/fittrackee/tests/federation/federation/test_federation_federation.py
+++ b/fittrackee/tests/federation/federation/test_federation_federation.py
@@ -4,12 +4,10 @@
 
 from flask import Flask
 
-from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import FollowRequest, User
 
 from ...test_case_mixins import ApiTestCaseMixin
-from ...utils import RandomActor
 
 
 class TestFederationUser:
@@ -65,117 +63,6 @@ def test_it_returns_error_if_federation_is_disabled(
         )
 
 
-class TestRemoteUser(ApiTestCaseMixin):
-    def test_it_returns_error_if_federation_is_disabled(
-        self, app: Flask, user_1: User, random_actor: RandomActor
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-        response = client.post(
-            '/federation/remote-user',
-            content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-            data=json.dumps({'actor_url': random_actor.activitypub_id}),
-        )
-
-        assert response.status_code == 403
-        data = json.loads(response.data.decode())
-        assert 'error' in data['status']
-        assert (
-            'error, federation is disabled for this instance'
-            in data['message']
-        )
-
-    def test_it_returns_error_if_user_is_not_logged(
-        self, app_with_federation: Flask, random_actor: RandomActor
-    ) -> None:
-        client = app_with_federation.test_client()
-        response = client.post(
-            '/federation/remote-user',
-            content_type='application/json',
-            data=json.dumps({'actor_url': random_actor.activitypub_id}),
-        )
-
-        assert response.status_code == 401
-        data = json.loads(response.data.decode())
-        assert 'error' in data['status']
-        assert 'provide a valid auth token' in data['message']
-
-    def test_it_returns_400_if_remote_user_url_is_missing(
-        self, app_with_federation: Flask, user_1: User
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, user_1.email
-        )
-        response = client.post(
-            '/federation/remote-user',
-            content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        assert response.status_code == 400
-        data = json.loads(response.data.decode())
-        assert 'error' in data['status']
-        assert (
-            'Invalid remote actor: invalid remote actor url.'
-            in data['message']
-        )
-
-    def test_it_returns_error_if_create_remote_user_returns_error(
-        self,
-        app_with_federation: Flask,
-        user_1: User,
-        random_actor: RandomActor,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, user_1.email
-        )
-        with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.side_effect = ActorNotFoundException()
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 400
-            data = json.loads(response.data.decode())
-            assert 'error' in data['status']
-            assert (
-                'Invalid remote actor: can not fetch remote actor.'
-                in data['message']
-            )
-
-    def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
-        self,
-        app_with_federation: Flask,
-        user_1: User,
-        random_actor: RandomActor,
-    ) -> None:
-        remote_user_object = random_actor.get_remote_user_object()
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, user_1.email
-        )
-        with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-            response = client.post(
-                '/federation/remote-user',
-                content_type='application/json',
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-                data=json.dumps({'actor_url': random_actor.activitypub_id}),
-            )
-
-            assert response.status_code == 200
-            data = json.loads(response.data.decode())
-            assert data == remote_user_object
-
-
 class TestLocalActorFollowers(ApiTestCaseMixin):
     def test_it_returns_error_if_federation_is_disabled(
         self, app: Flask
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 1ad902fb8..44dcbc9bf 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -1,4 +1,4 @@
-from typing import Union
+from typing import Dict, Union
 from unittest.mock import patch
 
 import pytest
@@ -11,8 +11,10 @@
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.utils_user import (
     create_remote_user,
+    get_user_from_username,
     get_username_and_domain,
 )
+from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
 from ...utils import RandomActor, random_string
@@ -34,7 +36,6 @@ def test_it_returns_user_name_and_domain(
         input_user_account: str,
         expected_username_and_domain: Union[str, None],
     ) -> None:
-        print(input_user_account)
         assert (
             get_username_and_domain(input_user_account)
             == expected_username_and_domain
@@ -59,19 +60,6 @@ def test_it_returns_none_if_it_does_not_match(
 
 
 class TestCreateRemoteUser:
-    @pytest.mark.parametrize(
-        'input_description, input_actor_url',
-        [('none', None), ('empty string', '')],
-    )
-    def test_it_returns_error_if_remote_actor_url_is_invalid(
-        self, input_description: str, input_actor_url: Union[str, None]
-    ) -> None:
-        with pytest.raises(
-            RemoteActorException,
-            match='Invalid remote actor: invalid remote actor url.',
-        ):
-            create_remote_user(input_actor_url)
-
     def test_it_returns_error_if_remote_actor_domain_is_local(
         self, app_with_federation: Flask
     ) -> None:
@@ -82,44 +70,84 @@ def test_it_returns_error_if_remote_actor_domain_is_local(
                 'the provided account is not a remote account.'
             ),
         ):
-            create_remote_user(f'{app_with_federation.config["UI_URL"]}')
 
-    def test_it_returns_error_if_preferred_username_is_missing_in_remote_actor_object(  # noqa
+            create_remote_user(
+                random_string(), app_with_federation.config["UI_URL"]
+            )
+
+    def test_it_returns_error_if_remote_webfinger_returns_error(
         self,
         app_with_federation: Flask,
         remote_domain: Domain,
         random_actor: RandomActor,
     ) -> None:
-        random_actor.domain = f'https://{remote_domain.name}'
-        remote_user_object = random_actor.get_remote_user_object()
-        del remote_user_object['preferredUsername']
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-            with pytest.raises(
-                RemoteActorException,
-                match='Invalid remote actor: invalid remote actor object.',
-            ):
-                create_remote_user(random_actor.activitypub_id)
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            side_effect=ActorNotFoundException(),
+        ), pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: can not fetch remote actor.',
+        ):
 
-    def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
+            create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+    @pytest.mark.parametrize(
+        'input_description, input_webfinger',
+        [
+            ('empty dict', {}),
+            (
+                'missing links',
+                {
+                    'subject': f'acct:{random_string()}',
+                },
+            ),
+            (
+                'empty links',
+                {
+                    'subject': f'acct:{random_string()}',
+                    'links': [],
+                },
+            ),
+            (
+                'missing "self" link',
+                {
+                    'subject': f'acct:{random_string()}',
+                    'links': [
+                        {
+                            'rel': 'http://ostatus.org/schema/1.0/subscribe',
+                            'template': (
+                                'https://example.com/'
+                                'authorize_interaction?uri={uri}'
+                            ),
+                        }
+                    ],
+                },
+            ),
+        ],
+    )
+    def test_it_returns_error_if_remote_webfinger_does_not_return_links(
         self,
         app_with_federation: Flask,
         remote_domain: Domain,
         random_actor: RandomActor,
+        input_description: str,
+        input_webfinger: Dict,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = {
-                'preferredUsername': random_actor.preferred_username,
-            }
-            with pytest.raises(
-                RemoteActorException,
-                match='Invalid remote actor: invalid remote actor object.',
-            ):
-                create_remote_user(random_actor.activitypub_id)
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value={},
+        ), pytest.raises(
+            RemoteActorException,
+            match=(
+                'Invalid remote actor: invalid data fetched '
+                'from webfinger endpoint.'
+            ),
+        ):
+            create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
 
     def test_it_returns_error_if_fetching_remote_user_returns_error(
         self,
@@ -128,14 +156,65 @@ def test_it_returns_error_if_fetching_remote_user_returns_error(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.side_effect = ActorNotFoundException()
-            with pytest.raises(
-                RemoteActorException,
-                match='Invalid remote actor: can not fetch remote actor.',
-            ):
-                create_remote_user(random_actor.activitypub_id)
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            side_effect=ActorNotFoundException(),
+        ), pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: can not fetch remote actor.',
+        ):
+
+            create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+    def test_it_returns_error_if_preferred_username_is_missing_in_remote_actor_object(  # noqa
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        remote_user_object = random_actor.get_remote_user_object()
+        del remote_user_object['preferredUsername']
+        with patch(
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=remote_user_object,
+        ), pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: invalid remote actor object.',
+        ):
+
+            create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+    def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        random_actor: RandomActor,
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value={
+                'preferredUsername': random_actor.preferred_username,
+            },
+        ), pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: invalid remote actor object.',
+        ):
+
+            create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
 
     def test_it_creates_remote_actor_if_actor_does_not_exist(
         self,
@@ -145,83 +224,136 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
     ) -> None:
         random_actor.domain = f'https://{remote_domain.name}'
         random_actor.manually_approves_followers = False
-        remote_user_object = random_actor.get_remote_user_object()
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-
-            actor = create_remote_user(random_actor.activitypub_id)
-
-            expected_actor = Actor.query.filter_by(
-                activitypub_id=random_actor.activitypub_id
-            ).first()
-            assert actor == expected_actor
-            assert actor.user.username == random_actor.name
-            assert (
-                actor.user.manually_approves_followers
-                == random_actor.manually_approves_followers
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+
+            user = create_remote_user(
+                random_actor.preferred_username, random_actor.domain
             )
 
-    def test_it_creates_remote_actor_if_actor_and_domain_dont_exist(
+        assert user.username == random_actor.name
+        assert (
+            user.manually_approves_followers
+            == random_actor.manually_approves_followers
+        )
+
+    def test_it_creates_remote_actor_when_actor_and_domain_dont_exist(
         self,
         app_with_federation: Flask,
         random_actor: RandomActor,
     ) -> None:
-        remote_user_object = random_actor.get_remote_user_object()
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-
-            actor = create_remote_user(random_actor.activitypub_id)
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            user = create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
 
-            expected_actor = Actor.query.filter_by(
-                activitypub_id=random_actor.activitypub_id
-            ).first()
-            assert actor == expected_actor
+        assert user.username == random_actor.name
 
     def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
-        remote_actor = remote_user.actor
-        remote_user_object = remote_actor.serialize()
+        remote_user_object = remote_user.actor.serialize()
         updated_name = random_string()
         remote_user_object['name'] = updated_name
         remote_user_object['manuallyApprovesFollowers'] = False
-        last_fetched = remote_actor.last_fetch_date
+        last_fetched = remote_user.actor.last_fetch_date
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            get_remote_user_mock.return_value = remote_user_object
-
-            create_remote_user(remote_actor.activitypub_id)
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value={
+                'subject': f'acct:{remote_user.actor.fullname}',
+                'links': [
+                    {
+                        'rel': 'self',
+                        'type': 'application/activity+json',
+                        'href': remote_user.actor.activitypub_id,
+                    }
+                ],
+            },
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=remote_user_object,
+        ):
+            create_remote_user(
+                remote_user.actor.preferred_username,
+                remote_user.actor.domain.name,
+            )
 
-            updated_actor = Actor.query.filter_by(id=remote_actor.id).first()
-            assert updated_actor.name == updated_name
-            assert updated_actor.last_fetch_date != last_fetched
-            assert updated_actor.user.manually_approves_followers is False
+        updated_actor = Actor.query.filter_by(id=remote_user.actor.id).first()
+        assert updated_actor.name == updated_name
+        assert updated_actor.last_fetch_date != last_fetched
+        assert updated_actor.user.manually_approves_followers is False
 
-    def test_it_creates_several_remote_actors(
+    def test_it_creates_additional_remote_actor(
         self,
         app_with_federation: Flask,
+        remote_user: User,
         random_actor: RandomActor,
-        random_actor_2: RandomActor,
     ) -> None:
         """
-        check constrains on User model (especially empty password and email)
+        check constrains on User model
         """
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor'
-        ) as get_remote_user_mock:
-            remote_user_object = random_actor.get_remote_user_object()
-            get_remote_user_mock.return_value = remote_user_object
-            actor = create_remote_user(random_actor.activitypub_id)
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            user = create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+            assert user.username == random_actor.name
+
+
+class TestGetUserFromUsername:
+    def test_it_raises_exception_if_no_user(
+        self, app_with_federation: Flask
+    ) -> None:
+        with pytest.raises(UserNotFoundException):
+            get_user_from_username(random_string())
 
-            assert actor.activitypub_id == random_actor.activitypub_id
+    def test_it_raises_exception_if_no_local_user_and_with_creation(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        with pytest.raises(UserNotFoundException):
+            get_user_from_username(random_string(), with_creation=True)
+
+    def test_it_returns_local_user(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        assert get_user_from_username(user_1.username) == user_1
+
+    def test_it_returns_remote_user(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        assert (
+            get_user_from_username(remote_user.actor.fullname) == remote_user
+        )
 
-            remote_user_object = random_actor_2.get_remote_user_object()
-            get_remote_user_mock.return_value = remote_user_object
-            actor = create_remote_user(random_actor_2.activitypub_id)
+    def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(  # noqa
+        self, app_with_federation: Flask, random_actor: RandomActor
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            user = get_user_from_username(
+                random_actor.fullname, with_creation=True
+            )
 
-            assert actor.activitypub_id == random_actor_2.activitypub_id
+        assert user.username == random_actor.name
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index d66df4838..eb2cace32 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -1,4 +1,5 @@
 import json
+from unittest.mock import patch
 
 from flask import Flask
 
@@ -6,6 +7,7 @@
 from fittrackee.users.models import User
 
 from ...test_case_mixins import ApiTestCaseMixin
+from ...utils import RandomActor, jsonify_dict
 
 
 class TestGetLocalUsers(ApiTestCaseMixin):
@@ -77,3 +79,101 @@ def test_it_deletes_actor_when_deleting_user(
         )
 
         assert Actor.query.filter_by(id=actor_id).first() is None
+
+
+class TestGetUsersWithRemoteUser(ApiTestCaseMixin):
+    def test_it_returns_remote_user(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users?q=@{remote_user.actor.fullname}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0] == jsonify_dict(
+            remote_user.serialize(user_1)
+        )
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 1,
+        }
+
+    def test_it_creates_and_returns_remote_user(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        with patch(
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            response = client.get(
+                f'/api/users?q=@{random_actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0]['username'] == random_actor.name
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 1,
+        }
+
+    def test_it_empty_list_if_remote_user_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        with patch(
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            side_effect={},
+        ):
+            response = client.get(
+                f'/api/users?q=@{random_actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index d343b3a2f..d9900b4a9 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -3,6 +3,7 @@
 from io import BytesIO
 from unittest.mock import patch
 
+import pytest
 from flask import Flask
 
 from fittrackee.federation.models import Actor
@@ -10,7 +11,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
-from ..utils import jsonify_dict
+from ..utils import jsonify_dict, random_string
 
 
 class TestGetUserAsAdmin(ApiTestCaseMixin):
@@ -877,15 +878,28 @@ def test_filtering_on_username_is_case_insensitive(
         assert len(data['data']['users']) == 1
         assert 'toto' in data['data']['users'][0]['username']
 
+    @pytest.mark.parametrize(
+        'input_desc, input_username',
+        [
+            ('not existing user', random_string()),
+            ('user account format', '@sam@example.com'),
+        ],
+    )
     def test_it_returns_empty_users_list_filtering_on_username(
-        self, app: Flask, user_1_admin: User, user_2: User, user_3: User
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        input_desc: str,
+        input_username: str,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1_admin.email
         )
 
         response = client.get(
-            '/api/users?q=not_existing',
+            f'/api/users?q={input_username}',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index e551a81bd..05c77f7fc 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -108,6 +108,18 @@ def get_remote_user_object(self) -> Dict:
             self.manually_approves_followers,
         )
 
+    def get_webfinger(self) -> Dict:
+        return {
+            'subject': f'acct:{self.fullname}',
+            'links': [
+                {
+                    'rel': 'self',
+                    'type': 'application/activity+json',
+                    'href': self.activitypub_id,
+                }
+            ],
+        }
+
 
 def generate_response(
     content: Optional[Union[str, Dict]] = None,
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index cacffb4f3..5cffd6cf9 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -1,9 +1,10 @@
 import os
+import re
 import shutil
 from typing import Any, Dict, Optional, Tuple, Union
 
 import click
-from flask import Blueprint, request, send_file
+from flask import Blueprint, current_app, request, send_file
 from sqlalchemy import exc
 
 from fittrackee import appLog, db
@@ -13,7 +14,10 @@
     DomainNotFoundException,
 )
 from fittrackee.federation.models import Domain
-from fittrackee.federation.utils_user import get_user_from_username
+from fittrackee.federation.utils_user import (
+    FULL_NAME_REGEX,
+    get_user_from_username,
+)
 from fittrackee.files import get_absolute_file_path
 from fittrackee.responses import (
     ForbiddenErrorResponse,
@@ -56,13 +60,46 @@ def set_admin(username: str) -> None:
 
 def get_users_list(auth_user: User, remote: bool = False) -> Dict:
     params = request.args.copy()
+
+    query = params.get('q')
+    if (
+        current_app.config['federation_enabled']
+        and query
+        and re.match(FULL_NAME_REGEX, query)
+    ):
+        try:
+            user = get_user_from_username(query, with_creation=True)
+        except Exception:  # noqa
+            return {
+                'status': 'success',
+                'data': {'users': []},
+                'pagination': {
+                    'has_next': False,
+                    'has_prev': False,
+                    'page': 1,
+                    'pages': 0,
+                    'total': 0,
+                },
+            }
+        if user:
+            return {
+                'status': 'success',
+                'data': {'users': [user.serialize(auth_user)]},
+                'pagination': {
+                    'has_next': False,
+                    'has_prev': False,
+                    'page': 1,
+                    'pages': 1,
+                    'total': 1,
+                },
+            }
+
     page = int(params.get('page', 1))
     per_page = int(params.get('per_page', USERS_PER_PAGE))
     if per_page > 50:
         per_page = 50
     order_by = params.get('order_by', 'username')
     order = params.get('order', 'asc')
-    query = params.get('q')
     users_pagination = (
         User.query.filter(
             User.username.ilike('%' + query + '%') if query else True,

From 31461e2dfe9cdb73b37d18fd61f1628d6a36ba72 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 19:01:15 +0100
Subject: [PATCH 088/238] API - store user remote picture

---
 fittrackee/federation/models.py               |   4 +-
 fittrackee/federation/utils_user.py           |  44 ++++-
 .../federation/test_federation_utils_user.py  | 170 +++++++++++++++++-
 fittrackee/tests/utils.py                     |  10 +-
 4 files changed, 222 insertions(+), 6 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 115adbd28..a5431fb36 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -10,7 +10,7 @@
 from .enums import ActorType
 from .utils import generate_keys, get_ap_url
 
-MEDIA_TYPE = {
+MEDIA_TYPES = {
     'gif': 'image/gif',
     'jpg': 'image/jpeg',
     'png': 'image/png',
@@ -173,7 +173,7 @@ def serialize(self) -> Dict:
             extension = self.user.picture.rsplit('.', 1)[1].lower()
             actor_dict['icon'] = {
                 'type': 'Image',
-                'mediaType': MEDIA_TYPE[extension],
+                'mediaType': MEDIA_TYPES[extension],
                 'url': (
                     f'https://{current_app.config["AP_DOMAIN"]}'
                     f'/api/users/{self.user.username}/picture'
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 7c31e89f2..c3ba876a0 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -1,21 +1,25 @@
+import os
 import re
-from typing import Tuple
+from typing import Dict, Tuple
 
+import requests
 from flask import current_app
 
 from fittrackee import db
 from fittrackee.federation.exceptions import RemoteActorException
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.models import MEDIA_TYPES, Actor, Domain
 from fittrackee.federation.remote_actor import (
     fetch_remote_actor,
     get_remote_actor,
 )
+from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
 from .exceptions import ActorNotFoundException, DomainNotFoundException
 
 FULL_NAME_REGEX = r'^@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})$'
+MEDIA_EXTENSIONS = {value: key for (key, value) in MEDIA_TYPES.items()}
 
 
 def get_username_and_domain(full_name: str) -> Tuple:
@@ -25,6 +29,41 @@ def get_username_and_domain(full_name: str) -> Tuple:
     return result.groups()  # type: ignore
 
 
+def store_or_delete_user_picture(
+    remote_actor_object: Dict, user: User
+) -> None:
+    if remote_actor_object.get('icon', {}).get('type') == 'Image':
+        media_type = remote_actor_object['icon'].get('mediaType', '')
+        file_extension = MEDIA_EXTENSIONS.get(media_type)
+        if not file_extension:
+            return
+
+        picture_url = remote_actor_object['icon']['url']
+        response = requests.get(picture_url)
+        if response.status_code >= 400:
+            return
+
+        dirpath = os.path.join(
+            current_app.config['UPLOAD_FOLDER'], 'pictures', str(user.id)
+        )
+        if not os.path.exists(dirpath):
+            os.makedirs(dirpath)
+        filename = f'{user.username}.{file_extension}'
+        absolute_picture_path = os.path.join(dirpath, filename)
+        relative_picture_path = os.path.join(
+            'pictures', str(user.id), filename
+        )
+        with open(absolute_picture_path, 'wb') as file:
+            file.write(response.content)
+        user.picture = relative_picture_path
+
+    elif user.picture:
+        picture_path = get_absolute_file_path(user.picture)
+        if os.path.isfile(picture_path):
+            os.remove(picture_path)
+        user.picture = None
+
+
 def create_remote_user(username: str, domain: str) -> User:
     if domain == current_app.config['UI_URL']:
         raise RemoteActorException(
@@ -90,6 +129,7 @@ def create_remote_user(username: str, domain: str) -> User:
     actor.user.manually_approves_followers = remote_actor_object[
         'manuallyApprovesFollowers'
     ]
+    store_or_delete_user_picture(remote_actor_object, actor.user)
     db.session.commit()
     return actor.user
 
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 44dcbc9bf..caf116338 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -1,3 +1,4 @@
+import os
 from typing import Dict, Union
 from unittest.mock import patch
 
@@ -13,11 +14,13 @@
     create_remote_user,
     get_user_from_username,
     get_username_and_domain,
+    store_or_delete_user_picture,
 )
+from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
-from ...utils import RandomActor, random_string
+from ...utils import RandomActor, generate_response, random_string
 
 
 class TestGetUsernameAndDomain:
@@ -260,6 +263,27 @@ def test_it_creates_remote_actor_when_actor_and_domain_dont_exist(
 
         assert user.username == random_actor.name
 
+    def test_it_calls_store_or_delete_user_picture(
+        self,
+        app_with_federation: Flask,
+        random_actor: RandomActor,
+    ) -> None:
+        remote_actor_object = random_actor.get_remote_user_object()
+        with patch(
+            'fittrackee.federation.utils_user.fetch_remote_actor',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor',
+            return_value=remote_actor_object,
+        ), patch(
+            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+        ) as store_or_delete_mock:
+            user = create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+        store_or_delete_mock.assert_called_with(remote_actor_object, user)
+
     def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
@@ -357,3 +381,147 @@ def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(
             )
 
         assert user.username == random_actor.name
+
+
+class TestStoreOrDeleteUserPicture:
+    @pytest.mark.parametrize(
+        'input_description, input_icon',
+        [
+            (
+                'type is not an image',
+                {
+                    'type': random_string(),
+                    'mediaType': 'image/jpeg',
+                    'url': 'https://example/file.jpg',
+                },
+            ),
+            (
+                'mediatype is not supported',
+                {
+                    'type': 'Image',
+                    'mediaType': random_string(),
+                    'url': f'https://example/file.{random_string()}',
+                },
+            ),
+        ],
+    )
+    def test_it_does_not_store_picture_if_icon_is_not_supported(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        input_description: str,
+        input_icon: Dict,
+    ) -> None:
+        with patch('builtins.open') as open_mock:
+
+            store_or_delete_user_picture(
+                remote_actor_object={
+                    'icon': input_icon,
+                },
+                user=remote_user,
+            )
+
+        assert remote_user.picture is None
+        open_mock.assert_not_called()
+
+    def test_it_does_not_raise_error_if_it_can_not_fetch_image(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        with patch(
+            'requests.get', return_value=generate_response(status_code=404)
+        ), patch('builtins.open') as open_mock:
+
+            store_or_delete_user_picture(
+                remote_actor_object={
+                    'icon': {
+                        'type': 'Image',
+                        'mediaType': 'image/jpeg',
+                        'url': 'https://example.com/916cac70b7c694a4.jpg',
+                    },
+                },
+                user=remote_user,
+            )
+
+        assert remote_user.picture is None
+        open_mock.assert_not_called()
+
+    def test_it_stores_user_picture(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        expected_relative_picture_path = os.path.join(
+            'pictures', str(remote_user.id), f'{remote_user.username}.jpg'
+        )
+        expected_absolute_picture_path = os.path.join(
+            app_with_federation.config['UPLOAD_FOLDER'],
+            expected_relative_picture_path,
+        )
+        with patch(
+            'requests.get', return_value=generate_response(status_code=200)
+        ), patch('builtins.open') as open_mock:
+
+            store_or_delete_user_picture(
+                remote_actor_object={
+                    'icon': {
+                        'type': 'Image',
+                        'mediaType': 'image/jpeg',
+                        'url': f'https://example.com/{random_string()}.jpg',
+                    },
+                },
+                user=remote_user,
+            )
+
+        assert remote_user.picture == expected_relative_picture_path
+        open_mock.assert_called_once_with(expected_absolute_picture_path, 'wb')
+
+    def test_it_updates_user_picture(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        remote_user.picture = random_string()
+        expected_relative_picture_path = os.path.join(
+            'pictures', str(remote_user.id), f'{remote_user.username}.jpg'
+        )
+        expected_absolute_picture_path = os.path.join(
+            app_with_federation.config['UPLOAD_FOLDER'],
+            expected_relative_picture_path,
+        )
+        with patch(
+            'requests.get', return_value=generate_response(status_code=200)
+        ), patch('builtins.open') as open_mock:
+
+            store_or_delete_user_picture(
+                remote_actor_object={
+                    'icon': {
+                        'type': 'Image',
+                        'mediaType': 'image/jpeg',
+                        'url': f'https://example.com/{random_string()}.jpg',
+                    },
+                },
+                user=remote_user,
+            )
+
+        assert remote_user.picture == expected_relative_picture_path
+        open_mock.assert_called_once_with(expected_absolute_picture_path, 'wb')
+
+    def test_it_deletes_user_image_if_no_image_in_remote_actor_object(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        user_picture_path = random_string()
+        remote_user.picture = user_picture_path
+        with patch('os.path.isfile', return_value=True), patch(
+            'os.remove'
+        ) as os_remove_mock:
+
+            store_or_delete_user_picture(
+                remote_actor_object={}, user=remote_user
+            )
+
+        assert remote_user.picture is None
+        os_remove_mock.assert_called_with(
+            get_absolute_file_path(user_picture_path)
+        )
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 05c77f7fc..18408b8f7 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -50,6 +50,7 @@ def get_remote_user_object(
     domain: str,
     profile_url: Optional[str] = None,
     manually_approves_followers: bool = True,
+    with_icon: bool = False,
 ) -> Dict:
     user_url = f'{domain}/users/{preferred_username}'
     user_object = {
@@ -75,6 +76,12 @@ def get_remote_user_object(
     }
     if profile_url:
         user_object['url'] = profile_url
+    if with_icon:
+        user_object['icon'] = {
+            'type': 'Image',
+            'mediaType': 'image/jpeg',
+            'url': 'https://exemple.com/916cac70b7c694a4.jpg',
+        }
     return user_object
 
 
@@ -99,13 +106,14 @@ def activitypub_id(self) -> str:
     def profile_url(self) -> str:
         return f'{self.domain}/{self.preferred_username}'
 
-    def get_remote_user_object(self) -> Dict:
+    def get_remote_user_object(self, with_icon: bool = False) -> Dict:
         return get_remote_user_object(
             self.name,
             self.preferred_username,
             self.domain,
             self.profile_url,
             self.manually_approves_followers,
+            with_icon,
         )
 
     def get_webfinger(self) -> Dict:

From 19fb58029d2f8f8a834c343b5c2df0c46aed6445 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 23 Jan 2022 10:39:49 +0100
Subject: [PATCH 089/238] API - return remote user account (fullname)

---
 fittrackee/tests/federation/users/test_users_model.py | 6 ++++++
 fittrackee/tests/users/test_users_model.py            | 1 +
 fittrackee/users/models.py                            | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 80d126209..aa77676bc 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -13,12 +13,18 @@ def test_user_is_not_remote_when_actor_is_local(
     ) -> None:
         assert user_1.is_remote is False
         assert user_1.serialize()['is_remote'] is False
+        assert 'fullname' not in user_1.serialize()
 
     def test_user_is_remote_when_actor_is_remote(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
+        print(remote_user.serialize()['fullname'])
         assert remote_user.is_remote is True
         assert remote_user.serialize()['is_remote'] is True
+        assert (
+            remote_user.serialize()['fullname']
+            == f'@{remote_user.actor.fullname}'
+        )
 
 
 class TestFollowRequestModelWithFederation:
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index b4a17dd86..888c1afb9 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -261,6 +261,7 @@ def test_user_is_not_remote_when_federation_is_disabled(
     ) -> None:
         assert user_1.is_remote is False
         assert user_1.serialize()['is_remote'] is False
+        assert 'fullname' not in user_1.serialize()
 
 
 class TestUserSportModel:
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 143266d19..13d99e0a5 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -458,6 +458,8 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
             'workouts_visibility': self.workouts_visibility.value,
             'username': self.username,
         }
+        if self.is_remote:
+            serialized_user['fullname'] = f'@{self.actor.fullname}'
 
         if role is not None:
             total = (0, '0:00:00')

From 331cffe7c563bc965242cadafb43c261b925719f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 23 Jan 2022 13:48:14 +0100
Subject: [PATCH 090/238] API - minor refactoring

---
 fittrackee/federation/remote_actor.py         |  4 +-
 fittrackee/federation/utils_user.py           |  8 ++--
 .../federation/test_federation_utils_user.py  | 40 +++++++++----------
 .../federation/test_remote_actor.py           |  6 +--
 .../tests/federation/users/test_users_api.py  |  6 +--
 5 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/fittrackee/federation/remote_actor.py b/fittrackee/federation/remote_actor.py
index 29ae110f5..4cb7ea7a1 100644
--- a/fittrackee/federation/remote_actor.py
+++ b/fittrackee/federation/remote_actor.py
@@ -5,7 +5,7 @@
 from fittrackee.federation.exceptions import ActorNotFoundException
 
 
-def get_remote_actor(actor_url: str) -> Dict:
+def get_remote_actor_url(actor_url: str) -> Dict:
     response = requests.get(
         actor_url,
         headers={'Accept': 'application/activity+json'},
@@ -16,7 +16,7 @@ def get_remote_actor(actor_url: str) -> Dict:
     return response.json()
 
 
-def fetch_remote_actor(username: str, domain: str) -> Dict:
+def fetch_account_from_webfinger(username: str, domain: str) -> Dict:
     response = requests.get(
         f'https://{domain}/.well-known/webfinger?'
         f'resource=acct:{username}@{domain}',
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index c3ba876a0..7baab5697 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -9,8 +9,8 @@
 from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.models import MEDIA_TYPES, Actor, Domain
 from fittrackee.federation.remote_actor import (
-    fetch_remote_actor,
-    get_remote_actor,
+    fetch_account_from_webfinger,
+    get_remote_actor_url,
 )
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
@@ -78,7 +78,7 @@ def create_remote_user(username: str, domain: str) -> User:
 
     # get account links via Webfinger
     try:
-        webfinger = fetch_remote_actor(username, domain)
+        webfinger = fetch_account_from_webfinger(username, domain)
     except ActorNotFoundException:
         raise RemoteActorException('can not fetch remote actor')
     remote_actor_url = next(
@@ -91,7 +91,7 @@ def create_remote_user(username: str, domain: str) -> User:
         )
 
     try:
-        remote_actor_object = get_remote_actor(remote_actor_url['href'])
+        remote_actor_object = get_remote_actor_url(remote_actor_url['href'])
     except ActorNotFoundException:
         raise RemoteActorException('can not fetch remote actor')
 
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index caf116338..ecae00e5a 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -85,7 +85,7 @@ def test_it_returns_error_if_remote_webfinger_returns_error(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             side_effect=ActorNotFoundException(),
         ), pytest.raises(
             RemoteActorException,
@@ -139,7 +139,7 @@ def test_it_returns_error_if_remote_webfinger_does_not_return_links(
         input_webfinger: Dict,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value={},
         ), pytest.raises(
             RemoteActorException,
@@ -159,10 +159,10 @@ def test_it_returns_error_if_fetching_remote_user_returns_error(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             side_effect=ActorNotFoundException(),
         ), pytest.raises(
             RemoteActorException,
@@ -182,10 +182,10 @@ def test_it_returns_error_if_preferred_username_is_missing_in_remote_actor_objec
         remote_user_object = random_actor.get_remote_user_object()
         del remote_user_object['preferredUsername']
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=remote_user_object,
         ), pytest.raises(
             RemoteActorException,
@@ -203,10 +203,10 @@ def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value={
                 'preferredUsername': random_actor.preferred_username,
             },
@@ -228,10 +228,10 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
         random_actor.domain = f'https://{remote_domain.name}'
         random_actor.manually_approves_followers = False
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
 
@@ -251,10 +251,10 @@ def test_it_creates_remote_actor_when_actor_and_domain_dont_exist(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = create_remote_user(
@@ -270,10 +270,10 @@ def test_it_calls_store_or_delete_user_picture(
     ) -> None:
         remote_actor_object = random_actor.get_remote_user_object()
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=remote_actor_object,
         ), patch(
             'fittrackee.federation.utils_user.store_or_delete_user_picture'
@@ -293,7 +293,7 @@ def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         remote_user_object['manuallyApprovesFollowers'] = False
         last_fetched = remote_user.actor.last_fetch_date
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value={
                 'subject': f'acct:{remote_user.actor.fullname}',
                 'links': [
@@ -305,7 +305,7 @@ def test_it_returns_updated_remote_actor_if_remote_actor_exists(
                 ],
             },
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=remote_user_object,
         ):
             create_remote_user(
@@ -328,10 +328,10 @@ def test_it_creates_additional_remote_actor(
         check constrains on User model
         """
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = create_remote_user(
@@ -370,10 +370,10 @@ def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(
         self, app_with_federation: Flask, random_actor: RandomActor
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = get_user_from_username(
diff --git a/fittrackee/tests/federation/federation/test_remote_actor.py b/fittrackee/tests/federation/federation/test_remote_actor.py
index e0b464c4c..1de4a48f3 100644
--- a/fittrackee/tests/federation/federation/test_remote_actor.py
+++ b/fittrackee/tests/federation/federation/test_remote_actor.py
@@ -4,7 +4,7 @@
 import requests
 
 from fittrackee.federation.exceptions import ActorNotFoundException
-from fittrackee.federation.remote_actor import get_remote_actor
+from fittrackee.federation.remote_actor import get_remote_actor_url
 
 from ...utils import RandomActor, generate_response, random_actor_url
 
@@ -15,7 +15,7 @@ def test_it_returns_error_if_remote_instance_returns_error(self) -> None:
             requests_mock.return_value = generate_response(status_code=404)
 
             with pytest.raises(ActorNotFoundException):
-                get_remote_actor(random_actor_url())
+                get_remote_actor_url(random_actor_url())
 
     def test_it_returns_user_object_if_remote_response_is_successful(
         self, random_actor: RandomActor
@@ -26,6 +26,6 @@ def test_it_returns_user_object_if_remote_response_is_successful(
                 status_code=200, content=remote_user
             )
 
-            expected_user = get_remote_actor(random_actor.activitypub_id)
+            expected_user = get_remote_actor_url(random_actor.activitypub_id)
 
             assert remote_user == expected_user
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index eb2cace32..a429dbb56 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -121,10 +121,10 @@ def test_it_creates_and_returns_remote_user(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor',
+            'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             response = client.get(
@@ -157,7 +157,7 @@ def test_it_empty_list_if_remote_user_does_not_exist(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.fetch_remote_actor',
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             side_effect={},
         ):
             response = client.get(

From c88aa998f76943f07f100359878ee3fa13870066 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 23 Jan 2022 15:28:23 +0100
Subject: [PATCH 091/238] API - get followers/following count for remote user
 from remote instance

---
 fittrackee/federation/models.py               | 50 ++++++++++-
 fittrackee/federation/utils_user.py           | 15 ++++
 .../23_8842c351a2d8_init_federation.py        | 25 ++++++
 .../federation/test_federation_models.py      | 21 ++++-
 .../federation/test_federation_utils_user.py  | 86 +++++++++++++++++++
 .../federation/users/test_users_model.py      | 13 ++-
 fittrackee/users/models.py                    |  5 ++
 7 files changed, 212 insertions(+), 3 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index a5431fb36..e22ec5277 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -1,7 +1,11 @@
 from datetime import datetime
-from typing import Dict, Optional
+from typing import Any, Dict, Optional
 
 from flask import current_app
+from sqlalchemy.engine.base import Connection
+from sqlalchemy.event import listens_for
+from sqlalchemy.orm.mapper import Mapper
+from sqlalchemy.orm.session import Session
 from sqlalchemy.types import Enum
 
 from fittrackee import BaseModel, db
@@ -82,6 +86,9 @@ class Actor(BaseModel):
 
     domain = db.relationship('Domain', back_populates='actors')
     user = db.relationship('User', uselist=False, back_populates='actor')
+    stats = db.relationship(
+        'RemoteActorStats', cascade='all, delete', uselist=False
+    )
 
     def __str__(self) -> str:
         return f'<Actor \'{self.name}\'>'
@@ -110,6 +117,15 @@ def __init__(
             )
             self.generate_keys()
 
+    @classmethod
+    def generate_stats_if_remote(
+        cls, actor_id: int, domain_id: int, session: Session
+    ) -> None:
+        domain = Domain.query.filter_by(id=domain_id).first()
+        if domain.name != current_app.config['AP_DOMAIN']:
+            stats = RemoteActorStats(actor_id=actor_id)
+            session.add(stats)
+
     def generate_keys(self) -> None:
         self.public_key, self.private_key = generate_keys()
 
@@ -180,3 +196,35 @@ def serialize(self) -> Dict:
                 ),
             }
         return actor_dict
+
+
+@listens_for(Actor, 'after_insert')
+def on_actor_insert(
+    mapper: Mapper, connection: Connection, actor: Actor
+) -> None:
+    @listens_for(db.Session, 'after_flush', once=True)
+    def receive_after_flush(session: Session, context: Any) -> None:
+        Actor.generate_stats_if_remote(
+            actor_id=actor.id, domain_id=actor.domain_id, session=session
+        )
+
+
+class RemoteActorStats(BaseModel):
+    """ActivityPub Remote Actor statistics"""
+
+    __tablename__ = 'remote_actors_stats'
+
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    actor_id = db.Column(
+        db.Integer,
+        db.ForeignKey('actors.id'),
+        nullable=False,
+        index=True,
+        unique=True,
+    )
+    items = db.Column(db.Integer, default=0, nullable=False)
+    followers = db.Column(db.Integer, default=0, nullable=False)
+    following = db.Column(db.Integer, default=0, nullable=False)
+
+    def __init__(self, actor_id: int) -> None:
+        self.actor_id = actor_id
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 7baab5697..827c433ec 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -20,6 +20,7 @@
 
 FULL_NAME_REGEX = r'^@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})$'
 MEDIA_EXTENSIONS = {value: key for (key, value) in MEDIA_TYPES.items()}
+ACTOR_URL_TYPES = ['followers', 'following']
 
 
 def get_username_and_domain(full_name: str) -> Tuple:
@@ -64,6 +65,19 @@ def store_or_delete_user_picture(
         user.picture = None
 
 
+def update_remote_actor_stats(actor: Actor) -> None:
+    # TODO: handle stats.items (after implementing outbox)
+    if not actor.is_remote:
+        return
+
+    for url_type in ACTOR_URL_TYPES:
+        try:
+            data = get_remote_actor_url(getattr(actor, f'{url_type}_url'))
+        except ActorNotFoundException:
+            return
+        setattr(actor.stats, url_type, data.get('totalItems', 0))
+
+
 def create_remote_user(username: str, domain: str) -> User:
     if domain == current_app.config['UI_URL']:
         raise RemoteActorException(
@@ -130,6 +144,7 @@ def create_remote_user(username: str, domain: str) -> User:
         'manuallyApprovesFollowers'
     ]
     store_or_delete_user_picture(remote_actor_object, actor.user)
+    update_remote_actor_stats(actor)
     db.session.commit()
     return actor.user
 
diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 63c0ca33c..0ba8eab94 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -86,6 +86,25 @@ def upgrade():
             'domain_id', 'preferred_username', name='domain_username_unique'
         ),
     )
+    op.create_table(
+        'remote_actors_stats',
+        sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+        sa.Column('actor_id', sa.Integer(), nullable=False),
+        sa.Column('items', sa.Integer(), server_default=sa.text('0'), nullable=False),
+        sa.Column('followers', sa.Integer(), server_default=sa.text('0'), nullable=False),
+        sa.Column('following', sa.Integer(), server_default=sa.text('0'), nullable=False),
+        sa.ForeignKeyConstraint(
+            ['actor_id'],
+            ['actors.id'],
+        ),
+        sa.PrimaryKeyConstraint('id'),
+    )
+    op.create_index(
+        op.f('ix_remote_actors_stats_actor_id'),
+        'remote_actors_stats',
+        ['actor_id'],
+        unique=True
+    )
 
     op.add_column(
         'users',
@@ -234,6 +253,12 @@ def downgrade():
     op.drop_column('users', 'manually_approves_followers')
     op.drop_column('users', 'actor_id')
 
+    op.drop_index(
+        op.f('ix_remote_actors_stats_actor_id'),
+        table_name='remote_actors_stats'
+    )
+    op.drop_table('remote_actors_stats')
+
     op.drop_table('actors')
     op.execute('DROP TYPE actor_types')
     op.create_unique_constraint('users_username_key', 'users', ['username'])
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 10697e369..d0a716466 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -7,7 +7,7 @@
 from flask import Flask
 
 from fittrackee.federation.constants import AP_CTX
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.models import Actor, Domain, RemoteActorStats
 from fittrackee.federation.utils import get_ap_url
 from fittrackee.users.models import User
 
@@ -149,6 +149,14 @@ def test_generated_key_is_valid(
         # it raises ValueError if signature is invalid
         signer.verify(hashed_message, signer.sign(hashed_message))
 
+    def test_it_does_not_create_remote_actor_stats(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        stats = RemoteActorStats.query.filter_by(
+            actor_id=user_1.actor_id
+        ).first()
+        assert stats is None
+
 
 class TestActivityPubRemotePersonActorModel:
     def test_actor_is_remote(
@@ -213,6 +221,17 @@ def test_it_returns_serialized_object(
             == f'{remote_domain_url}/inbox'
         )
 
+    def test_it_creates_remote_actor_stats(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        stats = RemoteActorStats.query.filter_by(
+            actor_id=remote_user.actor_id
+        ).first()
+
+        assert stats.items == 0
+        assert stats.followers == 0
+        assert stats.following == 0
+
 
 class TestActivityPubActorModel:
     def test_it_returns_actor_empty_name(
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index ecae00e5a..450702879 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -15,6 +15,7 @@
     get_user_from_username,
     get_username_and_domain,
     store_or_delete_user_picture,
+    update_remote_actor_stats,
 )
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
@@ -284,6 +285,29 @@ def test_it_calls_store_or_delete_user_picture(
 
         store_or_delete_mock.assert_called_with(remote_actor_object, user)
 
+    def test_it_calls_update_remote_actor_stats(
+        self,
+        app_with_federation: Flask,
+        random_actor: RandomActor,
+    ) -> None:
+        remote_actor_object = random_actor.get_remote_user_object()
+        with patch(
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value=remote_actor_object,
+        ), patch(
+            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils_user.update_remote_actor_stats'
+        ) as update_remote_actor_stats_mock:
+            user = create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+        update_remote_actor_stats_mock.assert_called_with(user.actor)
+
     def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
@@ -525,3 +549,65 @@ def test_it_deletes_user_image_if_no_image_in_remote_actor_object(
         os_remove_mock.assert_called_with(
             get_absolute_file_path(user_picture_path)
         )
+
+
+class TestUpdateRemoteActorStats:
+    def test_it_does_not_raise_error_if_actor_url_is_not_reachable(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        with patch(
+            'requests.get', return_value=generate_response(status_code=400)
+        ):
+
+            update_remote_actor_stats(remote_user.actor)
+
+        assert remote_user.actor.stats.items == 0
+
+    def test_it_does_not_fetch_actor_urls_if_user_is_local(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        with patch('requests.get') as get_mock:
+
+            update_remote_actor_stats(user_1.actor)
+
+        get_mock.assert_not_called()
+
+    def test_it_updates_followers_count(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        expected_followers_count = 10
+        response_content = {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': remote_user.actor.followers_url,
+            'type': 'OrderedCollection',
+            'totalItems': expected_followers_count,
+            'first': f'{remote_user.actor.followers_url}?page=1',
+        }
+        with patch(
+            'requests.get',
+            return_value=generate_response(content=response_content),
+        ):
+
+            update_remote_actor_stats(remote_user.actor)
+
+        assert remote_user.actor.stats.followers == expected_followers_count
+
+    def test_it_updates_following_count(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        expected_following_count = 33
+        response_content = {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': remote_user.actor.following_url,
+            'type': 'OrderedCollection',
+            'totalItems': expected_following_count,
+            'first': f'{remote_user.actor.following_url}?page=1',
+        }
+        with patch(
+            'requests.get',
+            return_value=generate_response(content=response_content),
+        ):
+
+            update_remote_actor_stats(remote_user.actor)
+
+        assert remote_user.actor.stats.following == expected_following_count
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index aa77676bc..ea5b1e9e3 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -18,7 +18,6 @@ def test_user_is_not_remote_when_actor_is_local(
     def test_user_is_remote_when_actor_is_remote(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
-        print(remote_user.serialize()['fullname'])
         assert remote_user.is_remote is True
         assert remote_user.serialize()['is_remote'] is True
         assert (
@@ -26,6 +25,18 @@ def test_user_is_remote_when_actor_is_remote(
             == f'@{remote_user.actor.fullname}'
         )
 
+    def test_it_returns_remote_actor_stats_when_user_is_remote(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        expected_followers = 10
+        expected_following = 23
+        remote_user.actor.stats.followers = expected_followers
+        remote_user.actor.stats.following = expected_following
+
+        serialized_user = remote_user.serialize()
+        assert serialized_user['followers'] == expected_followers
+        assert serialized_user['following'] == expected_following
+
 
 class TestFollowRequestModelWithFederation:
     def test_follow_request_model(
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 13d99e0a5..5f06eacfe 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -460,6 +460,11 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
         }
         if self.is_remote:
             serialized_user['fullname'] = f'@{self.actor.fullname}'
+            serialized_user['followers'] = self.actor.stats.followers
+            serialized_user['following'] = self.actor.stats.following
+        else:
+            serialized_user['followers'] = self.followers.count()
+            serialized_user['following'] = self.following.count()
 
         if role is not None:
             total = (0, '0:00:00')

From a8241dc7dc20ca42e06691cb5617692cb936fa83 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 18:34:20 +0100
Subject: [PATCH 092/238] API - fixes and changes on users

---
 fittrackee/federation/utils_user.py           |  11 +-
 .../federation/test_federation_utils_user.py  |  26 ++++
 .../tests/federation/users/test_auth_api.py   |  25 +++
 .../tests/federation/users/test_users_api.py  | 143 ++++++++++++++----
 .../federation/users/test_users_follow_api.py |  48 ++++++
 .../fixtures/fixtures_federation_users.py     |  12 +-
 fittrackee/users/auth.py                      |   3 +-
 fittrackee/users/users.py                     |  25 +--
 8 files changed, 248 insertions(+), 45 deletions(-)

diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 827c433ec..58761107a 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -150,11 +150,15 @@ def create_remote_user(username: str, domain: str) -> User:
 
 
 def get_user_from_username(
-    user_name: str, with_creation: bool = False
+    user_name: str,
+    with_creation: bool = False,  # or refresh actor if exists
 ) -> User:
     name, domain_name = get_username_and_domain(user_name)
     if domain_name is None:  # local actor
-        user = User.query.filter_by(username=user_name).first()
+        user = User.query.filter(
+            User.username == user_name,
+            User.is_remote == False,  # noqa
+        ).first()
     else:  # remote actor
         actor = None
         domain = Domain.query.filter_by(name=domain_name).first()
@@ -169,6 +173,9 @@ def get_user_from_username(
                 return create_remote_user(name, domain_name)
             else:
                 raise ActorNotFoundException()
+        if with_creation:
+            update_remote_actor_stats(actor)
+            db.session.commit()
         user = actor.user
     if not user:
         raise UserNotFoundException()
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 450702879..0965efd65 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -372,6 +372,12 @@ def test_it_raises_exception_if_no_user(
         with pytest.raises(UserNotFoundException):
             get_user_from_username(random_string())
 
+    def test_it_raises_exception_if_only_remote_user_exists_when_usernme_provided(  # noqa
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        with pytest.raises(UserNotFoundException):
+            get_user_from_username(remote_user.username)
+
     def test_it_raises_exception_if_no_local_user_and_with_creation(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
@@ -406,6 +412,26 @@ def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(
 
         assert user.username == random_actor.name
 
+    def test_it_creates_remote_user_when_regsitreation_is_disabled(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+    ) -> None:
+        app_with_federation.config['is_registration_enabled'] = False
+        with patch(
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            user = get_user_from_username(
+                random_actor.fullname, with_creation=True
+            )
+
+        assert user.username == random_actor.name
+
 
 class TestStoreOrDeleteUserPicture:
     @pytest.mark.parametrize(
diff --git a/fittrackee/tests/federation/users/test_auth_api.py b/fittrackee/tests/federation/users/test_auth_api.py
index 4ec21baa8..9c95b8284 100644
--- a/fittrackee/tests/federation/users/test_auth_api.py
+++ b/fittrackee/tests/federation/users/test_auth_api.py
@@ -33,3 +33,28 @@ def test_it_creates_actor_on_user_registration(
         self, app_with_federation: Flask
     ) -> None:
         assert_actor_is_created(app=app_with_federation)
+
+    def test_local_user_can_register_if_remote_user_exists_with_same_username(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.post(
+            '/api/auth/register',
+            data=json.dumps(
+                dict(
+                    username=remote_user.username,
+                    email='test@test.com',
+                    password='12345678',
+                    password_conf='12345678',
+                )
+            ),
+            content_type='application/json',
+        )
+
+        assert response.status_code == 201
+        created_user = User.query.filter(
+            User.username == remote_user.username,
+            User.is_remote == False,  # noqa
+        ).first()
+        assert created_user.id != remote_user.id
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index a429dbb56..9163361bd 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -1,13 +1,19 @@
 import json
 from unittest.mock import patch
 
+import pytest
 from flask import Flask
 
 from fittrackee.federation.models import Actor
 from fittrackee.users.models import User
 
 from ...test_case_mixins import ApiTestCaseMixin
-from ...utils import RandomActor, jsonify_dict
+from ...utils import (
+    RandomActor,
+    generate_response,
+    jsonify_dict,
+    random_string,
+)
 
 
 class TestGetLocalUsers(ApiTestCaseMixin):
@@ -37,6 +43,43 @@ def test_it_gets_users_list(
         assert data['data']['users'][1]['username'] == user_1.username
         assert data['data']['users'][1]['is_remote'] is False
 
+    @pytest.mark.parametrize(
+        'input_desc, input_username',
+        [
+            ('not existing user', random_string()),
+            ('remote user account', '@sam@example.com'),
+        ],
+    )
+    def test_it_returns_empty_users_list_filtering_on_username(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        input_desc: str,
+        input_username: str,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            f'/api/users?q={input_username}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
 
 class TestGetRemoteUsers(ApiTestCaseMixin):
     def test_it_gets_users_list(
@@ -63,37 +106,22 @@ def test_it_gets_users_list(
         assert data['data']['users'][0]['username'] == remote_user.username
         assert data['data']['users'][0]['is_remote']
 
-
-class TestDeleteUser(ApiTestCaseMixin):
-    def test_it_deletes_actor_when_deleting_user(
-        self, app_with_federation: Flask, user_1_admin: User, user_2: User
-    ) -> None:
-        actor_id = user_2.actor_id
-        client, auth_token = self.get_test_client_and_auth_token(
-            app_with_federation, user_1_admin.email
-        )
-
-        client.delete(
-            f'/api/users/{user_2.username}',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        assert Actor.query.filter_by(id=actor_id).first() is None
-
-
-class TestGetUsersWithRemoteUser(ApiTestCaseMixin):
-    def test_it_returns_remote_user(
+    def test_it_returns_remote_user_when_query_contains_account(
         self, app_with_federation: Flask, user_1: User, remote_user: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
         )
 
-        response = client.get(
-            f'/api/users?q=@{remote_user.actor.fullname}',
-            content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
+        with patch(
+            'requests.get',
+            return_value=generate_response(content={'totalItems': 0}),
+        ):
+            response = client.get(
+                f'/api/users/remote?q=@{remote_user.actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
@@ -128,7 +156,7 @@ def test_it_creates_and_returns_remote_user(
             return_value=random_actor.get_remote_user_object(),
         ):
             response = client.get(
-                f'/api/users?q=@{random_actor.fullname}',
+                f'/api/users/remote?q=@{random_actor.fullname}',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
@@ -161,7 +189,7 @@ def test_it_empty_list_if_remote_user_does_not_exist(
             side_effect={},
         ):
             response = client.get(
-                f'/api/users?q=@{random_actor.fullname}',
+                f'/api/users/remote?q=@{random_actor.fullname}',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
@@ -177,3 +205,62 @@ def test_it_empty_list_if_remote_user_does_not_exist(
             'pages': 0,
             'total': 0,
         }
+
+
+class TestDeleteUser(ApiTestCaseMixin):
+    def test_it_deletes_actor_when_deleting_user(
+        self, app_with_federation: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        actor_id = user_2.actor_id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1_admin.email
+        )
+
+        client.delete(
+            f'/api/users/{user_2.username}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert Actor.query.filter_by(id=actor_id).first() is None
+
+
+class TestGetRemoteUser(ApiTestCaseMixin):
+    def test_it_returns_error_if_remote_user_does_not_exists(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/@{random_actor.fullname}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+    def test_it_returns_remote_user_if_exists(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/@{remote_user.actor.fullname}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0]['username'] == remote_user.username
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index 9db38d71c..fe25be008 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -34,6 +34,27 @@ def test_it_raises_error_if_target_user_does_not_exist(
         assert data['status'] == 'not found'
         assert data['message'] == 'user does not exist'
 
+    def test_it_raises_error_if_username_matches_only_a_remote_user(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{remote_user.username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'not found'
+        assert data['message'] == 'user does not exist'
+
     def test_it_raises_error_if_target_user_has_already_rejected_request(
         self,
         app_with_federation: Flask,
@@ -80,6 +101,33 @@ def test_it_creates_follow_request(
             f"is sent."
         )
 
+    def test_it_creates_follow_request_with_local_user_when_only_username_provided(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+    ) -> None:
+        remote_user.username = user_2.username
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.actor.preferred_username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert (
+            data['message']
+            == f"Follow request to user '{user_2.actor.preferred_username}' "
+            f"is sent."
+        )
+
     def test_it_returns_success_if_follow_request_already_exists(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index 8b84633dc..4ded3497d 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -4,23 +4,27 @@
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.users.models import FollowRequest, User
 
-from ..utils import generate_follow_request, get_remote_user_object
+from ..utils import (
+    generate_follow_request,
+    get_remote_user_object,
+    random_string,
+)
 
 
 def generate_remote_user(
     remote_domain: Domain, without_profile_page: bool = False
 ) -> User:
     domain = f'https://{remote_domain.name}'
-    user_name = 'test'
+    user_name = random_string()[0:30]
     if without_profile_page:
         remote_user_object = get_remote_user_object(
-            username='Test',
+            username=user_name.capitalize(),
             preferred_username=user_name,
             domain=domain,
         )
     else:
         remote_user_object = get_remote_user_object(
-            username='Test',
+            username=user_name.capitalize(),
             preferred_username=user_name,
             domain=domain,
             profile_url=f'{domain}/{user_name}',
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index bea08982f..596a6dc16 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -126,10 +126,11 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
     try:
         # check for existing user
         user = User.query.filter(
+            User.is_remote == False,  # noqa
             or_(
                 func.lower(User.username) == func.lower(username),
                 func.lower(User.email) == func.lower(email),
-            )
+            ),
         ).first()
         if user:
             return InvalidPayloadErrorResponse(
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 5cffd6cf9..b6404ba26 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -4,7 +4,7 @@
 from typing import Any, Dict, Optional, Tuple, Union
 
 import click
-from flask import Blueprint, current_app, request, send_file
+from flask import Blueprint, request, send_file
 from sqlalchemy import exc
 
 from fittrackee import appLog, db
@@ -62,11 +62,7 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
     params = request.args.copy()
 
     query = params.get('q')
-    if (
-        current_app.config['federation_enabled']
-        and query
-        and re.match(FULL_NAME_REGEX, query)
-    ):
+    if remote and query and re.match(FULL_NAME_REGEX, query):
         try:
             user = get_user_from_username(query, with_creation=True)
         except Exception:  # noqa
@@ -304,7 +300,9 @@ def get_remote_users(
     app_domain: Domain,
 ) -> Dict:
     """
-    Get all remote users (only if federation is enabled)
+    Get all remote existing users (only if federation is enabled).
+    If a full account is provided in query, if creates remote user if it
+    doesn't exist.
 
     **Example request**:
 
@@ -341,6 +339,7 @@ def get_remote_users(
               "followers": 0,
               "following": 0,
               "follows": "false",
+              "fullname": "@sam@example.com",
               "is_followed_by": "false",
               "is_remote": true,
               "last_name": null,
@@ -363,7 +362,7 @@ def get_remote_users(
 
     :query integer page: page if using pagination (default: 1)
     :query integer per_page: number of users per page (default: 10, max: 50)
-    :query string q: query on user name
+    :query string q: query on username or account
     :query string order_by: sorting criteria (``username``, ``created_at``,
                             ``workouts_count``, ``admin``,
                             default: ``username``)
@@ -389,6 +388,7 @@ def get_single_user(
 ) -> Union[Dict, HttpResponse]:
     """
     Get single user details.
+    If username is a remote user account, it returns remote user if exists.
     If a user is authenticated, it returns relationships.
     If authenticated user has admin rights, user email is returned.
 
@@ -526,13 +526,18 @@ def get_single_user(
         - user does not exist
     """
     try:
-        user = User.query.filter_by(username=user_name).first()
+        user = get_user_from_username(user_name)
         if user:
             return {
                 'status': 'success',
                 'data': {'users': [user.serialize(auth_user)]},
             }
-    except ValueError:
+    except (
+        ValueError,
+        ActorNotFoundException,
+        DomainNotFoundException,
+        UserNotFoundException,
+    ):
         pass
     return UserNotFoundErrorResponse()
 

From d97621a20d24a7a2e313fdcd231572a1423dd6fd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 23 Jan 2022 19:50:04 +0100
Subject: [PATCH 093/238] Client - search a remote user

---
 fittrackee_client/src/components/Users/UsersList.vue | 9 ++++++++-
 fittrackee_client/src/locales/en/user.json           | 1 +
 fittrackee_client/src/locales/fr/user.json           | 1 +
 fittrackee_client/src/store/modules/users/actions.ts | 6 +++++-
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/fittrackee_client/src/components/Users/UsersList.vue b/fittrackee_client/src/components/Users/UsersList.vue
index 208d553e2..8d30d0be5 100644
--- a/fittrackee_client/src/components/Users/UsersList.vue
+++ b/fittrackee_client/src/components/Users/UsersList.vue
@@ -1,7 +1,7 @@
 <template>
   <div class="users-list">
     <UsersFilters @filterOnUsername="searchUsers" />
-    <div class="container users-container">
+    <div class="container users-container" v-if="users.length > 0">
       <div v-for="user in users" :key="user.username" class="user-box">
         <UserCard
           :authUser="authUser"
@@ -11,6 +11,9 @@
         />
       </div>
     </div>
+    <div class="no-users" v-else>
+      {{ $t('user.NO_USERS_FOUND') }}
+    </div>
     <Pagination
       v-if="pagination.page"
       path="/users"
@@ -130,5 +133,9 @@
         }
       }
     }
+
+    .no-users {
+      padding: $default-padding;
+    }
   }
 </style>
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 684d27e51..a7fc0b4ea 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -10,6 +10,7 @@
   "LANGUAGE": "Language",
   "LOGIN": "Login",
   "LOGOUT": "Logout",
+  "NO_USERS_FOUND": "No users found.",
   "PASSWORD": "Password",
   "PASSWORD_CONFIRM": "Confirm Password",
   "PASSWORD_CONFIRMATION": "Password confirmation",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 2968d794a..7b903a50b 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -10,6 +10,7 @@
   "LANGUAGE": "Langue",
   "LOGIN": "Se connecter",
   "LOGOUT": "Se déconnecter",
+  "NO_USERS_FOUND": "Aucun utilisateur.",
   "PASSWORD": "Mot de passe",
   "PASSWORD_CONFIRM": "Confirmation du mot de passe",
   "PASSWORD_CONFIRMATION": "Confirmation du mot de passe",
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index 06889c4a9..d9280cd6f 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -15,6 +15,8 @@ import {
 } from '@/types/user'
 import { handleError } from '@/utils'
 
+const ACCOUNT_REGEX = /^@([\w_\-.]+)@([\w_\-.]+\.[a-z]{2,})$/g
+
 export const deleteUserAccount = (
   context:
     | ActionContext<IAuthUserState, IRootState>
@@ -90,8 +92,10 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
+    const isRemote =
+      payload.q && payload.q.match(ACCOUNT_REGEX) ? '/remote' : ''
     authApi
-      .get('users', { params: payload })
+      .get(`users${isRemote}`, { params: payload })
       .then((res) => {
         if (res.data.status === 'success') {
           context.commit(

From ab6945e46323ab633cca0ff8297308d0ab991d36 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 23 Jan 2022 19:57:47 +0100
Subject: [PATCH 094/238] Client - init following a remote user (WIP)

---
 .../src/components/User/UserCard.vue          | 10 +++++++++
 .../User/UserRelationshipActions.vue          | 21 +++++++++++++++----
 fittrackee_client/src/types/user.ts           |  2 ++
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index 00a6fdf02..4e288ff87 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -9,6 +9,9 @@
         >
           {{ user.username }}
         </router-link>
+        <div class="remote-user-account" v-if="user.is_remote">
+          {{ user.fullname }}
+        </div>
       </div>
       <UserStats :authUser="authUser" :user="user" />
     </div>
@@ -65,6 +68,7 @@
     padding: $default-padding $default-padding * 2;
     .user-card {
       display: flex;
+      min-height: 140px;
 
       .user-header {
         display: flex;
@@ -83,6 +87,12 @@
             font-size: 4.4em;
           }
         }
+
+        .remote-user-account {
+          font-size: 0.8em;
+          font-style: italic;
+          margin-top: -10px;
+        }
       }
       ::v-deep(.user-stats) {
         flex-direction: column;
diff --git a/fittrackee_client/src/components/User/UserRelationshipActions.vue b/fittrackee_client/src/components/User/UserRelationshipActions.vue
index 57a04a0a0..65341f289 100644
--- a/fittrackee_client/src/components/User/UserRelationshipActions.vue
+++ b/fittrackee_client/src/components/User/UserRelationshipActions.vue
@@ -1,9 +1,12 @@
 <template>
-  <div class="user-actions" v-if="user.username !== authUser.username">
+  <div class="user-actions" v-if="!isAuthUser(user, authUser)">
     <div v-if="user.is_followed_by !== 'pending'">
       <button
         @click="
-          updateRelationship(user.username, user.is_followed_by === 'true')
+          updateRelationship(
+            user.is_remote ? user.fullname : user.username,
+            user.is_followed_by === 'true'
+          )
         "
         :class="{ danger: user.is_followed_by === 'true' }"
       >
@@ -19,7 +22,14 @@
       </button>
     </div>
     <div v-else>
-      <button @click="updateRelationship(user.username, true)">
+      <button
+        @click="
+          updateRelationship(
+            user.is_remote ? user.fullname : user.username,
+            true
+          )
+        "
+      >
         {{ capitalize($t('user.RELATIONSHIPS.CANCEL_FOLLOW_REQUEST')) }}
       </button>
     </div>
@@ -29,7 +39,7 @@
   </div>
   <div
     class="user-actions"
-    v-if="user.username === authUser.username && from !== 'userInfos'"
+    v-if="isAuthUser(user, authUser) && from !== 'userInfos'"
   >
     <div class="follows-you">
       {{ $t('user.YOU') }}
@@ -65,6 +75,9 @@
       from: from.value,
     })
   }
+  function isAuthUser(user: IUserProfile, authUser: IAuthUserProfile): boolean {
+    return !user.is_remote && user.username === authUser.username
+  }
 </script>
 
 <style lang="scss" scoped>
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index de174efe1..a10837218 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -17,7 +17,9 @@ export interface IUserProfile {
   followers: IUserProfile[]
   following: IUserProfile[]
   follows: string
+  fullname?: string
   is_followed_by: string
+  is_remote: boolean
   last_name: string | null
   location: string | null
   map_visibility: TPrivacyLevels

From 3b83aa278369200d66acaf4f2c4e54dd17d5acc7 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 26 Jan 2022 16:16:56 +0100
Subject: [PATCH 095/238] API - return profile link for remote user

---
 fittrackee/tests/federation/users/test_users_model.py | 4 ++++
 fittrackee/users/models.py                            | 1 +
 fittrackee/users/users.py                             | 1 +
 3 files changed, 6 insertions(+)

diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index ea5b1e9e3..06e1e2506 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -24,6 +24,10 @@ def test_user_is_remote_when_actor_is_remote(
             remote_user.serialize()['fullname']
             == f'@{remote_user.actor.fullname}'
         )
+        assert (
+            remote_user.serialize()['profile_link']
+            == remote_user.actor.profile_url
+        )
 
     def test_it_returns_remote_actor_stats_when_user_is_remote(
         self, app_with_federation: Flask, remote_user: User
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 5f06eacfe..505bba90e 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -462,6 +462,7 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
             serialized_user['fullname'] = f'@{self.actor.fullname}'
             serialized_user['followers'] = self.actor.stats.followers
             serialized_user['following'] = self.actor.stats.following
+            serialized_user['profile_link'] = self.actor.profile_url
         else:
             serialized_user['followers'] = self.followers.count()
             serialized_user['following'] = self.following.count()
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index b6404ba26..b6cdb2226 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -348,6 +348,7 @@ def get_remote_users(
               "nb_sports": 0,
               "nb_workouts": 0,
               "picture": false,
+              "profile_link": "https://example.com/@sam"
               "records": [],
               "sports_list": [],
               "total_distance": 0,

From 96d48a7459b097898604debe8cf59365abbd85e4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 26 Jan 2022 19:21:12 +0100
Subject: [PATCH 096/238] API - refactoring remote user creation/refresh + fix
 getting user

---
 fittrackee/federation/utils_user.py           |  94 +++++----
 .../federation/test_federation_utils_user.py  | 199 ++++++++++++++++--
 .../tests/federation/users/test_users_api.py  | 110 +++++++++-
 fittrackee/users/users.py                     |  58 +++--
 fittrackee/workouts/stats.py                  |   5 +-
 5 files changed, 366 insertions(+), 100 deletions(-)

diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 58761107a..412668590 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -1,6 +1,6 @@
 import os
 import re
-from typing import Dict, Tuple
+from typing import Dict, Optional, Tuple
 
 import requests
 from flask import current_app
@@ -16,7 +16,7 @@
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
-from .exceptions import ActorNotFoundException, DomainNotFoundException
+from .exceptions import ActorNotFoundException
 
 FULL_NAME_REGEX = r'^@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})$'
 MEDIA_EXTENSIONS = {value: key for (key, value) in MEDIA_TYPES.items()}
@@ -78,6 +78,14 @@ def update_remote_actor_stats(actor: Actor) -> None:
         setattr(actor.stats, url_type, data.get('totalItems', 0))
 
 
+def update_actor_data(actor: Actor, remote_actor_object: Dict) -> None:
+    actor.user.manually_approves_followers = remote_actor_object[
+        'manuallyApprovesFollowers'
+    ]
+    store_or_delete_user_picture(remote_actor_object, actor.user)
+    update_remote_actor_stats(actor)
+
+
 def create_remote_user(username: str, domain: str) -> User:
     if domain == current_app.config['UI_URL']:
         raise RemoteActorException(
@@ -117,41 +125,56 @@ def create_remote_user(username: str, domain: str) -> User:
         ).first()
     except KeyError:
         raise RemoteActorException('invalid remote actor object')
+    if actor:
+        raise RemoteActorException('actor already exists')
 
-    if not actor:
-        try:
-            actor = Actor(
-                preferred_username=remote_actor_object['preferredUsername'],
-                domain_id=remote_domain.id,
-                remote_user_data=remote_actor_object,
-            )
-        except KeyError:
-            raise RemoteActorException('invalid remote actor object')
-        db.session.add(actor)
-        db.session.flush()
-        user = User(
-            username=remote_actor_object['name'],
-            email=None,
-            password=None,
-            is_remote=True,
+    try:
+        actor = Actor(
+            preferred_username=remote_actor_object['preferredUsername'],
+            domain_id=remote_domain.id,
+            remote_user_data=remote_actor_object,
         )
-        db.session.add(user)
-        user.actor_id = actor.id
-    else:
-        actor.update_remote_data(remote_actor_object)
-        actor.user.username = remote_actor_object['name']
-    actor.user.manually_approves_followers = remote_actor_object[
-        'manuallyApprovesFollowers'
-    ]
-    store_or_delete_user_picture(remote_actor_object, actor.user)
-    update_remote_actor_stats(actor)
+    except KeyError:
+        raise RemoteActorException('invalid remote actor object')
+    db.session.add(actor)
+    db.session.flush()
+    user = User(
+        username=(
+            remote_actor_object['name']
+            if remote_actor_object['name']
+            else remote_actor_object['preferredUsername']
+        ),
+        email=None,
+        password=None,
+        is_remote=True,
+    )
+    db.session.add(user)
+    user.actor_id = actor.id
+    update_actor_data(actor, remote_actor_object)
     db.session.commit()
     return actor.user
 
 
+def update_remote_user(actor: Actor) -> None:
+    if not actor.is_remote:
+        return None
+
+    try:
+        remote_actor_object = get_remote_actor_url(actor.activitypub_id)
+    except ActorNotFoundException:
+        raise RemoteActorException('can not fetch remote actor')
+    actor.user.username = (
+        remote_actor_object['name']
+        if remote_actor_object['name']
+        else remote_actor_object['preferredUsername']
+    )
+    update_actor_data(actor, remote_actor_object)
+    db.session.commit()
+
+
 def get_user_from_username(
     user_name: str,
-    with_creation: bool = False,  # or refresh actor if exists
+    with_action: Optional[str] = None,  # create or refresh remote actor
 ) -> User:
     name, domain_name = get_username_and_domain(user_name)
     if domain_name is None:  # local actor
@@ -162,20 +185,19 @@ def get_user_from_username(
     else:  # remote actor
         actor = None
         domain = Domain.query.filter_by(name=domain_name).first()
-        if not domain and not with_creation:
-            raise DomainNotFoundException(domain_name)
+        if not domain and not with_action:
+            raise UserNotFoundException()
         if domain:
             actor = Actor.query.filter_by(
                 preferred_username=name, domain_id=domain.id
             ).first()
         if not actor:
-            if with_creation:
+            if with_action == 'creation':
                 return create_remote_user(name, domain_name)
             else:
-                raise ActorNotFoundException()
-        if with_creation:
-            update_remote_actor_stats(actor)
-            db.session.commit()
+                raise UserNotFoundException()
+        if with_action == 'refresh':  # refresh existing actor
+            update_remote_user(actor)
         user = actor.user
     if not user:
         raise UserNotFoundException()
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 0965efd65..a5454fc2b 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -9,13 +9,14 @@
     ActorNotFoundException,
     RemoteActorException,
 )
-from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.models import Domain
 from fittrackee.federation.utils_user import (
     create_remote_user,
     get_user_from_username,
     get_username_and_domain,
     store_or_delete_user_picture,
     update_remote_actor_stats,
+    update_remote_user,
 )
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
@@ -246,7 +247,7 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
             == random_actor.manually_approves_followers
         )
 
-    def test_it_creates_remote_actor_when_actor_and_domain_dont_exist(
+    def test_it_creates_remote_actor_when_actor_and_domain_does_not_exist(
         self,
         app_with_federation: Flask,
         random_actor: RandomActor,
@@ -264,6 +265,26 @@ def test_it_creates_remote_actor_when_actor_and_domain_dont_exist(
 
         assert user.username == random_actor.name
 
+    def test_it_uses_preferred_name_as_username_if_name_is_empty(
+        self,
+        app_with_federation: Flask,
+        random_actor: RandomActor,
+    ) -> None:
+        remote_user_object = random_actor.get_remote_user_object()
+        remote_user_object['name'] = ""
+        with patch(
+            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value=remote_user_object,
+        ):
+            user = create_remote_user(
+                random_actor.preferred_username, random_actor.domain
+            )
+
+        assert user.username == random_actor.preferred_username
+
     def test_it_calls_store_or_delete_user_picture(
         self,
         app_with_federation: Flask,
@@ -308,14 +329,13 @@ def test_it_calls_update_remote_actor_stats(
 
         update_remote_actor_stats_mock.assert_called_with(user.actor)
 
-    def test_it_returns_updated_remote_actor_if_remote_actor_exists(
+    def test_it_raises_error_if_remote_actor_exists(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
         remote_user_object = remote_user.actor.serialize()
         updated_name = random_string()
         remote_user_object['name'] = updated_name
         remote_user_object['manuallyApprovesFollowers'] = False
-        last_fetched = remote_user.actor.last_fetch_date
         with patch(
             'fittrackee.federation.utils_user.fetch_account_from_webfinger',
             return_value={
@@ -331,17 +351,15 @@ def test_it_returns_updated_remote_actor_if_remote_actor_exists(
         ), patch(
             'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=remote_user_object,
+        ), pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: actor already exists.',
         ):
             create_remote_user(
                 remote_user.actor.preferred_username,
                 remote_user.actor.domain.name,
             )
 
-        updated_actor = Actor.query.filter_by(id=remote_user.actor.id).first()
-        assert updated_actor.name == updated_name
-        assert updated_actor.last_fetch_date != last_fetched
-        assert updated_actor.user.manually_approves_followers is False
-
     def test_it_creates_additional_remote_actor(
         self,
         app_with_federation: Flask,
@@ -365,24 +383,137 @@ def test_it_creates_additional_remote_actor(
             assert user.username == random_actor.name
 
 
-class TestGetUserFromUsername:
-    def test_it_raises_exception_if_no_user(
+class TestUpdateRemoteUser:
+    def test_it_does_not_update_user_if_local(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        with patch('requests.get') as get_mock:
+
+            update_remote_user(user_1.actor)
+
+        get_mock.assert_not_called()
+
+    def test_it_raises_exception_if_can_not_fetch_user(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            side_effect=ActorNotFoundException(),
+        ), pytest.raises(
+            RemoteActorException,
+            match='Invalid remote actor: can not fetch remote actor.',
+        ):
+
+            update_remote_user(remote_user.actor)
+
+    def test_it_updates_user_username(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        expected_name = random_string()[0:30]
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value={
+                'name': expected_name,
+                'manuallyApprovesFollowers': True,
+            },
+        ):
+
+            update_remote_user(remote_user.actor)
+
+        assert remote_user.username == expected_name
+
+    def test_it_updates_manually_approves_followers(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value={
+                'name': random_string()[0:30],
+                'manuallyApprovesFollowers': False,
+            },
+        ):
+
+            update_remote_user(remote_user.actor)
+
+        assert remote_user.manually_approves_followers is False
+
+    def test_it_calls_store_or_delete_user_picture(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        remote_actor_object = {
+            'name': random_string()[0:30],
+            'manuallyApprovesFollowers': False,
+        }
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value=remote_actor_object,
+        ), patch(
+            'fittrackee.federation.utils_user.update_remote_actor_stats'
+        ), patch(
+            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+        ) as store_or_delete_user_picture_mock:
+
+            update_remote_user(remote_user.actor)
+
+        store_or_delete_user_picture_mock.assert_called_with(
+            remote_actor_object, remote_user
+        )
+
+    def test_it_calls_update_remote_actor_stats(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value={
+                'name': random_string()[0:30],
+                'manuallyApprovesFollowers': False,
+            },
+        ), patch(
+            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils_user.update_remote_actor_stats'
+        ) as update_remote_actor_stats_mock:
+
+            update_remote_user(remote_user.actor)
+
+        update_remote_actor_stats_mock.assert_called_with(remote_user.actor)
+
+
+class TestGetUserFromUsernameWithoutUpdate:
+    def test_it_raises_exception_if_no_local_user(
         self, app_with_federation: Flask
     ) -> None:
         with pytest.raises(UserNotFoundException):
             get_user_from_username(random_string())
 
-    def test_it_raises_exception_if_only_remote_user_exists_when_usernme_provided(  # noqa
-        self, app_with_federation: Flask, user_1: User, remote_user: User
+    def test_it_raises_exception_if_no_remote_user(
+        self, app_with_federation: Flask, random_actor: RandomActor
     ) -> None:
         with pytest.raises(UserNotFoundException):
-            get_user_from_username(remote_user.username)
+            get_user_from_username(random_actor.fullname)
 
-    def test_it_raises_exception_if_no_local_user_and_with_creation(
-        self, app_with_federation: Flask, user_1: User
+    def test_it_raises_exception_if_no_remote_user_with_provided_domain(
+        self, app_with_federation: Flask, remote_domain: Domain
+    ) -> None:
+        with pytest.raises(UserNotFoundException):
+            get_user_from_username(f'{random_string()}@{remote_domain.name}')
+
+    def test_it_raises_exception_if_only_remote_user_exists_when_username_provided(  # noqa
+        self, app_with_federation: Flask, user_1: User, remote_user: User
     ) -> None:
         with pytest.raises(UserNotFoundException):
-            get_user_from_username(random_string(), with_creation=True)
+            get_user_from_username(remote_user.username)
 
     def test_it_returns_local_user(
         self, app_with_federation: Flask, user_1: User
@@ -396,6 +527,24 @@ def test_it_returns_remote_user(
             get_user_from_username(remote_user.actor.fullname) == remote_user
         )
 
+
+class TestGetUserFromUsernameWithAction:
+    def test_it_raises_exception_if_no_local_user_and_with_creation(
+        self, app_with_federation: Flask
+    ) -> None:
+        """only remote user can be created"""
+        with pytest.raises(UserNotFoundException):
+            get_user_from_username(random_string(), with_action='creation')
+
+    def test_it_raises_exception_if_no_remote_user_and_with_refresh(
+        self, app_with_federation: Flask, random_actor: RandomActor
+    ) -> None:
+        """only remote user can be created"""
+        with pytest.raises(UserNotFoundException):
+            get_user_from_username(
+                f'@{random_actor.fullname}', with_action='refresh'
+            )
+
     def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(  # noqa
         self, app_with_federation: Flask, random_actor: RandomActor
     ) -> None:
@@ -407,7 +556,7 @@ def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(
             return_value=random_actor.get_remote_user_object(),
         ):
             user = get_user_from_username(
-                random_actor.fullname, with_creation=True
+                random_actor.fullname, with_action='creation'
             )
 
         assert user.username == random_actor.name
@@ -427,11 +576,23 @@ def test_it_creates_remote_user_when_regsitreation_is_disabled(  # noqa
             return_value=random_actor.get_remote_user_object(),
         ):
             user = get_user_from_username(
-                random_actor.fullname, with_creation=True
+                random_actor.fullname, with_action='creation'
             )
 
         assert user.username == random_actor.name
 
+    def test_it_calls_update_remote_user_if_remote_user_exists_and_with_refresh(  # noqa
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_user'
+        ) as update_remote_user_mock:
+            get_user_from_username(
+                remote_user.actor.fullname, with_action='refresh'
+            )
+
+        update_remote_user_mock.assert_called_with(remote_user.actor)
+
 
 class TestStoreOrDeleteUserPicture:
     @pytest.mark.parametrize(
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index 9163361bd..4f36b0422 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -114,8 +114,7 @@ def test_it_returns_remote_user_when_query_contains_account(
         )
 
         with patch(
-            'requests.get',
-            return_value=generate_response(content={'totalItems': 0}),
+            'fittrackee.federation.utils_user.update_remote_user',
         ):
             response = client.get(
                 f'/api/users/remote?q=@{remote_user.actor.fullname}',
@@ -234,12 +233,15 @@ def test_it_returns_error_if_remote_user_does_not_exists(
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
         )
+        with patch(
+            'requests.get', return_value=generate_response(status_code=404)
+        ):
 
-        response = client.get(
-            f'/api/users/@{random_actor.fullname}',
-            content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
+            response = client.get(
+                f'/api/users/@{random_actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
 
         assert response.status_code == 404
         data = json.loads(response.data.decode())
@@ -252,15 +254,101 @@ def test_it_returns_remote_user_if_exists(
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
         )
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_user',
+        ):
 
-        response = client.get(
-            f'/api/users/@{remote_user.actor.fullname}',
+            response = client.get(
+                f'/api/users/@{remote_user.actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['users']) == 1
+        assert data['data']['users'][0]['username'] == remote_user.username
+
+    def test_it_calls_update_remote_user(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_user',
+        ) as update_remote_user_mock:
+
+            client.get(
+                f'/api/users/@{remote_user.actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        update_remote_user_mock.assert_called_with(remote_user.actor)
+
+
+class TestGetUserPicture(ApiTestCaseMixin):
+    def test_it_returns_error_if_local_user_with_same_username_does_not_exist(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        client = app_with_federation.test_client()
+
+        response = client.get(f'/api/users/{remote_user.username}/picture')
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
+
+class TestUpdateUser(ApiTestCaseMixin):
+    def test_it_updates_local_user_when_remote_user_exists_with_same_username(
+        self,
+        app_with_federation: Flask,
+        user_1_admin: User,
+        remote_user: User,
+        user_2: User,
+    ) -> None:
+        remote_user.username = user_2.username
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/{user_2.username}',
             content_type='application/json',
+            data=json.dumps(dict(admin=True)),
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
-        assert data['status'] == 'success'
+        assert 'success' in data['status']
         assert len(data['data']['users']) == 1
-        assert data['data']['users'][0]['username'] == remote_user.username
+        user = data['data']['users'][0]
+        assert user['email'] == user_2.email
+        assert user['is_remote'] is False
+
+    def test_it_raise_error_when_updating_remote_user(
+        self,
+        app_with_federation: Flask,
+        user_1_admin: User,
+        remote_user: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/@{remote_user.actor.fullname}',
+            content_type='application/json',
+            data=json.dumps(dict(admin=True)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 400
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'invalid payload' in data['message']
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index b6cdb2226..bd7dec294 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -9,10 +9,6 @@
 
 from fittrackee import appLog, db
 from fittrackee.federation.decorators import federation_required
-from fittrackee.federation.exceptions import (
-    ActorNotFoundException,
-    DomainNotFoundException,
-)
 from fittrackee.federation.models import Domain
 from fittrackee.federation.utils_user import (
     FULL_NAME_REGEX,
@@ -64,8 +60,9 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
     query = params.get('q')
     if remote and query and re.match(FULL_NAME_REGEX, query):
         try:
-            user = get_user_from_username(query, with_creation=True)
-        except Exception:  # noqa
+            user = get_user_from_username(query, with_action='creation')
+        except Exception as e:  # noqa
+            appLog.error(f"Error when searching user '{query}': {e}")
             return {
                 'status': 'success',
                 'data': {'users': []},
@@ -527,18 +524,13 @@ def get_single_user(
         - user does not exist
     """
     try:
-        user = get_user_from_username(user_name)
+        user = get_user_from_username(user_name, with_action='refresh')
         if user:
             return {
                 'status': 'success',
                 'data': {'users': [user.serialize(auth_user)]},
             }
-    except (
-        ValueError,
-        ActorNotFoundException,
-        DomainNotFoundException,
-        UserNotFoundException,
-    ):
+    except (ValueError, UserNotFoundException):
         pass
     return UserNotFoundErrorResponse()
 
@@ -570,12 +562,12 @@ def get_picture(user_name: str) -> Any:
 
     """
     try:
-        user = User.query.filter_by(username=user_name).first()
-        if not user:
-            return UserNotFoundErrorResponse()
+        user = get_user_from_username(user_name)
         if user.picture is not None:
             picture_path = get_absolute_file_path(user.picture)
             return send_file(picture_path)
+    except UserNotFoundException:
+        return UserNotFoundErrorResponse()
     except Exception:
         pass
     return NotFoundErrorResponse('No picture.')
@@ -696,9 +688,9 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         return InvalidPayloadErrorResponse()
 
     try:
-        user = User.query.filter_by(username=user_name).first()
-        if not user:
-            return UserNotFoundErrorResponse()
+        user = get_user_from_username(user_name)
+        if user.is_remote:
+            return InvalidPayloadErrorResponse()
 
         user.admin = user_data['admin']
         db.session.commit()
@@ -706,6 +698,8 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
             'status': 'success',
             'data': {'users': [user.serialize(auth_user)]},
         }
+    except UserNotFoundException:
+        return UserNotFoundErrorResponse()
     except exc.StatementError as e:
         return handle_error_and_return_response(e, db=db)
 
@@ -755,10 +749,15 @@ def delete_user(
 
     """
     try:
-        user = User.query.filter_by(username=user_name).first()
-        if not user:
+        try:
+            user = get_user_from_username(user_name)
+        except UserNotFoundException:
             return UserNotFoundErrorResponse()
 
+        if user.is_remote:
+            # TODO: handle properly remote user deletion
+            return InvalidPayloadErrorResponse()
+
         if user.id != auth_user.id and not auth_user.admin:
             return ForbiddenErrorResponse()
         if (
@@ -865,11 +864,7 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
 
     try:
         target_user = get_user_from_username(user_name)
-    except (
-        ActorNotFoundException,
-        DomainNotFoundException,
-        UserNotFoundException,
-    ) as e:
+    except UserNotFoundException as e:
         appLog.error(f'Error when following a user: {e}')
         return UserNotFoundErrorResponse()
 
@@ -942,11 +937,7 @@ def unfollow_user(
 
     try:
         target_user = get_user_from_username(user_name)
-    except (
-        ActorNotFoundException,
-        DomainNotFoundException,
-        UserNotFoundException,
-    ) as e:
+    except UserNotFoundException as e:
         appLog.error(f'Error when following a user: {e}')
         return UserNotFoundErrorResponse()
 
@@ -966,8 +957,9 @@ def get_user_relationships(
     except ValueError:
         page = 1
 
-    user = User.query.filter_by(username=user_name).first()
-    if not user:
+    try:
+        user = get_user_from_username(user_name)
+    except UserNotFoundException:
         return UserNotFoundErrorResponse()
 
     relations_object = (
diff --git a/fittrackee/workouts/stats.py b/fittrackee/workouts/stats.py
index 7dd4e23e2..375301d5d 100644
--- a/fittrackee/workouts/stats.py
+++ b/fittrackee/workouts/stats.py
@@ -30,7 +30,10 @@ def get_workouts(
     Return user workouts by sport or by time
     """
     try:
-        user = User.query.filter_by(username=user_name).first()
+        user = User.query.filter(
+            User.username == user_name,
+            User.is_remote == False,  # noqa
+        ).first()
         if not user:
             return UserNotFoundErrorResponse()
 

From e01378cd1bcfd3d340dc0ed3501313c56fad4cc9 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 26 Jan 2022 20:43:43 +0100
Subject: [PATCH 097/238] Client - update remote user display

---
 .../User/ProfileDisplay/UserHeader.vue        | 22 +++++++++-
 .../User/ProfileDisplay/UserInfos.vue         | 24 ++++++++---
 .../src/components/User/UserCard.vue          |  7 +++-
 .../User/UserRelationshipActions.vue          | 27 +++++--------
 .../src/components/User/UserStats.vue         | 40 +++++++++++++------
 .../src/components/Users/UsersFilters.vue     |  2 +-
 fittrackee_client/src/locales/en/user.json    |  1 +
 fittrackee_client/src/locales/fr/user.json    |  1 +
 fittrackee_client/src/scss/base.scss          |  9 +++++
 fittrackee_client/src/types/user.ts           |  1 +
 fittrackee_client/src/utils/user.ts           |  6 +++
 11 files changed, 101 insertions(+), 39 deletions(-)
 create mode 100644 fittrackee_client/src/utils/user.ts

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
index 95d8a0be7..411bd55b8 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserHeader.vue
@@ -1,9 +1,20 @@
 <template>
   <div class="box user-header">
+    <div class="follows-you" v-if="user.follows === 'true'">
+      {{ $t('user.RELATIONSHIPS.FOLLOWS_YOU') }}
+    </div>
     <UserPicture :user="user" />
     <div class="user-details">
       <div class="user-name">{{ user.username }}</div>
-      <UserStats :authUser="authUser" :user="user" />
+      <a
+        class="remote-user-account"
+        v-if="user.is_remote"
+        :href="user.profile_link"
+        target="_blank"
+      >
+        {{ user.fullname }}
+      </a>
+      <UserStats :user="user" />
     </div>
   </div>
 </template>
@@ -21,7 +32,7 @@
   }
   const props = defineProps<Props>()
 
-  const { authUser, user } = toRefs(props)
+  const { user } = toRefs(props)
 </script>
 
 <style lang="scss" scoped>
@@ -30,6 +41,13 @@
   .user-header {
     display: flex;
     align-items: stretch;
+    position: relative;
+
+    .follows-you {
+      position: absolute;
+      margin-top: -$default-margin;
+      margin-left: -$default-margin;
+    }
 
     ::v-deep(.user-picture) {
       min-width: 20%;
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index 4d2973ca8..3e86ca769 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -8,7 +8,7 @@
       @confirmAction="deleteUserAccount(user.username)"
       @cancelAction="updateDisplayModal(false)"
     />
-    <dl>
+    <dl v-if="!user.is_remote">
       <dt>{{ $t('user.PROFILE.REGISTRATION_DATE') }}:</dt>
       <dd>{{ registrationDate }}</dd>
       <dt>{{ $t('user.PROFILE.FIRST_NAME') }}:</dt>
@@ -24,6 +24,13 @@
         {{ user.bio }}
       </dd>
     </dl>
+    <div v-else class="remote-user-account">
+      <i18n-t keypath="user.USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK">
+        <a :href="user.profile_link" target="_blank">
+          {{ $t('common.HERE') }}
+        </a>
+      </i18n-t>
+    </div>
     <div
       class="profile-buttons"
       v-if="authUser && authUser.admin && $route.query.from === 'admin'"
@@ -39,10 +46,7 @@
     </div>
     <div class="profile-buttons" v-else>
       <button
-        v-if="
-          $route.path === '/profile' ||
-          (authUser && authUser.username === user.username)
-        "
+        v-if="$route.path === '/profile' || isAuthUser(user, authUser)"
         @click="$router.push('/profile/edit')"
       >
         {{ $t('user.PROFILE.EDIT') }}
@@ -78,6 +82,7 @@
   import { ROOT_STORE, USERS_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
+  import { isAuthUser } from '@/utils/user'
 
   interface Props {
     user: IUserProfile
@@ -112,9 +117,18 @@
 </script>
 
 <style lang="scss" scoped>
+  @import '~@/scss/vars.scss';
+
   #user-infos {
     .user-bio {
       white-space: pre-wrap;
     }
+
+    .remote-user-account {
+      margin: $default-margin * 2 0;
+      a {
+        text-decoration: underline;
+      }
+    }
   }
 </style>
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index 4e288ff87..ad91fce0e 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -5,7 +5,9 @@
         <UserPicture :user="user" />
         <router-link
           class="user-name"
-          :to="`/users/${user.username}?from=users`"
+          :to="`/users/${
+            user.is_remote ? user.fullname : user.username
+          }?from=users`"
         >
           {{ user.username }}
         </router-link>
@@ -13,12 +15,13 @@
           {{ user.fullname }}
         </div>
       </div>
-      <UserStats :authUser="authUser" :user="user" />
+      <UserStats :user="user" />
     </div>
     <UserRelationshipActions
       :authUser="authUser"
       :user="user"
       :from="from ? from : 'userCard'"
+      :displayFollowsYou="true"
       @updatedUser="emitUser"
     />
     <ErrorMessage
diff --git a/fittrackee_client/src/components/User/UserRelationshipActions.vue b/fittrackee_client/src/components/User/UserRelationshipActions.vue
index 65341f289..961074aad 100644
--- a/fittrackee_client/src/components/User/UserRelationshipActions.vue
+++ b/fittrackee_client/src/components/User/UserRelationshipActions.vue
@@ -33,7 +33,10 @@
         {{ capitalize($t('user.RELATIONSHIPS.CANCEL_FOLLOW_REQUEST')) }}
       </button>
     </div>
-    <div class="follows-you" v-if="user.follows === 'true'">
+    <div
+      class="follows-you"
+      v-if="displayFollowsYou && user.follows === 'true'"
+    >
       {{ $t('user.RELATIONSHIPS.FOLLOWS_YOU') }}
     </div>
   </div>
@@ -48,22 +51,26 @@
 </template>
 
 <script lang="ts" setup>
-  import { capitalize, toRefs } from 'vue'
+  import { capitalize, toRefs, withDefaults } from 'vue'
 
   import { USERS_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
+  import { isAuthUser } from '@/utils/user'
 
   interface Props {
     authUser: IAuthUserProfile
     user: IUserProfile
     from: string
+    displayFollowsYou?: boolean
   }
-  const props = defineProps<Props>()
+  const props = withDefaults(defineProps<Props>(), {
+    displayFollowsYou: false,
+  })
 
   const store = useStore()
 
-  const { authUser, from, user } = toRefs(props)
+  const { authUser, from, user, displayFollowsYou } = toRefs(props)
 
   const emit = defineEmits(['updatedUser'])
 
@@ -75,9 +82,6 @@
       from: from.value,
     })
   }
-  function isAuthUser(user: IUserProfile, authUser: IAuthUserProfile): boolean {
-    return !user.is_remote && user.username === authUser.username
-  }
 </script>
 
 <style lang="scss" scoped>
@@ -89,15 +93,6 @@
     align-items: flex-end;
     min-height: 35px;
 
-    .follows-you {
-      font-size: 0.7em;
-      font-style: italic;
-      text-transform: uppercase;
-      padding: $default-padding * 0.5 $default-padding;
-      background-color: var(--text-background-color);
-      border-radius: $border-radius;
-    }
-
     .pending {
       border-radius: $border-radius;
       padding: $default-padding * 0.5 $default-padding;
diff --git a/fittrackee_client/src/components/User/UserStats.vue b/fittrackee_client/src/components/User/UserStats.vue
index 49aadbc22..3e610079b 100644
--- a/fittrackee_client/src/components/User/UserStats.vue
+++ b/fittrackee_client/src/components/User/UserStats.vue
@@ -26,11 +26,7 @@
     </div>
     <div class="user-stat">
       <router-link
-        :to="`/${
-          $route.path.includes('/profile')
-            ? 'profile'
-            : `users/${user.username}`
-        }/following`"
+        :to="`/${getURL(user, authUser, $route.path)}/following`"
         class="stat-number"
       >
         {{ user.following }}
@@ -41,11 +37,7 @@
     </div>
     <div class="user-stat">
       <router-link
-        :to="`/${
-          $route.path.includes('/profile')
-            ? 'profile'
-            : `users/${user.username}`
-        }/followers`"
+        :to="`/${getURL(user, authUser, $route.path)}/followers`"
         class="stat-number"
       >
         {{ user.followers }}
@@ -58,17 +50,35 @@
 </template>
 
 <script setup lang="ts">
-  import { toRefs } from 'vue'
+  import { ComputedRef, computed, toRefs } from 'vue'
 
+  import { AUTH_USER_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
+  import { useStore } from '@/use/useStore'
 
   interface Props {
-    authUser: IAuthUserProfile
     user: IUserProfile
   }
   const props = defineProps<Props>()
 
-  const { authUser, user } = toRefs(props)
+  const { user } = toRefs(props)
+  const store = useStore()
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
+    () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
+  )
+  function getURL(
+    user: IUserProfile,
+    authUser: IAuthUserProfile,
+    currentPath: string
+  ) {
+    if (user.is_remote) {
+      return `users/${user.fullname}`
+    }
+    return user.username === authUser?.username &&
+      currentPath.includes('/profile')
+      ? 'profile'
+      : `users/${user.username}`
+  }
 </script>
 
 <style lang="scss" scoped>
@@ -87,5 +97,9 @@
         font-weight: bold;
       }
     }
+
+    .router-link-exact-active {
+      text-decoration: underline;
+    }
   }
 </style>
diff --git a/fittrackee_client/src/components/Users/UsersFilters.vue b/fittrackee_client/src/components/Users/UsersFilters.vue
index d88a4cbfc..824349655 100644
--- a/fittrackee_client/src/components/Users/UsersFilters.vue
+++ b/fittrackee_client/src/components/Users/UsersFilters.vue
@@ -4,7 +4,7 @@
       <input
         id="username"
         name="username"
-        v-model="username"
+        v-model.trim="username"
         @keyup.enter="searchUsers"
       />
       <i
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index a7fc0b4ea..22b721046 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -85,6 +85,7 @@
   "RESET_PASSWORD": "Reset your password",
   "USER_PICTURE": "user picture",
   "USER": "user | users",
+  "USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK": "This user is from a remote instance (click {0} to display the original profile)",
   "USERNAME": "Username",
   "YOU": "you"
 }
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 7b903a50b..92b541a25 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -84,6 +84,7 @@
   },
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
   "USER": "utilisateur | utilisateurs",
+  "USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK": "Cet utilisateur provient d'une autre instance (cliquez {0} pour afficher le profil d'origine)",
   "USER_PICTURE": "photo de l'utilisateur",
   "USERNAME": "Nom d'utilisateur",
   "YOU": "vous"
diff --git a/fittrackee_client/src/scss/base.scss b/fittrackee_client/src/scss/base.scss
index ba7aae9f7..c64ee1fc2 100644
--- a/fittrackee_client/src/scss/base.scss
+++ b/fittrackee_client/src/scss/base.scss
@@ -347,6 +347,15 @@ button {
   gap: $default-padding;
 }
 
+.follows-you {
+  font-size: 0.7em;
+  font-style: italic;
+  text-transform: uppercase;
+  padding: $default-padding * 0.5 $default-padding;
+  background-color: var(--text-background-color);
+  border-radius: $border-radius;
+}
+
 .medium-sport-img {
   height: 35px;
   width: 35px;
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index a10837218..e49545998 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -26,6 +26,7 @@ export interface IUserProfile {
   nb_sports?: number
   nb_workouts: number
   picture: string | boolean
+  profile_link?: string
   records?: IRecord[]
   sports_list?: number[]
   total_distance?: number
diff --git a/fittrackee_client/src/utils/user.ts b/fittrackee_client/src/utils/user.ts
new file mode 100644
index 000000000..6942d89f7
--- /dev/null
+++ b/fittrackee_client/src/utils/user.ts
@@ -0,0 +1,6 @@
+import { IAuthUserProfile, IUserProfile } from '@/types/user'
+
+export const isAuthUser = (
+  user: IUserProfile,
+  authUser?: IAuthUserProfile
+): boolean => !user.is_remote && user.username === authUser?.username

From de3ce0e30daae3d4cf1d1dafd1e599ca33e9c6df Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 08:56:00 +0100
Subject: [PATCH 098/238] Client - remove unused style attributes

---
 fittrackee_client/src/components/Users/UsersFilters.vue | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fittrackee_client/src/components/Users/UsersFilters.vue b/fittrackee_client/src/components/Users/UsersFilters.vue
index 824349655..f6b6a360e 100644
--- a/fittrackee_client/src/components/Users/UsersFilters.vue
+++ b/fittrackee_client/src/components/Users/UsersFilters.vue
@@ -9,7 +9,7 @@
       />
       <i
         v-if="username !== ''"
-        class="fa fa-times position-absolute"
+        class="fa fa-times"
         aria-hidden="true"
         @click="resetFilter"
       />
@@ -50,7 +50,6 @@
     align-items: center;
     padding: $default-padding;
     gap: $default-padding;
-    position: relative;
 
     .fa {
       font-size: 1.5em;

From 90d03e4c9274434eefb2567ff0125b94aa834eba Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 09:23:44 +0100
Subject: [PATCH 099/238] Client - add confirmation before logging out

---
 fittrackee_client/src/components/NavBar.vue | 51 ++++++++++++++++++---
 fittrackee_client/src/locales/en/user.json  |  1 +
 fittrackee_client/src/locales/fr/user.json  |  1 +
 3 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/fittrackee_client/src/components/NavBar.vue b/fittrackee_client/src/components/NavBar.vue
index 2505f5542..f5186cc7c 100644
--- a/fittrackee_client/src/components/NavBar.vue
+++ b/fittrackee_client/src/components/NavBar.vue
@@ -1,5 +1,12 @@
 <template>
   <div id="nav">
+    <Modal
+      v-if="displayModal"
+      :title="$t('common.CONFIRMATION')"
+      :message="$t('user.LOGOUT_CONFIRMATION')"
+      @confirmAction="logout"
+      @cancelAction="updateDisplayModal(false)"
+    />
     <div class="nav-container">
       <div class="nav-app-name">
         <div class="nav-item app-name" @click="$router.push('/')">
@@ -53,8 +60,19 @@
               @click="closeMenu"
             >
               <UserPicture :user="authUser" />
+              {{ authUser.username }}
             </router-link>
-            <div class="nav-item nav-link" @click="logout">
+            <div
+              class="nav-item nav-link logout-fa"
+              @click="updateDisplayModal(true)"
+              :title="$t('user.LOGOUT')"
+            >
+              <i class="fa fa-sign-out" aria-hidden="true" />
+            </div>
+            <div
+              class="nav-item nav-link logout-text"
+              @click="updateDisplayModal(true)"
+            >
               {{ $t('user.LOGOUT') }}
             </div>
           </div>
@@ -82,7 +100,7 @@
 </template>
 
 <script setup lang="ts">
-  import { ComputedRef, computed, ref, capitalize } from 'vue'
+  import { ComputedRef, computed, ref, capitalize, Ref } from 'vue'
   import { useI18n } from 'vue-i18n'
 
   import UserPicture from '@/components/User/UserPicture.vue'
@@ -97,6 +115,7 @@
   const { locale } = useI18n()
   const store = useStore()
 
+  let displayModal: Ref<boolean> = ref(false)
   const authUser: ComputedRef<IUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
@@ -122,6 +141,10 @@
   }
   function logout() {
     store.dispatch(AUTH_USER_STORE.ACTIONS.LOGOUT)
+    displayModal.value = false
+  }
+  function updateDisplayModal(value: boolean) {
+    displayModal.value = value
   }
 </script>
 
@@ -197,6 +220,7 @@
 
       .nav-items-group {
         display: flex;
+        align-items: flex-start;
       }
       .nav-item {
         padding: 0 10px;
@@ -218,6 +242,9 @@
       }
 
       .nav-profile-img {
+        display: flex;
+        gap: $default-padding;
+        align-items: flex-start;
         margin-bottom: -$default-padding;
         ::v-deep(.user-picture) {
           img {
@@ -234,6 +261,12 @@
       .nav-separator {
         display: none;
       }
+      .logout-fa {
+        display: block;
+      }
+      .logout-text {
+        display: none;
+      }
     }
 
     @media screen and (max-width: $medium-limit) {
@@ -294,21 +327,25 @@
         .nav-items-group {
           display: flex;
           flex-direction: column;
+
+          .logout-fa {
+            display: none;
+          }
+          .logout-text {
+            display: block;
+          }
         }
 
         .nav-item {
           padding: 7px 25px;
         }
 
-        .nav-profile-img {
-          display: none;
-        }
-
         .nav-separator {
           display: flex;
           border-top: solid 1px var(--nav-border-color);
           margin: 0 $default-margin * 2;
-          padding: 0;
+          padding: 0 0 $default-padding;
+          width: 88%;
         }
       }
     }
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 22b721046..f9cb60f70 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -10,6 +10,7 @@
   "LANGUAGE": "Language",
   "LOGIN": "Login",
   "LOGOUT": "Logout",
+  "LOGOUT_CONFIRMATION": "Are you sure you want to log out?",
   "NO_USERS_FOUND": "No users found.",
   "PASSWORD": "Password",
   "PASSWORD_CONFIRM": "Confirm Password",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 92b541a25..d5d5b4b08 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -10,6 +10,7 @@
   "LANGUAGE": "Langue",
   "LOGIN": "Se connecter",
   "LOGOUT": "Se déconnecter",
+  "LOGOUT_CONFIRMATION": "Etes-vous sûr de vouloir vous déconnecter",
   "NO_USERS_FOUND": "Aucun utilisateur.",
   "PASSWORD": "Mot de passe",
   "PASSWORD_CONFIRM": "Confirmation du mot de passe",

From e6c81ba3437822a922c5aa96277c65b5f9e0188d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 09:36:55 +0100
Subject: [PATCH 100/238] Client - fix authenticated user type

---
 .../src/components/Administration/AdminUsers.vue              | 4 ++--
 fittrackee_client/src/components/NavBar.vue                   | 4 ++--
 fittrackee_client/src/components/User/UserRelationships.vue   | 3 ++-
 .../components/Workout/WorkoutDetail/WorkoutChart/index.vue   | 4 ++--
 .../src/components/Workout/WorkoutDetail/index.vue            | 4 ++--
 fittrackee_client/src/components/Workout/WorkoutEdition.vue   | 4 ++--
 fittrackee_client/src/components/Workouts/WorkoutsFilters.vue | 4 ++--
 fittrackee_client/src/views/Dashboard.vue                     | 4 ++--
 fittrackee_client/src/views/StatisticsView.vue                | 4 ++--
 fittrackee_client/src/views/UsersView.vue                     | 4 ++--
 fittrackee_client/src/views/user/ProfileView.vue              | 4 ++--
 fittrackee_client/src/views/workouts/AddWorkout.vue           | 4 ++--
 fittrackee_client/src/views/workouts/EditWorkout.vue          | 4 ++--
 fittrackee_client/src/views/workouts/Workout.vue              | 4 ++--
 fittrackee_client/src/views/workouts/WorkoutsView.vue         | 4 ++--
 15 files changed, 30 insertions(+), 29 deletions(-)

diff --git a/fittrackee_client/src/components/Administration/AdminUsers.vue b/fittrackee_client/src/components/Administration/AdminUsers.vue
index 4fe3d1ce2..ee95a2b48 100644
--- a/fittrackee_client/src/components/Administration/AdminUsers.vue
+++ b/fittrackee_client/src/components/Administration/AdminUsers.vue
@@ -133,7 +133,7 @@
   import UserPicture from '@/components/User/UserPicture.vue'
   import { AUTH_USER_STORE, ROOT_STORE, USERS_STORE } from '@/store/constants'
   import { IPagination, TPaginationPayload } from '@/types/api'
-  import { IUserProfile, TUsersPayload } from '@/types/user'
+  import { IAuthUserProfile, IUserProfile, TUsersPayload } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { getQuery, sortList } from '@/utils/api'
   import { getDateWithTZ } from '@/utils/dates'
@@ -152,7 +152,7 @@
   let query: TPaginationPayload = reactive(
     getQuery(route.query, orderByList, defaultOrderBy)
   )
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const users: ComputedRef<IUserProfile[]> = computed(
diff --git a/fittrackee_client/src/components/NavBar.vue b/fittrackee_client/src/components/NavBar.vue
index f5186cc7c..ac4075c0a 100644
--- a/fittrackee_client/src/components/NavBar.vue
+++ b/fittrackee_client/src/components/NavBar.vue
@@ -106,7 +106,7 @@
   import UserPicture from '@/components/User/UserPicture.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
   import { IDropdownOption } from '@/types/forms'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { availableLanguages } from '@/utils/locales'
 
@@ -116,7 +116,7 @@
   const store = useStore()
 
   let displayModal: Ref<boolean> = ref(false)
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const isAuthenticated: ComputedRef<boolean> = computed(
diff --git a/fittrackee_client/src/components/User/UserRelationships.vue b/fittrackee_client/src/components/User/UserRelationships.vue
index f4ae52696..d4de2d190 100644
--- a/fittrackee_client/src/components/User/UserRelationships.vue
+++ b/fittrackee_client/src/components/User/UserRelationships.vue
@@ -38,6 +38,7 @@
   import { AUTH_USER_STORE, USERS_STORE } from '@/store/constants'
   import { IPagination } from '@/types/api'
   import {
+    IAuthUserProfile,
     IUserProfile,
     IUserRelationshipsPayload,
     TRelationships,
@@ -59,7 +60,7 @@
     relationship: relationship.value,
     page: 1,
   }
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const relationships: ComputedRef<IUserProfile[]> = computed(
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutChart/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutChart/index.vue
index 675fff3d7..a569ab87b 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutChart/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutChart/index.vue
@@ -58,7 +58,7 @@
 
   import { htmlLegendPlugin } from '@/components/Workout/WorkoutDetail/WorkoutChart/legend'
   import { TUnit } from '@/types/units'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import {
     IWorkoutChartData,
     IWorkoutData,
@@ -68,7 +68,7 @@
   import { getDatasets } from '@/utils/workouts'
 
   interface Props {
-    authUser: IUserProfile
+    authUser: IAuthUserProfile
     workoutData: IWorkoutData
   }
   const props = defineProps<Props>()
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index be6084184..1034cbdcf 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -46,7 +46,7 @@
   import WorkoutMap from '@/components/Workout/WorkoutDetail/WorkoutMap/index.vue'
   import { WORKOUTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import {
     IWorkout,
     IWorkoutData,
@@ -58,7 +58,7 @@
   import { formatWorkoutDate, getDateWithTZ } from '@/utils/dates'
 
   interface Props {
-    authUser: IUserProfile
+    authUser: IAuthUserProfile
     displaySegment: boolean
     sports: ISport[]
     workoutData: IWorkoutData
diff --git a/fittrackee_client/src/components/Workout/WorkoutEdition.vue b/fittrackee_client/src/components/Workout/WorkoutEdition.vue
index 51f072f48..462635f98 100644
--- a/fittrackee_client/src/components/Workout/WorkoutEdition.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutEdition.vue
@@ -237,7 +237,7 @@
   import { ROOT_STORE, WORKOUTS_STORE } from '@/store/constants'
   import { TAppConfig } from '@/types/application'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { IWorkout, IWorkoutForm } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
   import { formatWorkoutDate, getDateWithTZ } from '@/utils/dates'
@@ -246,7 +246,7 @@
   import { convertDistance } from '@/utils/units'
 
   interface Props {
-    authUser: IUserProfile
+    authUser: IAuthUserProfile
     sports: ISport[]
     isCreation?: boolean
     loading?: boolean
diff --git a/fittrackee_client/src/components/Workouts/WorkoutsFilters.vue b/fittrackee_client/src/components/Workouts/WorkoutsFilters.vue
index cee067c3f..861f9ed39 100644
--- a/fittrackee_client/src/components/Workouts/WorkoutsFilters.vue
+++ b/fittrackee_client/src/components/Workouts/WorkoutsFilters.vue
@@ -165,12 +165,12 @@
   import { LocationQuery, useRoute, useRouter } from 'vue-router'
 
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { translateSports } from '@/utils/sports'
   import { units } from '@/utils/units'
 
   interface Props {
-    authUser: IUserProfile
+    authUser: IAuthUserProfile
     sports: ISport[]
   }
   const props = defineProps<Props>()
diff --git a/fittrackee_client/src/views/Dashboard.vue b/fittrackee_client/src/views/Dashboard.vue
index 9f627c5cf..184a87fb8 100644
--- a/fittrackee_client/src/views/Dashboard.vue
+++ b/fittrackee_client/src/views/Dashboard.vue
@@ -82,12 +82,12 @@
   import UserStatsCards from '@/components/Dashboard/UserStatsCards/index.vue'
   import { AUTH_USER_STORE, SPORTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
   const store = useStore()
 
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const sports: ComputedRef<ISport[]> = computed(
diff --git a/fittrackee_client/src/views/StatisticsView.vue b/fittrackee_client/src/views/StatisticsView.vue
index a66e1c3c1..d2ef598da 100644
--- a/fittrackee_client/src/views/StatisticsView.vue
+++ b/fittrackee_client/src/views/StatisticsView.vue
@@ -23,12 +23,12 @@
   import NoWorkouts from '@/components/Workouts/NoWorkouts.vue'
   import { AUTH_USER_STORE, SPORTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
   const store = useStore()
 
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const sports: ComputedRef<ISport[]> = computed(() =>
diff --git a/fittrackee_client/src/views/UsersView.vue b/fittrackee_client/src/views/UsersView.vue
index f08043e5a..367fd819b 100644
--- a/fittrackee_client/src/views/UsersView.vue
+++ b/fittrackee_client/src/views/UsersView.vue
@@ -11,11 +11,11 @@
 
   import UsersList from '@/components/Users/UsersList.vue'
   import { AUTH_USER_STORE } from '@/store/constants'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
   const store = useStore()
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
 </script>
diff --git a/fittrackee_client/src/views/user/ProfileView.vue b/fittrackee_client/src/views/user/ProfileView.vue
index 560feeff1..a94df80a7 100644
--- a/fittrackee_client/src/views/user/ProfileView.vue
+++ b/fittrackee_client/src/views/user/ProfileView.vue
@@ -9,12 +9,12 @@
   import { ComputedRef, computed } from 'vue'
 
   import { AUTH_USER_STORE } from '@/store/constants'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
 
   const store = useStore()
 
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
 </script>
diff --git a/fittrackee_client/src/views/workouts/AddWorkout.vue b/fittrackee_client/src/views/workouts/AddWorkout.vue
index b7407d20f..4c7e886cf 100644
--- a/fittrackee_client/src/views/workouts/AddWorkout.vue
+++ b/fittrackee_client/src/views/workouts/AddWorkout.vue
@@ -21,7 +21,7 @@
     WORKOUTS_STORE,
   } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { IWorkoutData } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
 
@@ -30,7 +30,7 @@
   const sports: ComputedRef<ISport[]> = computed(
     () => store.getters[SPORTS_STORE.GETTERS.SPORTS]
   )
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const workoutData: ComputedRef<IWorkoutData> = computed(
diff --git a/fittrackee_client/src/views/workouts/EditWorkout.vue b/fittrackee_client/src/views/workouts/EditWorkout.vue
index 34f0f2f26..428335a07 100644
--- a/fittrackee_client/src/views/workouts/EditWorkout.vue
+++ b/fittrackee_client/src/views/workouts/EditWorkout.vue
@@ -22,14 +22,14 @@
     WORKOUTS_STORE,
   } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { IWorkoutData } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
 
   const route = useRoute()
   const store = useStore()
 
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const sports: ComputedRef<ISport[]> = computed(
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index 9f4c54cf9..704913071 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -62,7 +62,7 @@
     WORKOUTS_STORE,
   } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { IWorkoutData, IWorkoutPayload, TCoordinates } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
 
@@ -78,7 +78,7 @@
   const workoutData: ComputedRef<IWorkoutData> = computed(
     () => store.getters[WORKOUTS_STORE.GETTERS.WORKOUT_DATA]
   )
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const sports: ComputedRef<ISport[]> = computed(
diff --git a/fittrackee_client/src/views/workouts/WorkoutsView.vue b/fittrackee_client/src/views/workouts/WorkoutsView.vue
index ba891a810..9626021a7 100644
--- a/fittrackee_client/src/views/workouts/WorkoutsView.vue
+++ b/fittrackee_client/src/views/workouts/WorkoutsView.vue
@@ -34,14 +34,14 @@
   import WorkoutsList from '@/components/Workouts/WorkoutsList.vue'
   import { AUTH_USER_STORE, SPORTS_STORE } from '@/store/constants'
   import { ISport, ITranslatedSport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { translateSports } from '@/utils/sports'
 
   const { t } = useI18n()
   const store = useStore()
 
-  const authUser: ComputedRef<IUserProfile> = computed(
+  const authUser: ComputedRef<IAuthUserProfile> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]
   )
   const sports: ComputedRef<ISport[]> = computed(

From 6a0c50288417179b6a108b59b25f3cfd72bba5eb Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 11:08:21 +0100
Subject: [PATCH 101/238] Client - refacto and fix

---
 .../src/components/Administration/AdminUsers.vue |  5 +++--
 .../src/components/User/UserCard.vue             |  5 ++---
 .../components/User/UserRelationshipActions.vue  | 16 +++-------------
 .../src/components/User/UserRelationships.vue    |  7 ++++---
 .../src/store/modules/authUser/actions.ts        |  4 ++++
 .../src/store/modules/users/mutations.ts         |  5 +++--
 fittrackee_client/src/utils/user.ts              |  3 +++
 7 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/fittrackee_client/src/components/Administration/AdminUsers.vue b/fittrackee_client/src/components/Administration/AdminUsers.vue
index ee95a2b48..1f1a47548 100644
--- a/fittrackee_client/src/components/Administration/AdminUsers.vue
+++ b/fittrackee_client/src/components/Administration/AdminUsers.vue
@@ -84,8 +84,8 @@
                   </span>
                   <button
                     :class="{ danger: user.admin }"
-                    :disabled="user.username === authUser.username"
-                    @click="updateUser(user.username, !user.admin)"
+                    :disabled="getUserName(user) === getUserName(authUser)"
+                    @click="updateUser(getUserName(user), !user.admin)"
                   >
                     {{
                       $t(
@@ -137,6 +137,7 @@
   import { useStore } from '@/use/useStore'
   import { getQuery, sortList } from '@/utils/api'
   import { getDateWithTZ } from '@/utils/dates'
+  import { getUserName } from '@/utils/user'
 
   const store = useStore()
   const route = useRoute()
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index ad91fce0e..dec0a945d 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -5,9 +5,7 @@
         <UserPicture :user="user" />
         <router-link
           class="user-name"
-          :to="`/users/${
-            user.is_remote ? user.fullname : user.username
-          }?from=users`"
+          :to="`/users/${getUserName(user)}?from=users`"
         >
           {{ user.username }}
         </router-link>
@@ -40,6 +38,7 @@
   import { ROOT_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
+  import { getUserName } from '@/utils/user'
 
   interface Props {
     authUser: IAuthUserProfile
diff --git a/fittrackee_client/src/components/User/UserRelationshipActions.vue b/fittrackee_client/src/components/User/UserRelationshipActions.vue
index 961074aad..e81e8d3eb 100644
--- a/fittrackee_client/src/components/User/UserRelationshipActions.vue
+++ b/fittrackee_client/src/components/User/UserRelationshipActions.vue
@@ -3,10 +3,7 @@
     <div v-if="user.is_followed_by !== 'pending'">
       <button
         @click="
-          updateRelationship(
-            user.is_remote ? user.fullname : user.username,
-            user.is_followed_by === 'true'
-          )
+          updateRelationship(getUserName(user), user.is_followed_by === 'true')
         "
         :class="{ danger: user.is_followed_by === 'true' }"
       >
@@ -22,14 +19,7 @@
       </button>
     </div>
     <div v-else>
-      <button
-        @click="
-          updateRelationship(
-            user.is_remote ? user.fullname : user.username,
-            true
-          )
-        "
-      >
+      <button @click="updateRelationship(getUserName(user), true)">
         {{ capitalize($t('user.RELATIONSHIPS.CANCEL_FOLLOW_REQUEST')) }}
       </button>
     </div>
@@ -56,7 +46,7 @@
   import { USERS_STORE } from '@/store/constants'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
-  import { isAuthUser } from '@/utils/user'
+  import { isAuthUser, getUserName } from '@/utils/user'
 
   interface Props {
     authUser: IAuthUserProfile
diff --git a/fittrackee_client/src/components/User/UserRelationships.vue b/fittrackee_client/src/components/User/UserRelationships.vue
index d4de2d190..62eb21a08 100644
--- a/fittrackee_client/src/components/User/UserRelationships.vue
+++ b/fittrackee_client/src/components/User/UserRelationships.vue
@@ -44,6 +44,7 @@
     TRelationships,
   } from '@/types/user'
   import { useStore } from '@/use/useStore'
+  import { getUserName } from '@/utils/user'
 
   interface Props {
     user: IUserProfile
@@ -56,7 +57,7 @@
 
   const { relationship, user } = toRefs(props)
   const payload: IUserRelationshipsPayload = {
-    username: user.value.username,
+    username: getUserName(user.value),
     relationship: relationship.value,
     page: 1,
   }
@@ -98,13 +99,13 @@
     }
   )
   watch(
-    () => authUser.value.following,
+    () => user.value.following,
     () => {
       loadRelationships(payload)
     }
   )
   watch(
-    () => authUser.value.followers,
+    () => user.value.followers,
     () => {
       loadRelationships(payload)
     }
diff --git a/fittrackee_client/src/store/modules/authUser/actions.ts b/fittrackee_client/src/store/modules/authUser/actions.ts
index 206acb834..d31aedcde 100644
--- a/fittrackee_client/src/store/modules/authUser/actions.ts
+++ b/fittrackee_client/src/store/modules/authUser/actions.ts
@@ -73,6 +73,10 @@ export const actions: ActionTree<IAuthUserState, IRootState> &
             AUTH_USER_STORE.MUTATIONS.UPDATE_AUTH_USER_PROFILE,
             res.data.data
           )
+          context.commit(
+            USERS_STORE.MUTATIONS.UPDATE_USER_IN_USERS,
+            res.data.data
+          )
           if (res.data.data.language) {
             context.commit(
               ROOT_STORE.MUTATIONS.UPDATE_LANG,
diff --git a/fittrackee_client/src/store/modules/users/mutations.ts b/fittrackee_client/src/store/modules/users/mutations.ts
index 107461b02..fd88e1c83 100644
--- a/fittrackee_client/src/store/modules/users/mutations.ts
+++ b/fittrackee_client/src/store/modules/users/mutations.ts
@@ -4,6 +4,7 @@ import { USERS_STORE } from '@/store/constants'
 import { IUsersState, TUsersMutations } from '@/store/modules/users/types'
 import { IPagination } from '@/types/api'
 import { IUserProfile } from '@/types/user'
+import { getUserName } from '@/utils/user'
 
 export const mutations: MutationTree<IUsersState> & TUsersMutations = {
   [USERS_STORE.MUTATIONS.UPDATE_USER](state: IUsersState, user: IUserProfile) {
@@ -14,7 +15,7 @@ export const mutations: MutationTree<IUsersState> & TUsersMutations = {
     updatedUser: IUserProfile
   ) {
     state.users = state.users.map((user) => {
-      if (user.username === updatedUser.username) {
+      if (getUserName(user) === getUserName(updatedUser)) {
         return updatedUser
       }
       return user
@@ -25,7 +26,7 @@ export const mutations: MutationTree<IUsersState> & TUsersMutations = {
     updatedUser: IUserProfile
   ) {
     state.user_relationships = state.user_relationships.map((user) => {
-      if (user.username === updatedUser.username) {
+      if (getUserName(user) === getUserName(updatedUser)) {
         return updatedUser
       }
       return user
diff --git a/fittrackee_client/src/utils/user.ts b/fittrackee_client/src/utils/user.ts
index 6942d89f7..09969301a 100644
--- a/fittrackee_client/src/utils/user.ts
+++ b/fittrackee_client/src/utils/user.ts
@@ -4,3 +4,6 @@ export const isAuthUser = (
   user: IUserProfile,
   authUser?: IAuthUserProfile
 ): boolean => !user.is_remote && user.username === authUser?.username
+
+export const getUserName = (user: IUserProfile): string =>
+  user.is_remote && user.fullname ? user.fullname : user.username

From 67a7026040649cc20b807d4b73864883c4d74297 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 11:44:28 +0100
Subject: [PATCH 102/238] Client - add button to get back to profile on
 relationships list

---
 .../src/components/User/UserRelationships.vue | 37 ++++++++++++++++++-
 fittrackee_client/src/locales/en/user.json    |  3 +-
 fittrackee_client/src/locales/fr/user.json    |  3 +-
 3 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/fittrackee_client/src/components/User/UserRelationships.vue b/fittrackee_client/src/components/User/UserRelationships.vue
index 62eb21a08..b3f7af948 100644
--- a/fittrackee_client/src/components/User/UserRelationships.vue
+++ b/fittrackee_client/src/components/User/UserRelationships.vue
@@ -1,5 +1,22 @@
 <template>
   <div class="relationships">
+    <div v-if="user.is_remote" class="remote-user">
+      <i18n-t keypath="user.USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK">
+        <a :href="user.profile_link" target="_blank">
+          {{ $t('common.HERE') }}
+        </a>
+        <i18n-t keypath="user.ONLY_USERS_FROM_THIS_INSTANCE_ARE_DISPLAYED">
+          {{
+            $t(
+              `user.RELATIONSHIPS.${relationship
+                .toUpperCase()
+                .replace('S', '')}`,
+              0
+            )
+          }}
+        </i18n-t>
+      </i18n-t>
+    </div>
     <div v-if="relationships.length > 0">
       <div class="user-relationships">
         <UserCard
@@ -19,6 +36,17 @@
     <p v-else class="no-relationships">
       {{ $t(`user.RELATIONSHIPS.NO_${relationship.toUpperCase()}`) }}
     </p>
+    <div class="profile-buttons">
+      <button
+        @click="
+          $route.path.startsWith('/profile')
+            ? $router.push('/profile')
+            : $router.push(`/users/${getUserName(user)}`)
+        "
+      >
+        {{ $t('user.PROFILE.BACK_TO_PROFILE') }}
+      </button>
+    </div>
   </div>
 </template>
 
@@ -130,7 +158,14 @@
       }
     }
     .no-relationships {
-      padding: 0 $default-padding;
+      padding: 0 $default-padding * 0.5;
+    }
+    .remote-user {
+      padding: $default-padding * 0.5;
+
+      a {
+        text-decoration: underline;
+      }
     }
   }
 </style>
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index f9cb60f70..08f34ae6e 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -11,6 +11,7 @@
   "LOGIN": "Login",
   "LOGOUT": "Logout",
   "LOGOUT_CONFIRMATION": "Are you sure you want to log out?",
+  "ONLY_USERS_FROM_THIS_INSTANCE_ARE_DISPLAYED": ", only {0} from this instance are displayed",
   "NO_USERS_FOUND": "No users found.",
   "PASSWORD": "Password",
   "PASSWORD_CONFIRM": "Confirm Password",
@@ -86,7 +87,7 @@
   "RESET_PASSWORD": "Reset your password",
   "USER_PICTURE": "user picture",
   "USER": "user | users",
-  "USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK": "This user is from a remote instance (click {0} to display the original profile)",
+  "USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK": "This user is from a remote instance{1} (click {0} to display the original profile).",
   "USERNAME": "Username",
   "YOU": "you"
 }
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index d5d5b4b08..701203316 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -11,6 +11,7 @@
   "LOGIN": "Se connecter",
   "LOGOUT": "Se déconnecter",
   "LOGOUT_CONFIRMATION": "Etes-vous sûr de vouloir vous déconnecter",
+  "ONLY_USERS_FROM_THIS_INSTANCE_ARE_DISPLAYED": ", seuls les {0} de cette instance sont affichés",
   "NO_USERS_FOUND": "Aucun utilisateur.",
   "PASSWORD": "Mot de passe",
   "PASSWORD_CONFIRM": "Confirmation du mot de passe",
@@ -85,7 +86,7 @@
   },
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
   "USER": "utilisateur | utilisateurs",
-  "USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK": "Cet utilisateur provient d'une autre instance (cliquez {0} pour afficher le profil d'origine)",
+  "USER_FROM_REMOTE_INSTANCE_ORIGINAL_LINK": "Cet utilisateur provient d'une autre instance{1} (cliquez {0} pour afficher le profil d'origine).",
   "USER_PICTURE": "photo de l'utilisateur",
   "USERNAME": "Nom d'utilisateur",
   "YOU": "vous"

From 6da5fb0ef6ab58b4c2f203503c63e783d3e661c5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 12:02:48 +0100
Subject: [PATCH 103/238] API - does not raise error when refresh on a existing
 remote user fails

---
 fittrackee/federation/utils_user.py                 |  7 +++++--
 .../federation/test_federation_utils_user.py        | 13 +++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 412668590..2664bb230 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -5,7 +5,7 @@
 import requests
 from flask import current_app
 
-from fittrackee import db
+from fittrackee import appLog, db
 from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.models import MEDIA_TYPES, Actor, Domain
 from fittrackee.federation.remote_actor import (
@@ -197,7 +197,10 @@ def get_user_from_username(
             else:
                 raise UserNotFoundException()
         if with_action == 'refresh':  # refresh existing actor
-            update_remote_user(actor)
+            try:
+                update_remote_user(actor)
+            except (ActorNotFoundException, RemoteActorException) as e:
+                appLog.error(f'Error when update user {actor.fullname}: {e}')
         user = actor.user
     if not user:
         raise UserNotFoundException()
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index a5454fc2b..72e5a6324 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -593,6 +593,19 @@ def test_it_calls_update_remote_user_if_remote_user_exists_and_with_refresh(  #
 
         update_remote_user_mock.assert_called_with(remote_user.actor)
 
+    def test_it_does_not_raise_error_if_refresh_fails(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_user',
+            side_effect=RemoteActorException(),
+        ):
+            user = get_user_from_username(
+                remote_user.actor.fullname, with_action='refresh'
+            )
+
+        assert user == remote_user
+
 
 class TestStoreOrDeleteUserPicture:
     @pytest.mark.parametrize(

From 2b3726e5ebbc7284ca407fe6561b45d5c2bd5213 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 14:32:38 +0100
Subject: [PATCH 104/238] Client - fix tabs display in user profile

---
 fittrackee_client/src/components/User/ProfileDisplay/index.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/index.vue b/fittrackee_client/src/components/User/ProfileDisplay/index.vue
index 8a2dd2993..a7a75fd27 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/index.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/index.vue
@@ -3,7 +3,7 @@
     <UserHeader :user="user" />
     <div class="box">
       <UserProfileTabs
-        v-if="tab in tabs"
+        v-if="tabs.includes(tab)"
         :tabs="tabs"
         :selectedTab="tab"
         :edition="false"

From 8e2ed7b888944d37b89ec37713f3a2074babff78 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 30 Jan 2022 19:02:00 +0100
Subject: [PATCH 105/238] API & Client - display follow requests to check

---
 fittrackee/federation/activities.py           |  27 ++-
 fittrackee/federation/utils_user.py           |  57 ++++---
 .../federation/test_federation_activities.py  |  31 +++-
 .../federation/test_federation_utils_user.py  |  77 +++++++--
 .../users/test_users_follow_request_api.py    |  22 +--
 .../federation/users/test_users_model.py      |   6 +-
 .../users/test_users_follow_request_api.py    |  26 +--
 fittrackee/users/follow_requests.py           |  63 +------
 fittrackee/users/models.py                    |   5 -
 .../User/ProfileDisplay/FollowRequests.vue    | 156 ++++++++++++++++++
 .../components/User/ProfileDisplay/index.vue  |   2 +-
 .../src/components/User/UserPicture.vue       |   3 +-
 .../src/components/User/UserProfileTabs.vue   |  12 ++
 fittrackee_client/src/locales/en/user.json    |   2 +
 fittrackee_client/src/locales/fr/user.json    |   2 +
 fittrackee_client/src/router/index.ts         |   6 +
 .../src/store/modules/authUser/actions.ts     |  55 ++++++
 .../src/store/modules/authUser/enums.ts       |   4 +
 .../src/store/modules/authUser/getters.ts     |   3 +
 .../src/store/modules/authUser/mutations.ts   |   8 +-
 .../src/store/modules/authUser/state.ts       |   1 +
 .../src/store/modules/authUser/types.ts       |  22 +++
 fittrackee_client/src/types/user.ts           |  10 ++
 23 files changed, 469 insertions(+), 131 deletions(-)
 create mode 100644 fittrackee_client/src/components/User/ProfileDisplay/FollowRequests.vue

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
index 65d68af30..6af9a9472 100644
--- a/fittrackee/federation/activities.py
+++ b/fittrackee/federation/activities.py
@@ -4,6 +4,10 @@
 from fittrackee import appLog
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
+from fittrackee.federation.utils_user import (
+    create_remote_user,
+    get_or_create_remote_domain_from_url,
+)
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
@@ -22,7 +26,9 @@ def activity_name(self) -> str:
     def process_activity(self) -> None:
         pass
 
-    def get_actors(self) -> Tuple[Actor, Actor]:
+    def get_actors(
+        self, create_remote_actor: bool = False
+    ) -> Tuple[Actor, Actor]:
         """
         return actors from activity 'actor' and 'object'
         """
@@ -30,9 +36,18 @@ def get_actors(self) -> Tuple[Actor, Actor]:
             activitypub_id=self.activity['actor']
         ).first()
         if not actor:
-            raise ActorNotFoundException(
-                f'actor not found for {self.activity_name()}'
-            )
+            if create_remote_actor:
+                remote_domain = get_or_create_remote_domain_from_url(
+                    self.activity['actor']
+                )
+                user = create_remote_user(
+                    remote_domain, self.activity['actor']
+                )
+                actor = user.actor
+            else:
+                raise ActorNotFoundException(
+                    f'actor not found for {self.activity_name()}'
+                )
 
         if isinstance(self.activity['object'], str):
             object_actor_activitypub_id = self.activity['object']
@@ -60,7 +75,9 @@ def process_activity(self) -> None:
 
 class FollowActivity(FollowBaseActivity):
     def process_activity(self) -> None:
-        follower_actor, followed_actor = self.get_actors()
+        follower_actor, followed_actor = self.get_actors(
+            create_remote_actor=True
+        )
         try:
             follower_actor.user.send_follow_request_to(followed_actor.user)
         except FollowRequestAlreadyRejectedError as e:
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 2664bb230..fc846ede7 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -1,6 +1,7 @@
 import os
 import re
 from typing import Dict, Optional, Tuple
+from urllib.parse import urlparse
 
 import requests
 from flask import current_app
@@ -86,34 +87,30 @@ def update_actor_data(actor: Actor, remote_actor_object: Dict) -> None:
     update_remote_actor_stats(actor)
 
 
-def create_remote_user(username: str, domain: str) -> User:
-    if domain == current_app.config['UI_URL']:
+def get_or_create_remote_domain(domain_name: str) -> Domain:
+    if domain_name == current_app.config['AP_DOMAIN']:
         raise RemoteActorException(
             'the provided account is not a remote account'
         )
 
-    remote_domain = Domain.query.filter_by(name=domain).first()
+    remote_domain = Domain.query.filter_by(name=domain_name).first()
     if not remote_domain:
-        remote_domain = Domain(name=domain)
+        remote_domain = Domain(name=domain_name)
         db.session.add(remote_domain)
-        db.session.flush()
+        db.session.commit()
+    return remote_domain
 
-    # get account links via Webfinger
-    try:
-        webfinger = fetch_account_from_webfinger(username, domain)
-    except ActorNotFoundException:
-        raise RemoteActorException('can not fetch remote actor')
-    remote_actor_url = next(
-        (item for item in webfinger.get('links', []) if item['rel'] == 'self'),
-        None,
-    )
-    if not remote_actor_url:
-        raise RemoteActorException(
-            'invalid data fetched from webfinger endpoint'
-        )
 
+def get_or_create_remote_domain_from_url(actor_url: str) -> Domain:
+    domain_name = urlparse(actor_url).netloc
+    if not domain_name:
+        raise RemoteActorException('invalid actor url')
+    return get_or_create_remote_domain(domain_name)
+
+
+def create_remote_user(remote_domain: Domain, remote_actor_url: str) -> User:
     try:
-        remote_actor_object = get_remote_actor_url(remote_actor_url['href'])
+        remote_actor_object = get_remote_actor_url(remote_actor_url)
     except ActorNotFoundException:
         raise RemoteActorException('can not fetch remote actor')
 
@@ -155,6 +152,26 @@ def create_remote_user(username: str, domain: str) -> User:
     return actor.user
 
 
+def create_remote_user_from_username(username: str, domain_name: str) -> User:
+    remote_domain = get_or_create_remote_domain(domain_name)
+
+    # get account links via Webfinger
+    try:
+        webfinger = fetch_account_from_webfinger(username, domain_name)
+    except ActorNotFoundException:
+        raise RemoteActorException('can not fetch remote actor')
+    remote_actor_url = next(
+        (item for item in webfinger.get('links', []) if item['rel'] == 'self'),
+        None,
+    )
+    if not remote_actor_url:
+        raise RemoteActorException(
+            'invalid data fetched from webfinger endpoint'
+        )
+
+    return create_remote_user(remote_domain, remote_actor_url['href'])
+
+
 def update_remote_user(actor: Actor) -> None:
     if not actor.is_remote:
         return None
@@ -193,7 +210,7 @@ def get_user_from_username(
             ).first()
         if not actor:
             if with_action == 'creation':
-                return create_remote_user(name, domain_name)
+                return create_remote_user_from_username(name, domain_name)
             else:
                 raise UserNotFoundException()
         if with_action == 'refresh':  # refresh existing actor
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index 204a153ce..bd7ec72e7 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -1,4 +1,5 @@
 from typing import Dict, Optional, Union
+from unittest.mock import patch
 
 import pytest
 from flask import Flask
@@ -158,7 +159,7 @@ def test_it_raises_error_if_follow_request_already_rejected(
         with pytest.raises(FollowRequestAlreadyRejectedError):
             activity.process_activity()
 
-    def test_it_creates_follow_request(
+    def test_it_creates_follow_request_with_existing_remote_user(
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -180,6 +181,34 @@ def test_it_creates_follow_request(
         ).first()
         assert follow_request is not None
 
+    def test_it_creates_remote_user_and_follow_request(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+    ) -> None:
+        follow_activity = self.generate_follow_activity(
+            follower_actor_id=random_actor.activitypub_id,
+            followed_actor=user_1.actor,
+        )
+        activity = get_activity_instance({'type': follow_activity['type']})(
+            activity_dict=follow_activity
+        )
+        with patch(
+            'fittrackee.federation.utils_user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ), patch(
+            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils_user.update_remote_actor_stats'
+        ):
+            activity.process_activity()
+
+        follow_request = FollowRequest.query.filter_by(
+            followed_user_id=user_1.id,
+        ).first()
+        assert follow_request.from_user.actor.fullname == random_actor.fullname
+
     def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 72e5a6324..6230c390b 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -1,6 +1,7 @@
 import os
 from typing import Dict, Union
 from unittest.mock import patch
+from urllib.parse import urlparse
 
 import pytest
 from flask import Flask
@@ -11,7 +12,8 @@
 )
 from fittrackee.federation.models import Domain
 from fittrackee.federation.utils_user import (
-    create_remote_user,
+    create_remote_user_from_username,
+    get_or_create_remote_domain_from_url,
     get_user_from_username,
     get_username_and_domain,
     store_or_delete_user_picture,
@@ -64,6 +66,51 @@ def test_it_returns_none_if_it_does_not_match(
         assert get_username_and_domain(input_user_account) == (None, None)
 
 
+class TestGetOrCreateDomainFromActorUrl:
+    @pytest.mark.parametrize(
+        'input_desc,input_url',
+        [
+            ('empty string', ''),
+            ('random string', random_string()),
+        ],
+    )
+    def test_it_raises_exception_when_url_is_invalid(
+        self, input_desc: str, input_url: str
+    ) -> None:
+        with pytest.raises(RemoteActorException, match='invalid actor url'):
+
+            get_or_create_remote_domain_from_url(input_url)
+
+    def test_it_raises_an_error_if_domain_is_local(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        with pytest.raises(
+            RemoteActorException,
+            match='the provided account is not a remote account',
+        ):
+
+            get_or_create_remote_domain_from_url(user_1.actor.activitypub_id)
+
+    def test_it_creates_and_returns_remote_domain(
+        self, app_with_federation: Flask, random_actor: RandomActor
+    ) -> None:
+        domain = get_or_create_remote_domain_from_url(
+            random_actor.activitypub_id
+        )
+
+        assert isinstance(domain, Domain)
+        assert domain.name == urlparse(random_actor.activitypub_id).netloc
+
+    def test_it_returns_existing_remote_domain(
+        self, app_with_federation: Flask, remote_domain: Domain
+    ) -> None:
+        domain = get_or_create_remote_domain_from_url(
+            f'https://{remote_domain.name}/users/random'
+        )
+
+        assert domain == remote_domain
+
+
 class TestCreateRemoteUser:
     def test_it_returns_error_if_remote_actor_domain_is_local(
         self, app_with_federation: Flask
@@ -76,8 +123,8 @@ def test_it_returns_error_if_remote_actor_domain_is_local(
             ),
         ):
 
-            create_remote_user(
-                random_string(), app_with_federation.config["UI_URL"]
+            create_remote_user_from_username(
+                random_string(), app_with_federation.config['AP_DOMAIN']
             )
 
     def test_it_returns_error_if_remote_webfinger_returns_error(
@@ -94,7 +141,7 @@ def test_it_returns_error_if_remote_webfinger_returns_error(
             match='Invalid remote actor: can not fetch remote actor.',
         ):
 
-            create_remote_user(
+            create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -150,7 +197,7 @@ def test_it_returns_error_if_remote_webfinger_does_not_return_links(
                 'from webfinger endpoint.'
             ),
         ):
-            create_remote_user(
+            create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -171,7 +218,7 @@ def test_it_returns_error_if_fetching_remote_user_returns_error(
             match='Invalid remote actor: can not fetch remote actor.',
         ):
 
-            create_remote_user(
+            create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -194,7 +241,7 @@ def test_it_returns_error_if_preferred_username_is_missing_in_remote_actor_objec
             match='Invalid remote actor: invalid remote actor object.',
         ):
 
-            create_remote_user(
+            create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -217,7 +264,7 @@ def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
             match='Invalid remote actor: invalid remote actor object.',
         ):
 
-            create_remote_user(
+            create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -237,7 +284,7 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
             return_value=random_actor.get_remote_user_object(),
         ):
 
-            user = create_remote_user(
+            user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -259,7 +306,7 @@ def test_it_creates_remote_actor_when_actor_and_domain_does_not_exist(
             'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
-            user = create_remote_user(
+            user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -279,7 +326,7 @@ def test_it_uses_preferred_name_as_username_if_name_is_empty(
             'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=remote_user_object,
         ):
-            user = create_remote_user(
+            user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -300,7 +347,7 @@ def test_it_calls_store_or_delete_user_picture(
         ), patch(
             'fittrackee.federation.utils_user.store_or_delete_user_picture'
         ) as store_or_delete_mock:
-            user = create_remote_user(
+            user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -323,7 +370,7 @@ def test_it_calls_update_remote_actor_stats(
         ), patch(
             'fittrackee.federation.utils_user.update_remote_actor_stats'
         ) as update_remote_actor_stats_mock:
-            user = create_remote_user(
+            user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
@@ -355,7 +402,7 @@ def test_it_raises_error_if_remote_actor_exists(
             RemoteActorException,
             match='Invalid remote actor: actor already exists.',
         ):
-            create_remote_user(
+            create_remote_user_from_username(
                 remote_user.actor.preferred_username,
                 remote_user.actor.domain.name,
             )
@@ -376,7 +423,7 @@ def test_it_creates_additional_remote_actor(
             'fittrackee.federation.utils_user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
-            user = create_remote_user(
+            user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
             )
 
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index 585401c24..873bf22e4 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -20,7 +20,7 @@ def test_it_returns_empty_list_if_no_follow_request(
         )
 
         response = client.get(
-            '/api/follow_requests',
+            '/api/follow-requests',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -30,7 +30,7 @@ def test_it_returns_empty_list_if_no_follow_request(
         assert data['status'] == 'success'
         assert data['data']['follow_requests'] == []
 
-    def test_it_returns_current_user_follow_requests_with_actors(
+    def test_it_returns_current_user_follow_requests(
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -46,7 +46,7 @@ def test_it_returns_current_user_follow_requests_with_actors(
         )
 
         response = client.get(
-            '/api/follow_requests',
+            '/api/follow-requests',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -55,8 +55,8 @@ def test_it_returns_current_user_follow_requests_with_actors(
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['follow_requests']) == 1
-        assert data['data']['follow_requests'][0]['name'] == 'toto'
-        assert '@context' in data['data']['follow_requests'][0]
+        assert data['data']['follow_requests'][0]['username'] == 'toto'
+        assert data['data']['follow_requests'][0]['nb_workouts'] == 0
 
 
 class TestAcceptLocalFollowRequestWithFederation(FollowRequestTestCase):
@@ -70,7 +70,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         )
 
         self.assert_return_user_not_found(
-            f'/api/follow_requests/{random_string()}/accept',
+            f'/api/follow-requests/{random_string()}/accept',
             client,
             auth_token,
         )
@@ -132,7 +132,7 @@ def test_it_does_not_call_send_to_user_inbox(
         )
 
         client.post(
-            f'/api/follow_requests/{user_2.username}/accept',
+            f'/api/follow-requests/{user_2.username}/accept',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -178,7 +178,7 @@ def test_it_calls_send_to_user_inbox(
         )
 
         client.post(
-            f'/api/follow_requests/{remote_actor.fullname}/accept',
+            f'/api/follow-requests/{remote_actor.fullname}/accept',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -206,7 +206,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         )
 
         self.assert_return_user_not_found(
-            f'/api/follow_requests/{random_string()}/reject',
+            f'/api/follow-requests/{random_string()}/reject',
             client,
             auth_token,
         )
@@ -267,7 +267,7 @@ def test_it_does_not_call_send_to_user_inbox(
         )
 
         client.post(
-            f'/api/follow_requests/{user_2.username}/reject',
+            f'/api/follow-requests/{user_2.username}/reject',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -313,7 +313,7 @@ def test_it_calls_send_to_user_inbox(
         )
 
         client.post(
-            f'/api/follow_requests/{remote_actor.fullname}/reject',
+            f'/api/follow-requests/{remote_actor.fullname}/reject',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 06e1e2506..b5ec5df63 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -50,8 +50,6 @@ def test_follow_request_model(
         user_2: User,
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
-        actor_1 = user_1.actor
-        actor_2 = user_2.actor
         assert '<FollowRequest from user \'1\' to user \'2\'>' == str(
             follow_request_from_user_1_to_user_2
         )
@@ -59,8 +57,8 @@ def test_follow_request_model(
         serialized_follow_request = (
             follow_request_from_user_1_to_user_2.serialize()
         )
-        assert serialized_follow_request['from_user'] == actor_1.serialize()
-        assert serialized_follow_request['to_user'] == actor_2.serialize()
+        assert serialized_follow_request['from_user'] == user_1.serialize()
+        assert serialized_follow_request['to_user'] == user_2.serialize()
 
     def test_it_returns_follow_activity_object(
         self,
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
index e7c379f1f..c0b608237 100644
--- a/fittrackee/tests/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -20,7 +20,7 @@ def test_it_returns_empty_list_if_no_follow_request(
         )
 
         response = client.get(
-            '/api/follow_requests',
+            '/api/follow-requests',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -44,7 +44,7 @@ def test_it_returns_current_user_pending_follow_requests(
         )
 
         response = client.get(
-            '/api/follow_requests',
+            '/api/follow-requests',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -70,7 +70,7 @@ def test_it_returns_pagination(
         )
 
         response = client.get(
-            '/api/follow_requests',
+            '/api/follow-requests',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -100,7 +100,7 @@ def test_it_returns_second_page(
         )
 
         response = client.get(
-            '/api/follow_requests?page=2',
+            '/api/follow-requests?page=2',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -131,7 +131,7 @@ def test_it_returns_max_follow_request_per_page(
         )
 
         response = client.get(
-            '/api/follow_requests?per_page=10',
+            '/api/follow-requests?per_page=10',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -161,7 +161,7 @@ def test_it_returns_follow_requests_with_descending_order(
         )
 
         response = client.get(
-            '/api/follow_requests?order=desc',
+            '/api/follow-requests?order=desc',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -185,7 +185,7 @@ def test_it_returns_one_request_per_page(
         )
 
         response = client.get(
-            '/api/follow_requests?per_page=1',
+            '/api/follow-requests?per_page=1',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -215,7 +215,7 @@ def test_it_returns_second_page_with_one_request_per_page_with_descending_order(
         )
 
         response = client.get(
-            '/api/follow_requests?page=2&per_page=1&order=desc',
+            '/api/follow-requests?page=2&per_page=1&order=desc',
             content_type='application/json',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
@@ -242,7 +242,7 @@ def assert_it_returns_follow_request_not_found(
         user_name: str,
         action: str,
     ) -> None:
-        url = f'/api/follow_requests/{user_name}/{action}'
+        url = f'/api/follow-requests/{user_name}/{action}'
         self.assert_return_not_found(
             url, client, auth_token, 'Follow request does not exist.'
         )
@@ -254,7 +254,7 @@ def assert_it_returns_follow_request_already_processed(
         user_name: str,
         action: str,
     ) -> None:
-        url = f'/api/follow_requests/{user_name}/{action}'
+        url = f'/api/follow-requests/{user_name}/{action}'
         response = client.post(
             url,
             content_type='application/json',
@@ -275,7 +275,7 @@ def assert_it_returns_follow_request_processed(
         user_name: str,
         action: str,
     ) -> None:
-        url = f'/api/follow_requests/{user_name}/{action}'
+        url = f'/api/follow-requests/{user_name}/{action}'
         response = client.post(
             url,
             content_type='application/json',
@@ -301,7 +301,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         )
 
         self.assert_return_user_not_found(
-            f'/api/follow_requests/{random_string()}/accept',
+            f'/api/follow-requests/{random_string()}/accept',
             client,
             auth_token,
         )
@@ -360,7 +360,7 @@ def test_it_raises_error_if_target_user_does_not_exist(
         )
 
         self.assert_return_user_not_found(
-            f'/api/follow_requests/{random_string()}/reject',
+            f'/api/follow-requests/{random_string()}/reject',
             client,
             auth_token,
         )
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index f6f45b3e7..caecffc2b 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -29,7 +29,7 @@
 MAX_FOLLOW_REQUESTS_PER_PAGE = 50
 
 
-@follow_requests_blueprint.route('/follow_requests', methods=['GET'])
+@follow_requests_blueprint.route('/follow-requests', methods=['GET'])
 @authenticate
 def get_follow_requests(auth_user: User) -> Dict:
     """
@@ -41,13 +41,13 @@ def get_follow_requests(auth_user: User) -> Dict:
 
     .. sourcecode:: http
 
-      GET /api/follow_requests/ HTTP/1.1
+      GET /api/follow-requests/ HTTP/1.1
 
     - with some query parameters
 
     .. sourcecode:: http
 
-      GET /api/follow_requests?page=1&order=desc  HTTP/1.1
+      GET /api/follow-requests?page=1&order=desc  HTTP/1.1
 
     **Example responses**:
 
@@ -92,51 +92,6 @@ def get_follow_requests(auth_user: User) -> Dict:
         "status": "success"
       }
 
-    - if federation is enabled
-
-    .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Content-Type: application/json
-
-      {
-        "data": {
-          "follow_requests": [
-            {
-              "@context": [
-                "https://www.w3.org/ns/activitystreams",
-                "https://w3id.org/security/v1"
-              ],
-              "endpoints": {
-                "sharedInbox": "https://example.com/federation/inbox"
-              },
-              "followers": "https://example.com/federation/user/Sam/followers",
-              "following": "https://example.com/federation/user/Sam/following",
-              "id": "https://example.com/federation/user/Sam",
-              "inbox": "https://example.com/federation/user/Sam/inbox",
-              "manuallyApprovesFollowers": true,
-              "name": "Sam",
-              "outbox": "https://example.com/federation/user/Sam/outbox",
-              "preferredUsername": "Sam",
-              "publicKey": {
-                "id": "https://example.com/federation/user/Sam#main-key",
-                "owner": "https://example.com/federation/user/Sam",
-                "publicKeyPem": "[PUBLIC KEY]"
-              },
-              "type": "Person",
-              "url": "https://example.com/users/Sam"
-            }
-          ]
-        },
-        "pagination": {
-          "has_next": false,
-          "has_prev": false,
-          "page": 1,
-          "pages": 1,
-          "total": 1
-        },
-        "status": "success"
-      }
 
     :query integer page: page if using pagination (default: 1)
     :query integer per_page: number of follow requests per page
@@ -223,7 +178,7 @@ def process_follow_request(
 
 
 @follow_requests_blueprint.route(
-    '/follow_requests/<user_name>/accept', methods=['POST']
+    '/follow-requests/<user_name>/accept', methods=['POST']
 )
 @authenticate
 def accept_follow_request(
@@ -238,13 +193,13 @@ def accept_follow_request(
 
     .. sourcecode:: http
 
-      POST /api/follow_requests/Sam/accept HTTP/1.1
+      POST /api/follow-requests/Sam/accept HTTP/1.1
 
     - from remote instance
 
     .. sourcecode:: http
 
-      POST /api/follow_requests/sam@remote-instance.net/accept HTTP/1.1
+      POST /api/follow-requests/sam@remote-instance.net/accept HTTP/1.1
 
     **Example responses**:
 
@@ -278,7 +233,7 @@ def accept_follow_request(
 
 
 @follow_requests_blueprint.route(
-    '/follow_requests/<user_name>/reject', methods=['POST']
+    '/follow-requests/<user_name>/reject', methods=['POST']
 )
 @authenticate
 def reject_follow_request(
@@ -293,13 +248,13 @@ def reject_follow_request(
 
     .. sourcecode:: http
 
-      POST /api/follow_requests/Sam/reject HTTP/1.1
+      POST /api/follow-requests/Sam/reject HTTP/1.1
 
     - from remote instance
 
     .. sourcecode:: http
 
-      POST /api/follow_requests/sam@remote-instance.net/reject HTTP/1.1
+      POST /api/follow-requests/sam@remote-instance.net/reject HTTP/1.1
 
     **Example responses**:
 
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 505bba90e..86ae81353 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -60,11 +60,6 @@ def is_rejected(self) -> bool:
         return not self.is_approved and self.updated_at is not None
 
     def serialize(self) -> Dict:
-        if current_app.config['federation_enabled']:
-            return {
-                'from_user': self.from_user.actor.serialize(),
-                'to_user': self.to_user.actor.serialize(),
-            }
         return {
             'from_user': self.from_user.serialize(),
             'to_user': self.to_user.serialize(),
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/FollowRequests.vue b/fittrackee_client/src/components/User/ProfileDisplay/FollowRequests.vue
new file mode 100644
index 000000000..9226dd870
--- /dev/null
+++ b/fittrackee_client/src/components/User/ProfileDisplay/FollowRequests.vue
@@ -0,0 +1,156 @@
+<template>
+  <div class="follow-requests">
+    <div v-if="followRequests.length > 0">
+      <div
+        v-for="user in followRequests"
+        :key="getUserName(user)"
+        class="box follow-request"
+      >
+        <UserPicture :user="user" />
+        <div class="user-name">
+          <router-link :to="`/users/${getUserName(user)}?from=users`">
+            {{ user.username }}
+          </router-link>
+          <div class="remote-user-account" v-if="user.is_remote">
+            {{ user.fullname }}
+          </div>
+        </div>
+        <div class="follow-requests-actions">
+          <button @click="updateFollowRequest(getUserName(user), 'accept')">
+            <i class="fa fa-check" aria-hidden="true" />
+          </button>
+          <button
+            @click="updateFollowRequest(getUserName(user), 'reject')"
+            class="danger"
+          >
+            <i class="fa fa-times" aria-hidden="true" />
+          </button>
+        </div>
+      </div>
+      <Pagination
+        path="/profile/follow-requests"
+        :pagination="pagination"
+        :query="{}"
+      />
+    </div>
+    <p v-else class="no-follow-requests">
+      {{ $t('user.RELATIONSHIPS.NO_FOLLOW_REQUESTS') }}
+    </p>
+    <div class="profile-buttons">
+      <button @click="$router.push('/')">{{ $t('common.HOME') }}</button>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { computed, ComputedRef, onBeforeMount, onUnmounted, watch } from 'vue'
+  import { LocationQuery, useRoute } from 'vue-router'
+
+  import Pagination from '@/components/Common/Pagination.vue'
+  import UserPicture from '@/components/User/UserPicture.vue'
+  import { AUTH_USER_STORE, USERS_STORE } from '@/store/constants'
+  import { IPagination } from '@/types/api'
+  import {
+    IUserProfile,
+    IFollowRequestsPayload,
+    TFollowRequestAction,
+  } from '@/types/user'
+  import { useStore } from '@/use/useStore'
+  import { getUserName } from '@/utils/user'
+
+  const route = useRoute()
+  const store = useStore()
+  const payload: IFollowRequestsPayload = {
+    page: 1,
+  }
+  const followRequests: ComputedRef<IUserProfile[]> = computed(
+    () => store.getters[AUTH_USER_STORE.GETTERS.FOLLOW_REQUESTS]
+  )
+  const pagination: ComputedRef<IPagination> = computed(
+    () => store.getters[USERS_STORE.GETTERS.USERS_PAGINATION]
+  )
+
+  onBeforeMount(() => loadFollowRequests(getQuery(route.query)))
+
+  function loadFollowRequests(payload: IFollowRequestsPayload) {
+    store.dispatch(AUTH_USER_STORE.ACTIONS.GET_FOLLOW_REQUESTS, payload)
+  }
+  function updateFollowRequest(username: string, action: TFollowRequestAction) {
+    store.dispatch(AUTH_USER_STORE.ACTIONS.UPDATE_FOLLOW_REQUESTS, {
+      username,
+      action,
+    })
+  }
+  function getQuery(query: LocationQuery): IFollowRequestsPayload {
+    payload.page = query.page ? +query.page : 1
+    return payload
+  }
+
+  onUnmounted(() =>
+    store.commit(AUTH_USER_STORE.MUTATIONS.UPDATE_FOLLOW_REQUESTS, [])
+  )
+
+  watch(
+    () => route.query,
+    (newQuery: LocationQuery) => {
+      if (route.path === '/profile/follow-requests') {
+        store.dispatch(
+          AUTH_USER_STORE.ACTIONS.GET_FOLLOW_REQUESTS,
+          getQuery(newQuery)
+        )
+      }
+    }
+  )
+</script>
+
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+
+  .follow-requests {
+    .follow-request {
+      display: flex;
+      ::v-deep(.user-picture) {
+        min-width: 15%;
+        img {
+          height: 60px;
+          width: 60px;
+        }
+        .no-picture {
+          font-size: 3.8em;
+        }
+      }
+
+      .user-name {
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+        flex-grow: 2;
+      }
+
+      .follow-requests-actions {
+        display: flex;
+        flex-direction: column;
+        gap: $default-padding;
+
+        button {
+          width: 60px;
+        }
+      }
+    }
+
+    @media screen and (max-width: $small-limit) {
+      .follow-request {
+        flex-direction: column;
+        .user-name {
+          padding-bottom: $default-padding;
+        }
+        .follow-requests-actions {
+          flex-direction: row;
+          button {
+            flex-grow: 1;
+          }
+        }
+      }
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/User/ProfileDisplay/index.vue b/fittrackee_client/src/components/User/ProfileDisplay/index.vue
index a7a75fd27..2a31bfbf2 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/index.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/index.vue
@@ -27,7 +27,7 @@
   const props = defineProps<Props>()
 
   const { user, tab } = toRefs(props)
-  const tabs = ['PROFILE', 'PREFERENCES', 'SPORTS']
+  const tabs = ['PROFILE', 'PREFERENCES', 'SPORTS', 'FOLLOW-REQUESTS']
 </script>
 
 <style lang="scss" scoped>
diff --git a/fittrackee_client/src/components/User/UserPicture.vue b/fittrackee_client/src/components/User/UserPicture.vue
index 2e5ec09b0..14e770efe 100644
--- a/fittrackee_client/src/components/User/UserPicture.vue
+++ b/fittrackee_client/src/components/User/UserPicture.vue
@@ -17,6 +17,7 @@
 
   import { IUserProfile } from '@/types/user'
   import { getApiUrl } from '@/utils'
+  import { getUserName } from '@/utils/user'
 
   interface Props {
     user: IUserProfile
@@ -25,7 +26,7 @@
 
   const authUserPictureUrl = computed(() =>
     props.user.picture
-      ? `${getApiUrl()}users/${props.user.username}/picture`
+      ? `${getApiUrl()}users/${getUserName(props.user)}/picture`
       : ''
   )
 </script>
diff --git a/fittrackee_client/src/components/User/UserProfileTabs.vue b/fittrackee_client/src/components/User/UserProfileTabs.vue
index 037c5a872..84d7b5f7f 100644
--- a/fittrackee_client/src/components/User/UserProfileTabs.vue
+++ b/fittrackee_client/src/components/User/UserProfileTabs.vue
@@ -37,6 +37,7 @@
     switch (tab) {
       case 'PICTURE':
         return '/profile/edit/picture'
+      case 'FOLLOW-REQUESTS':
       case 'PREFERENCES':
       case 'SPORTS':
         return `/profile${
@@ -55,4 +56,15 @@
   .profile-tabs {
     margin: $default-margin 0 $default-margin;
   }
+  @media screen and (max-width: $small-limit) {
+    .profile-tabs-checkboxes {
+      display: flex;
+      flex-wrap: wrap;
+      justify-content: center;
+
+      .profile-tab {
+        padding-bottom: $default-padding * 0.5;
+      }
+    }
+  }
 </style>
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index 08f34ae6e..cd076c023 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -52,6 +52,7 @@
     "SPORTS_EDITION": "Sports preferences edition",
     "SUNDAY": "Sunday",
     "TABS": {
+      "FOLLOW-REQUESTS": "follow requests",
       "PICTURE": "picture",
       "PREFERENCES": "preferences",
       "PROFILE": "profile",
@@ -82,6 +83,7 @@
     "FOLLOWS_YOU": "follows you",
     "NO_FOLLOWERS": "No followers yet.",
     "NO_FOLLOWING": "No following yet.",
+    "NO_FOLLOW_REQUESTS": "No follow requests to check.",
     "UNFOLLOW": "unfollow"
   },
   "RESET_PASSWORD": "Reset your password",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index 701203316..b0a172ddd 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -52,6 +52,7 @@
     "SPORTS_EDITION": "Mise à jour des préférences des sports",
     "SUNDAY": "Dimanche",
     "TABS": {
+      "FOLLOW-REQUESTS": "demandes d'abonnement",
       "PICTURE": "image",
       "PREFERENCES": "préférences",
       "PROFILE": "profil",
@@ -82,6 +83,7 @@
     "FOLLOWS_YOU": "vous suit",
     "NO_FOLLOWERS": "Pas d'abonnés pour le moment.",
     "NO_FOLLOWING": "Pas d'abonnements pour le moment.",
+    "NO_FOLLOW_REQUESTS": "Pas de demandes d'abonnement à valider.",
     "UNFOLLOW": "se désabonner"
   },
   "RESET_PASSWORD": "Réinitialiser votre mot de passe",
diff --git a/fittrackee_client/src/router/index.ts b/fittrackee_client/src/router/index.ts
index 47e1d8c88..1e862eb27 100644
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@@ -4,6 +4,7 @@ import AdminApplication from '@/components/Administration/AdminApplication.vue'
 import AdminMenu from '@/components/Administration/AdminMenu.vue'
 import AdminSports from '@/components/Administration/AdminSports.vue'
 import AdminUsers from '@/components/Administration/AdminUsers.vue'
+import UserFollowRequests from '@/components/User/ProfileDisplay/FollowRequests.vue'
 import Profile from '@/components/User/ProfileDisplay/index.vue'
 import UserInfos from '@/components/User/ProfileDisplay/UserInfos.vue'
 import UserPreferences from '@/components/User/ProfileDisplay/UserPreferences.vue'
@@ -109,6 +110,11 @@ const routes: Array<RouteRecordRaw> = [
             component: UserSportPreferences,
             props: { isEdition: false },
           },
+          {
+            path: 'follow-requests',
+            name: 'FollowRequests',
+            component: UserFollowRequests,
+          },
           {
             path: 'followers',
             name: 'AuthUserFollowers',
diff --git a/fittrackee_client/src/store/modules/authUser/actions.ts b/fittrackee_client/src/store/modules/authUser/actions.ts
index d31aedcde..2610e4b96 100644
--- a/fittrackee_client/src/store/modules/authUser/actions.ts
+++ b/fittrackee_client/src/store/modules/authUser/actions.ts
@@ -19,6 +19,8 @@ import {
 import { IRootState } from '@/store/modules/root/types'
 import { deleteUserAccount } from '@/store/modules/users/actions'
 import {
+  IFollowRequestsActionPayload,
+  IFollowRequestsPayload,
   ILoginOrRegisterData,
   IUserDeletionPayload,
   IUserPasswordPayload,
@@ -39,6 +41,7 @@ const removeAuthUserData = (
   context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
   context.commit(STATS_STORE.MUTATIONS.EMPTY_USER_STATS)
   context.commit(AUTH_USER_STORE.MUTATIONS.CLEAR_AUTH_USER_TOKEN)
+  context.commit(AUTH_USER_STORE.MUTATIONS.UPDATE_FOLLOW_REQUESTS, [])
   context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS, [])
   context.commit(WORKOUTS_STORE.MUTATIONS.EMPTY_WORKOUTS)
   context.commit(WORKOUTS_STORE.MUTATIONS.EMPTY_WORKOUT)
@@ -95,6 +98,35 @@ export const actions: ActionTree<IAuthUserState, IRootState> &
         removeAuthUserData(context)
       })
   },
+  [AUTH_USER_STORE.ACTIONS.GET_FOLLOW_REQUESTS](
+    context: ActionContext<IAuthUserState, IRootState>,
+    payload: IFollowRequestsPayload
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    context.commit(AUTH_USER_STORE.MUTATIONS.UPDATE_USER_LOADING, true)
+    authApi
+      .get('follow-requests', { params: payload })
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.commit(
+            AUTH_USER_STORE.MUTATIONS.UPDATE_FOLLOW_REQUESTS,
+            res.data.data.follow_requests
+          )
+          context.commit(
+            USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION,
+            res.data.pagination
+          )
+        } else {
+          handleError(context, null)
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+      .finally(() =>
+        context.commit(AUTH_USER_STORE.MUTATIONS.UPDATE_USER_LOADING, false)
+      )
+  },
   [AUTH_USER_STORE.ACTIONS.LOGIN_OR_REGISTER](
     context: ActionContext<IAuthUserState, IRootState>,
     data: ILoginOrRegisterData
@@ -125,6 +157,29 @@ export const actions: ActionTree<IAuthUserState, IRootState> &
   ): void {
     removeAuthUserData(context)
   },
+  [AUTH_USER_STORE.ACTIONS.UPDATE_FOLLOW_REQUESTS](
+    context: ActionContext<IAuthUserState, IRootState>,
+    payload: IFollowRequestsActionPayload
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    authApi
+      .post(`follow-requests/${payload.username}/${payload.action}`)
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context
+            .dispatch(AUTH_USER_STORE.ACTIONS.GET_FOLLOW_REQUESTS)
+            .then(() =>
+              context.dispatch(AUTH_USER_STORE.ACTIONS.GET_USER_PROFILE)
+            )
+        } else {
+          handleError(context, null)
+        }
+      })
+      .catch((error) => handleError(context, error))
+      .finally(() =>
+        context.commit(AUTH_USER_STORE.MUTATIONS.UPDATE_USER_LOADING, false)
+      )
+  },
   [AUTH_USER_STORE.ACTIONS.UPDATE_USER_PROFILE](
     context: ActionContext<IAuthUserState, IRootState>,
     payload: IUserPayload
diff --git a/fittrackee_client/src/store/modules/authUser/enums.ts b/fittrackee_client/src/store/modules/authUser/enums.ts
index a6d30f467..8e8a539df 100644
--- a/fittrackee_client/src/store/modules/authUser/enums.ts
+++ b/fittrackee_client/src/store/modules/authUser/enums.ts
@@ -2,12 +2,14 @@ export enum AuthUserActions {
   CHECK_AUTH_USER = 'CHECK_AUTH_USER',
   DELETE_ACCOUNT = 'DELETE_ACCOUNT',
   DELETE_PICTURE = 'DELETE_PICTURE',
+  GET_FOLLOW_REQUESTS = 'GET_FOLLOW_REQUESTS',
   GET_USER_PROFILE = 'GET_USER_PROFILE',
   LOGIN_OR_REGISTER = 'LOGIN_OR_REGISTER',
   LOGOUT = 'LOGOUT',
   SEND_PASSWORD_RESET_REQUEST = 'SEND_PASSWORD_RESET_REQUEST',
   RESET_USER_PASSWORD = 'RESET_USER_PASSWORD',
   RESET_USER_SPORT_PREFERENCES = 'RESET_USER_SPORT_PREFERENCES',
+  UPDATE_FOLLOW_REQUESTS = 'UPDATE_FOLLOW_REQUESTS',
   UPDATE_USER_PICTURE = 'UPDATE_USER_PICTURE',
   UPDATE_USER_PROFILE = 'UPDATE_USER_PROFILE',
   UPDATE_USER_PREFERENCES = 'UPDATE_USER_PREFERENCES',
@@ -17,6 +19,7 @@ export enum AuthUserActions {
 export enum AuthUserGetters {
   AUTH_TOKEN = 'AUTH_TOKEN',
   AUTH_USER_PROFILE = 'AUTH_USER_PROFILE',
+  FOLLOW_REQUESTS = 'FOLLOW_REQUESTS',
   IS_ADMIN = 'IS_ADMIN',
   IS_AUTHENTICATED = 'IS_AUTHENTICATED',
   USER_LOADING = 'USER_LOADING',
@@ -26,5 +29,6 @@ export enum AuthUserMutations {
   CLEAR_AUTH_USER_TOKEN = 'CLEAR_AUTH_USER_TOKEN',
   UPDATE_AUTH_TOKEN = 'UPDATE_AUTH_TOKEN',
   UPDATE_AUTH_USER_PROFILE = 'UPDATE_AUTH_USER_PROFILE',
+  UPDATE_FOLLOW_REQUESTS = 'UPDATE_FOLLOW_REQUESTS',
   UPDATE_USER_LOADING = 'UPDATE_USER_LOADING',
 }
diff --git a/fittrackee_client/src/store/modules/authUser/getters.ts b/fittrackee_client/src/store/modules/authUser/getters.ts
index 15ca802bc..118e0ba5f 100644
--- a/fittrackee_client/src/store/modules/authUser/getters.ts
+++ b/fittrackee_client/src/store/modules/authUser/getters.ts
@@ -15,6 +15,9 @@ export const getters: GetterTree<IAuthUserState, IRootState> &
   [AUTH_USER_STORE.GETTERS.AUTH_USER_PROFILE]: (state: IAuthUserState) => {
     return state.authUserProfile
   },
+  [AUTH_USER_STORE.GETTERS.FOLLOW_REQUESTS]: (state: IAuthUserState) => {
+    return state.followRequests
+  },
   [AUTH_USER_STORE.GETTERS.IS_AUTHENTICATED]: (state: IAuthUserState) => {
     return state.authToken !== null
   },
diff --git a/fittrackee_client/src/store/modules/authUser/mutations.ts b/fittrackee_client/src/store/modules/authUser/mutations.ts
index f48e3488b..79cd80c8b 100644
--- a/fittrackee_client/src/store/modules/authUser/mutations.ts
+++ b/fittrackee_client/src/store/modules/authUser/mutations.ts
@@ -5,7 +5,7 @@ import {
   IAuthUserState,
   TAuthUserMutations,
 } from '@/store/modules/authUser/types'
-import { IAuthUserProfile } from '@/types/user'
+import { IAuthUserProfile, IUserProfile } from '@/types/user'
 
 export const mutations: MutationTree<IAuthUserState> & TAuthUserMutations = {
   [AUTH_USER_STORE.MUTATIONS.CLEAR_AUTH_USER_TOKEN](state: IAuthUserState) {
@@ -24,6 +24,12 @@ export const mutations: MutationTree<IAuthUserState> & TAuthUserMutations = {
   ) {
     state.authUserProfile = authUserProfile
   },
+  [AUTH_USER_STORE.MUTATIONS.UPDATE_FOLLOW_REQUESTS](
+    state: IAuthUserState,
+    followRequests: IUserProfile[]
+  ) {
+    state.followRequests = followRequests
+  },
   [AUTH_USER_STORE.MUTATIONS.UPDATE_USER_LOADING](
     state: IAuthUserState,
     loading: boolean
diff --git a/fittrackee_client/src/store/modules/authUser/state.ts b/fittrackee_client/src/store/modules/authUser/state.ts
index a43a7ca72..3bdd70dc3 100644
--- a/fittrackee_client/src/store/modules/authUser/state.ts
+++ b/fittrackee_client/src/store/modules/authUser/state.ts
@@ -5,4 +5,5 @@ export const authUserState: IAuthUserState = {
   authToken: null,
   authUserProfile: <IAuthUserProfile>{},
   loading: false,
+  followRequests: [],
 }
diff --git a/fittrackee_client/src/store/modules/authUser/types.ts b/fittrackee_client/src/store/modules/authUser/types.ts
index 98f2c8a6f..8fd72dd44 100644
--- a/fittrackee_client/src/store/modules/authUser/types.ts
+++ b/fittrackee_client/src/store/modules/authUser/types.ts
@@ -9,6 +9,8 @@ import { AUTH_USER_STORE } from '@/store/constants'
 import { IRootState } from '@/store/modules/root/types'
 import {
   IAuthUserProfile,
+  IFollowRequestsActionPayload,
+  IFollowRequestsPayload,
   ILoginOrRegisterData,
   IUserDeletionPayload,
   IUserPasswordPayload,
@@ -16,6 +18,7 @@ import {
   IUserPayload,
   IUserPicturePayload,
   IUserPreferencesPayload,
+  IUserProfile,
   IUserSportPreferencesPayload,
 } from '@/types/user'
 
@@ -23,6 +26,7 @@ export interface IAuthUserState {
   authToken: string | null
   authUserProfile: IAuthUserProfile
   loading: boolean
+  followRequests: IUserProfile[]
 }
 
 export interface IAuthUserActions {
@@ -34,6 +38,11 @@ export interface IAuthUserActions {
     context: ActionContext<IAuthUserState, IRootState>
   ): void
 
+  [AUTH_USER_STORE.ACTIONS.GET_FOLLOW_REQUESTS](
+    context: ActionContext<IAuthUserState, IRootState>,
+    payload: IFollowRequestsPayload
+  ): void
+
   [AUTH_USER_STORE.ACTIONS.LOGIN_OR_REGISTER](
     context: ActionContext<IAuthUserState, IRootState>,
     data: ILoginOrRegisterData
@@ -48,6 +57,11 @@ export interface IAuthUserActions {
     payload: IUserPayload
   ): void
 
+  [AUTH_USER_STORE.ACTIONS.UPDATE_FOLLOW_REQUESTS](
+    context: ActionContext<IAuthUserState, IRootState>,
+    payload: IFollowRequestsActionPayload
+  ): void
+
   [AUTH_USER_STORE.ACTIONS.UPDATE_USER_PREFERENCES](
     context: ActionContext<IAuthUserState, IRootState>,
     payload: IUserPreferencesPayload
@@ -95,6 +109,10 @@ export interface IAuthUserGetters {
     state: IAuthUserState
   ): IAuthUserProfile
 
+  [AUTH_USER_STORE.GETTERS.FOLLOW_REQUESTS](
+    state: IAuthUserState
+  ): IUserProfile[]
+
   [AUTH_USER_STORE.GETTERS.IS_ADMIN](state: IAuthUserState): boolean
 
   [AUTH_USER_STORE.GETTERS.IS_AUTHENTICATED](state: IAuthUserState): boolean
@@ -112,6 +130,10 @@ export type TAuthUserMutations<S = IAuthUserState> = {
     state: S,
     authUserProfile: IAuthUserProfile
   ): void
+  [AUTH_USER_STORE.MUTATIONS.UPDATE_FOLLOW_REQUESTS](
+    state: S,
+    followRequests: IUserProfile[]
+  ): void
   [AUTH_USER_STORE.MUTATIONS.UPDATE_USER_LOADING](
     state: S,
     loading: boolean
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index e49545998..73a1ee8e1 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -6,6 +6,7 @@ import { IRecord } from '@/types/workouts'
 export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
 export type TRelationshipAction = 'follow' | 'unfollow'
 export type TRelationships = 'followers' | 'following'
+export type TFollowRequestAction = 'accept' | 'reject'
 
 export interface IUserProfile {
   admin: boolean
@@ -127,3 +128,12 @@ export interface IUserRelationshipsPayload {
   relationship: TRelationships
   page: number
 }
+
+export interface IFollowRequestsPayload {
+  page: number
+}
+
+export interface IFollowRequestsActionPayload {
+  username: string
+  action: TFollowRequestAction
+}

From 352cba1b7a655aba35f52bcd4fc1b7d541577c43 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 31 Jan 2022 10:34:42 +0100
Subject: [PATCH 106/238] API - minor fix

---
 fittrackee/federation/utils_user.py           |  3 +-
 .../tests/federation/users/test_users_api.py  | 36 +++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index fc846ede7..691e2dfc6 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -213,7 +213,8 @@ def get_user_from_username(
                 return create_remote_user_from_username(name, domain_name)
             else:
                 raise UserNotFoundException()
-        if with_action == 'refresh':  # refresh existing actor
+
+        if with_action is not None:  # refresh existing actor
             try:
                 update_remote_user(actor)
             except (ActorNotFoundException, RemoteActorException) as e:
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index 4f36b0422..4fc65341e 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -137,6 +137,42 @@ def test_it_returns_remote_user_when_query_contains_account(
             'total': 1,
         }
 
+    def test_it_calls_update_remote_user_when_remote_user_exists(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_user',
+        ) as update_remote_user_mock:
+            client.get(
+                f'/api/users/remote?q=@{remote_user.actor.fullname}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        update_remote_user_mock.assert_called_with(remote_user.actor)
+
+    def test_it_does_not_call_update_remote_user_for_local_user(
+        self, app_with_federation: Flask, user_1: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_user',
+        ) as update_remote_user_mock:
+            client.get(
+                f'/api/users/remote?q={user_2.username}',
+                content_type='application/json',
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        update_remote_user_mock.assert_not_called()
+
     def test_it_creates_and_returns_remote_user(
         self,
         app_with_federation: Flask,

From d6dec5ef42f01c758b62cd152ace2b6646f616b4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 19:38:49 +0100
Subject: [PATCH 107/238] API - add privacy levels on workouts (WIP)

---
 .../23_8842c351a2d8_init_federation.py        |   31 +
 fittrackee/tests/test_case_mixins.py          |    8 +-
 .../test_workouts_api_0_get_workout.py        | 1784 +++++++++++++++++
 ...py => test_workouts_api_0_get_workouts.py} |  323 ---
 .../workouts/test_workouts_api_1_post.py      |  170 +-
 .../workouts/test_workouts_api_2_patch.py     |   30 +-
 .../workouts/test_workouts_api_3_delete.py    |   21 +-
 .../tests/workouts/test_workouts_model.py     |  438 +++-
 .../test_workouts_utils_visibility.py         |  343 ++++
 fittrackee/tests/workouts/utils.py            |    2 +-
 fittrackee/workouts/exceptions.py             |    5 +
 fittrackee/workouts/models.py                 |  235 ++-
 fittrackee/workouts/utils/visibility.py       |   46 +-
 fittrackee/workouts/workouts.py               |   96 +-
 14 files changed, 2903 insertions(+), 629 deletions(-)
 create mode 100644 fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
 rename fittrackee/tests/workouts/{test_workouts_api_0_get.py => test_workouts_api_0_get_workouts.py} (73%)
 create mode 100644 fittrackee/tests/workouts/test_workouts_utils_visibility.py

diff --git a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
index 0ba8eab94..46350a74d 100644
--- a/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/23_8842c351a2d8_init_federation.py
@@ -202,6 +202,8 @@ def upgrade():
         )
     op.alter_column('users', 'manually_approves_followers', nullable=False)
     op.alter_column('users', 'is_remote', nullable=False)
+    op.alter_column('users', 'workouts_visibility', nullable=False)
+    op.alter_column('users', 'map_visibility', nullable=False)
     op.create_unique_constraint(
         'username_actor_id_unique', 'users', ['username', 'actor_id']
     )
@@ -224,8 +226,37 @@ def upgrade():
         sa.PrimaryKeyConstraint('follower_user_id', 'followed_user_id'),
     )
 
+    op.add_column(
+        'workouts',
+        sa.Column(
+            'workout_visibility',
+            privacy_levels,
+            server_default='PRIVATE',
+            nullable=True
+        )
+    )
+    op.add_column(
+        'workouts',
+        sa.Column(
+            'map_visibility',
+            privacy_levels,
+            server_default='PRIVATE',
+            nullable=True
+        )
+    )
+    op.execute(
+        "UPDATE workouts "
+        "SET workout_visibility = 'PRIVATE', "
+        "    map_visibility = 'PRIVATE' "
+    )
+    op.alter_column('workouts', 'workout_visibility', nullable=False)
+    op.alter_column('workouts', 'map_visibility', nullable=False)
+
 
 def downgrade():
+    op.drop_column('workouts', 'map_visibility')
+    op.drop_column('workouts', 'workout_visibility')
+
     op.drop_table('follow_requests')
 
     # remove remote users (for which password is NULL)
diff --git a/fittrackee/tests/test_case_mixins.py b/fittrackee/tests/test_case_mixins.py
index 300a4e22c..50c12af2a 100644
--- a/fittrackee/tests/test_case_mixins.py
+++ b/fittrackee/tests/test_case_mixins.py
@@ -34,14 +34,18 @@ class ApiTestCaseMixin:
     def get_test_client_and_auth_token(
         app: Flask, user_email: str
     ) -> Tuple[FlaskClient, str]:
-        """user_email must be user 1 email"""
+        """user_email must be user_1 or user_2 email"""
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
             data=json.dumps(
                 dict(
                     email=user_email,
-                    password='12345678',
+                    password=(
+                        '87654321'
+                        if user_email == 'toto@toto.com'
+                        else '12345678'
+                    ),
                 )
             ),
             content_type='application/json',
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
new file mode 100644
index 000000000..5fc2c466a
--- /dev/null
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -0,0 +1,1784 @@
+import json
+from typing import List
+from unittest.mock import mock_open, patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.users.privacy_levels import PrivacyLevel
+from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
+
+from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import random_string
+from .utils import get_random_short_id
+
+
+class GetWorkoutGpxAsFollowerMixin:
+    @staticmethod
+    def init_test_data(
+        workout: Workout,
+        map_visibility: PrivacyLevel,
+        follower: User,
+        followed: User,
+    ) -> None:
+        workout.gpx = 'file.gpx'
+        workout.workout_visibility = PrivacyLevel.FOLLOWERS
+        workout.map_visibility = map_visibility
+        followed.approves_follow_request_from(follower)
+
+
+class GetWorkoutGpxPublicVisibilityMixin:
+    @staticmethod
+    def init_test_data(workout: Workout, map_visibility: PrivacyLevel) -> None:
+        workout.gpx = 'file.gpx'
+        workout.workout_visibility = PrivacyLevel.PUBLIC
+        workout.map_visibility = map_visibility
+
+
+class GetWorkoutTestCase(ApiTestCaseMixin):
+    route = '/api/workouts/{workout_uuid}'
+
+
+class TestGetWorkoutAsWorkoutOwner(GetWorkoutTestCase):
+    def test_it_gets_owner_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert 'creation_date' in data['data']['workouts'][0]
+        assert (
+            'Mon, 01 Jan 2018 00:00:00 GMT'
+            == data['data']['workouts'][0]['workout_date']
+        )
+        assert 'test' == data['data']['workouts'][0]['user']
+        assert 1 == data['data']['workouts'][0]['sport_id']
+        assert 10.0 == data['data']['workouts'][0]['distance']
+        assert '1:00:00' == data['data']['workouts'][0]['duration']
+        assert 'private' == data['data']['workouts'][0]['map_visibility']
+        assert 'private' == data['data']['workouts'][0]['workout_visibility']
+
+
+class TestGetWorkoutAsFollower(GetWorkoutTestCase):
+    def test_it_returns_404_when_workout_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_followed_user_workout(
+        self,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_level
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert data['data']['workouts'][0]['user'] == user_2.username
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_level.value
+        )
+
+
+class TestGetWorkoutAsUser(GetWorkoutTestCase):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=get_random_short_id()),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_workout_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = input_workout_level
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    def test_it_returns_another_user_workout_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert data['data']['workouts'][0]['user'] == user_2.username
+        assert data['data']['workouts'][0]['workout_visibility'] == 'public'
+
+
+class TestGetWorkoutAsUnauthenticatedUser(GetWorkoutTestCase):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask
+    ) -> None:
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=get_random_short_id()),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_workout_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_level
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    def test_it_returns_a_user_workout_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert data['data']['workouts'][0]['user'] == user_1.username
+        assert data['data']['workouts'][0]['workout_visibility'] == 'public'
+
+
+class GetWorkoutGpxTestCase(ApiTestCaseMixin):
+    route = '/api/workouts/{workout_uuid}/gpx'
+
+
+class TestGetWorkoutGpxAsWorkoutOwner(GetWorkoutGpxTestCase):
+    def test_it_returns_404_if_workout_have_no_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert (
+            'no gpx file for this workout (id: '
+            f'{workout_cycling_user_1.short_id})'
+        ) in data['message']
+
+    def test_it_returns_owner_workout_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        gpx_content = random_string()
+        workout_cycling_user_1.gpx = 'file.gpx'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=gpx_content
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['gpx'] == gpx_content
+
+
+class TestGetWorkoutGpxAsFollower(
+    GetWorkoutGpxTestCase, GetWorkoutGpxAsFollowerMixin
+):
+    def test_it_returns_404_when_map_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_2, PrivacyLevel.PRIVATE, user_1, user_2
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=random_string()
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_2.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+            ('map visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_followed_user_workout_gpx(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_2, input_map_visibility, user_1, user_2
+        )
+        gpx_content = random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=gpx_content
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_2.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['gpx'] == gpx_content
+
+
+class TestGetWorkoutGpxAsUser(
+    GetWorkoutGpxTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['gpx'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_2, input_map_visibility)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=random_string()
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_2.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_gpx_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_2, PrivacyLevel.PUBLIC)
+        gpx_content = random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=gpx_content
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_2.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['gpx'] == gpx_content
+
+
+class TestGetWorkoutGpxAsUnauthenticatedUser(
+    GetWorkoutGpxTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['gpx'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, input_map_visibility)
+        client = app.test_client()
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=random_string()
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id
+                ),
+            )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_gpx_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        gpx_content = random_string()
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client = app.test_client()
+        with patch(
+            'builtins.open', new_callable=mock_open, read_data=gpx_content
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id
+                ),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['gpx'] == gpx_content
+
+
+class GetGetWorkoutChartDataTestCase(ApiTestCaseMixin):
+    route = '/api/workouts/{workout_uuid}/chart_data'
+
+
+class TestGetWorkoutChartDataAsWorkoutOwner(GetGetWorkoutChartDataTestCase):
+    def test_it_returns_404_if_workout_have_no_chart_data(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_short_id = workout_cycling_user_1.short_id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert (
+            f'no gpx file for this workout (id: {workout_short_id})'
+            in data['message']
+        )
+
+    def test_it_returns_500_if_a_workout_has_invalid_gpx_pathname(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.gpx = 'some path'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 500
+        assert 'error' in data['status']
+        assert (
+            'error, please try again or contact the administrator'
+            in data['message']
+        )
+        assert 'data' not in data
+
+    def test_it_returns_owner_workout_chart_data(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        chart_data: List = []
+        workout_cycling_user_1.gpx = 'file.gpx'
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutChartDataAsFollower(
+    GetGetWorkoutChartDataTestCase, GetWorkoutGpxAsFollowerMixin
+):
+    def test_it_returns_404_when_map_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_2, PrivacyLevel.PRIVATE, user_1, user_2
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+            ('map visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_chart_data_for_followed_user_workout(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_2, input_map_visibility, user_1, user_2
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        chart_data: List = []
+        workout_cycling_user_2.gpx = 'file.gpx'
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_2.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutChartDataAsUser(
+    GetGetWorkoutChartDataTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['chart_data'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_2, input_map_visibility)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_chart_data_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_2, PrivacyLevel.PUBLIC)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        chart_data: List = []
+        workout_cycling_user_2.gpx = 'file.gpx'
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_2.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutChartDataAsUnauthenticatedUser(
+    GetGetWorkoutChartDataTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['chart_data'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, input_map_visibility)
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_chart_data_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        chart_data: List = []
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client = app.test_client()
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id
+                ),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class GetWorkoutSegmentGpxTestCase(ApiTestCaseMixin):
+    route = '/api/workouts/{workout_uuid}/gpx/segment/{segment_id}'
+
+
+class TestGetWorkoutSegmentGpxAsWorkoutOwner(GetWorkoutSegmentGpxTestCase):
+    def test_it_returns_404_if_workout_have_no_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_short_id = workout_cycling_user_1.short_id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert (
+            f'no gpx file for this workout (id: {workout_short_id})'
+            in data['message']
+        )
+
+    def test_it_returns_404_if_segment_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        gpx_file_with_segments: str,
+    ) -> None:
+        workout_cycling_user_1.gpx = 'file.gpx'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id,
+                    segment_id=100,
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert "No segment with id '100'" in data['message']
+
+    def test_it_gets_segment_gpx_for_owner_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        gpx_file_with_segments: str,
+    ) -> None:
+        workout_cycling_user_1.gpx = 'file.gpx'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert '<trkpt lat="44.68095" lon="6.07367">' in data['data']['gpx']
+
+
+class TestGetWorkoutSegmentGpxAsFollower(
+    GetWorkoutSegmentGpxTestCase, GetWorkoutGpxAsFollowerMixin
+):
+    def test_it_returns_404_when_map_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        gpx_file_with_segments: str,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_1, PrivacyLevel.PRIVATE, user_2, user_1
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+        assert data['data']['gpx'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+            ('map visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_segment_gpx_for_followed_user_workout(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        gpx_file_with_segments: str,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_1, input_map_visibility, user_2, user_1
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert '<trkpt lat="44.68095" lon="6.07367">' in data['data']['gpx']
+
+
+class TestGetWorkoutSegmentGpxAsUser(
+    GetWorkoutSegmentGpxTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id, segment_id=1),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['gpx'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        gpx_file_with_segments: str,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, input_map_visibility)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+        assert data['data']['gpx'] == ''
+
+    def test_it_returns_segment_gpx_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        gpx_file_with_segments: str,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert '<trkpt lat="44.68095" lon="6.07367">' in data['data']['gpx']
+
+
+class TestGetWorkoutSegmentGpxAsUnauthenticatedUser(
+    GetWorkoutSegmentGpxTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id, segment_id=1),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['gpx'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        gpx_file_with_segments: str,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, input_map_visibility)
+        client = app.test_client()
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+            )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+        assert data['data']['gpx'] == ''
+
+    def test_it_returns_segment_gpx_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        gpx_file_with_segments: str,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client = app.test_client()
+        with patch(
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=gpx_file_with_segments,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert '<trkpt lat="44.68095" lon="6.07367">' in data['data']['gpx']
+
+
+class GetWorkoutSegmentChartDataTestCase(ApiTestCaseMixin):
+    route = '/api/workouts/{workout_uuid}/chart_data/segment/{segment_id}'
+
+
+class TestGetWorkoutSegmentChartDataAsWorkoutOwner(
+    GetWorkoutSegmentChartDataTestCase
+):
+    def test_it_returns_404_if_workout_have_no_chart_data(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_short_id = workout_cycling_user_1.short_id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_short_id, segment_id=1),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert (
+            f'no gpx file for this workout (id: {workout_short_id})'
+            in data['message']
+        )
+
+    def test_it_returns_500_if_workout_has_invalid_gpx_pathname(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.gpx = 'some path'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 500
+        assert 'error' in data['status']
+        assert (
+            'error, please try again or contact the administrator'
+            in data['message']
+        )
+        assert 'data' not in data
+
+    def test_it_returns_chart_data(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        chart_data: List = []
+        workout_cycling_user_1.gpx = 'file.gpx'
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutSegmentChartDataAsFollower(
+    GetWorkoutSegmentChartDataTestCase, GetWorkoutGpxAsFollowerMixin
+):
+    def test_it_returns_404_when_map_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_1, PrivacyLevel.PRIVATE, user_2, user_1
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+
+        response = client.get(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+            ('map visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_chart_data_for_follower_user_workout(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        self.init_test_data(
+            workout_cycling_user_1, input_map_visibility, user_2, user_1
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+        chart_data: List = []
+        workout_cycling_user_1.gpx = 'file.gpx'
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutSegmentChartDataAsUser(
+    GetWorkoutSegmentChartDataTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id, segment_id=1),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['chart_data'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, input_map_visibility)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+
+        response = client.get(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_chart_data_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+    ) -> None:
+        chart_data: List = []
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_2.email
+        )
+        workout_cycling_user_1.gpx = 'file.gpx'
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutSegmentChartDataAsUnauthenticatedUser(
+    GetWorkoutSegmentChartDataTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self, app: Flask
+    ) -> None:
+        random_short_id = get_random_short_id()
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=random_short_id, segment_id=1),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert f'workout not found (id: {random_short_id})' in data['message']
+        assert data['data']['chart_data'] == ''
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+            ('map visibility: followers_only', PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_returns_404_when_map_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, input_map_visibility)
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+            ),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_chart_data_when_map_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
+    ) -> None:
+        chart_data: List = []
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client = app.test_client()
+        with patch('builtins.open', new_callable=mock_open), patch(
+            'fittrackee.workouts.workouts.get_chart_data',
+            return_value=chart_data,
+        ):
+
+            response = client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id, segment_id=1
+                ),
+            )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['chart_data'] == chart_data
+
+
+class TestGetWorkoutMap(ApiTestCaseMixin):
+    def test_it_returns_404_if_workout_has_no_map(self, app: Flask) -> None:
+        client = app.test_client()
+        response = client.get(
+            f'/api/workouts/map/{random_string()}',
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'Map does not exist' in data['message']
+
+    def test_it_calls_send_from_directory_if_workout_has_map(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        map_id = random_string()
+        map_file_path = random_string()
+        workout_cycling_user_1.map_id = map_id
+        workout_cycling_user_1.map = map_file_path
+        client = app.test_client()
+        with patch(
+            'fittrackee.workouts.workouts.send_from_directory',
+            return_value='file',
+        ) as mock:
+
+            response = client.get(
+                f'/api/workouts/map/{map_id}',
+            )
+
+        assert response.status_code == 200
+        mock.assert_called_once_with(
+            app.config['UPLOAD_FOLDER'], map_file_path
+        )
+
+
+class DownloadWorkoutGpxTestCase(ApiTestCaseMixin):
+    route = '/api/workouts/{workout_uuid}/gpx/download'
+
+
+class TestDownloadWorkoutGpxAsWorkoutOwner(DownloadWorkoutGpxTestCase):
+    def test_it_returns_404_if_workout_does_not_have_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'no gpx file for workout' in data['message']
+
+    def test_it_calls_send_from_directory_if_workout_has_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        gpx_file_path = 'file.gpx'
+        workout_cycling_user_1.gpx = 'file.gpx'
+        with patch(
+            'fittrackee.workouts.workouts.send_from_directory',
+            return_value='file',
+        ) as mock:
+            client, auth_token = self.get_test_client_and_auth_token(
+                app, user_1.email
+            )
+
+            client.get(
+                self.route.format(
+                    workout_uuid=workout_cycling_user_1.short_id
+                ),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        mock.assert_called_once_with(
+            app.config['UPLOAD_FOLDER'],
+            gpx_file_path,
+            mimetype='application/gpx+xml',
+            as_attachment=True,
+        )
+
+
+class TestDownloadWorkoutGpxAsFollower(DownloadWorkoutGpxTestCase):
+    def test_it_returns_404_for_followed_user_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.gpx = 'file.gpx'
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_2.map_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+
+class TestDownloadWorkoutGpxAsUser(
+    DownloadWorkoutGpxTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404_if_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=get_random_short_id()),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+    def test_it_returns_404_for_another_user_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_2, PrivacyLevel.PUBLIC)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 404
+        assert 'not found' in data['status']
+        assert 'workout not found' in data['message']
+
+
+class TestDownloadWorkoutGpxAsUnauthenticatedUser(
+    DownloadWorkoutGpxTestCase, GetWorkoutGpxPublicVisibilityMixin
+):
+    def test_it_returns_404(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
+        client = app.test_client()
+
+        response = client.get(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 401
+        assert 'error' in data['status']
+        assert 'provide a valid auth token' in data['message']
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
similarity index 73%
rename from fittrackee/tests/workouts/test_workouts_api_0_get.py
rename to fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
index 9228c80af..64cfa7aea 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
@@ -1,6 +1,5 @@
 import json
 from unittest.mock import patch
-from uuid import uuid4
 
 from flask import Flask
 
@@ -8,7 +7,6 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
-from .utils import get_random_short_id
 
 
 class TestGetWorkouts(ApiTestCaseMixin):
@@ -984,324 +982,3 @@ def test_it_get_page_2_with_date_filter_and_ascending_order(
             'pages': 2,
             'total': 7,
         }
-
-
-class TestGetWorkout(ApiTestCaseMixin):
-    def test_it_gets_an_workout(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_cycling_user_1.short_id}',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 200
-        assert 'success' in data['status']
-        assert len(data['data']['workouts']) == 1
-        assert 'creation_date' in data['data']['workouts'][0]
-        assert (
-            'Mon, 01 Jan 2018 00:00:00 GMT'
-            == data['data']['workouts'][0]['workout_date']
-        )
-        assert 'test' == data['data']['workouts'][0]['user']
-        assert 1 == data['data']['workouts'][0]['sport_id']
-        assert 10.0 == data['data']['workouts'][0]['distance']
-        assert '1:00:00' == data['data']['workouts'][0]['duration']
-
-    def test_it_returns_403_if_workout_belongs_to_a_different_user(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_cycling_user_2.short_id}',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 403
-        assert 'error' in data['status']
-        assert 'you do not have permissions' in data['message']
-
-    def test_it_returns_404_if_workout_does_not_exist(
-        self, app: Flask, user_1: User
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{get_random_short_id()}',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert len(data['data']['workouts']) == 0
-
-    def test_it_returns_404_on_getting_gpx_if_workout_does_not_exist(
-        self, app: Flask, user_1: User
-    ) -> None:
-        random_short_id = get_random_short_id()
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{random_short_id}/gpx',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert f'workout not found (id: {random_short_id})' in data['message']
-        assert data['data']['gpx'] == ''
-
-    def test_it_returns_404_on_getting_chart_data_if_workout_does_not_exist(
-        self, app: Flask, user_1: User
-    ) -> None:
-        random_short_id = get_random_short_id()
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{random_short_id}/chart_data',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert f'workout not found (id: {random_short_id})' in data['message']
-        assert data['data']['chart_data'] == ''
-
-    def test_it_returns_404_on_getting_gpx_if_workout_have_no_gpx(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_short_id}/gpx',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert (
-            f'no gpx file for this workout (id: {workout_short_id})'
-            in data['message']
-        )
-
-    def test_it_returns_404_if_workout_have_no_chart_data(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_short_id = workout_cycling_user_1.short_id
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_short_id}/chart_data',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert (
-            f'no gpx file for this workout (id: {workout_short_id})'
-            in data['message']
-        )
-
-    def test_it_returns_500_on_getting_gpx_if_an_workout_has_invalid_gpx_pathname(  # noqa
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.gpx = "some path"
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_cycling_user_1.short_id}/gpx',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 500
-        assert 'error' in data['status']
-        assert (
-            'error, please try again or contact the administrator'
-            in data['message']
-        )
-        assert 'data' not in data
-
-    def test_it_returns_500_on_getting_chart_data_if_an_workout_has_invalid_gpx_pathname(  # noqa
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.gpx = 'some path'
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_cycling_user_1.short_id}/chart_data',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 500
-        assert 'error' in data['status']
-        assert (
-            'error, please try again or contact the administrator'
-            in data['message']
-        )
-        assert 'data' not in data
-
-    def test_it_returns_404_if_workout_has_no_map(
-        self, app: Flask, user_1: User
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-        response = client.get(
-            f'/api/workouts/map/{uuid4().hex}',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-        data = json.loads(response.data.decode())
-
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert 'Map does not exist' in data['message']
-
-
-class TestDownloadWorkoutGpx(ApiTestCaseMixin):
-    def test_it_returns_404_if_workout_does_not_exist(
-        self,
-        app: Flask,
-        user_1: User,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{get_random_short_id()}/gpx/download',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert 'workout not found' in data['message']
-
-    def test_it_returns_404_if_workout_does_not_have_gpx(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_cycling_user_1.short_id}/gpx/download',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert 'no gpx file for workout' in data['message']
-
-    def test_it_returns_404_if_workout_belongs_to_a_different_user(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f'/api/workouts/{workout_cycling_user_2.short_id}/gpx/download',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert 'workout not found' in data['message']
-
-    def test_it_calls_send_from_directory_if_workout_has_gpx(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        gpx_file_path = 'file.gpx'
-        workout_cycling_user_1.gpx = gpx_file_path
-        with patch('fittrackee.workouts.workouts.send_from_directory') as mock:
-            mock.return_value = 'file'
-            client, auth_token = self.get_test_client_and_auth_token(
-                app, user_1.email
-            )
-
-            client.get(
-                (
-                    f'/api/workouts/{workout_cycling_user_1.short_id}/'
-                    'gpx/download'
-                ),
-                headers=dict(Authorization=f'Bearer {auth_token}'),
-            )
-
-        mock.assert_called_once_with(
-            app.config['UPLOAD_FOLDER'],
-            gpx_file_path,
-            mimetype='application/gpx+xml',
-            as_attachment=True,
-        )
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index eca0672f6..60fa20d4c 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -207,7 +207,7 @@ def assert_workout_data_wo_gpx(data: Dict) -> None:
 
 
 class TestPostWorkoutWithGpx(ApiTestCaseMixin, CallArgsMixin):
-    def test_it_adds_an_workout_with_gpx_file(
+    def test_it_adds_a_workout_with_gpx_file(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -226,14 +226,14 @@ def test_it_adds_an_workout_with_gpx_file(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 201
+        data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert 'just a workout' == data['data']['workouts'][0]['title']
         assert_workout_data_with_gpx(data)
 
-    def test_it_adds_an_workout_with_gpx_without_name(
+    def test_it_adds_a_workout_with_gpx_without_name(
         self,
         app: Flask,
         user_1: User,
@@ -256,8 +256,8 @@ def test_it_adds_an_workout_with_gpx_without_name(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 201
+        data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert (
@@ -266,7 +266,7 @@ def test_it_adds_an_workout_with_gpx_without_name(
         )
         assert_workout_data_with_gpx(data)
 
-    def test_it_adds_an_workout_with_gpx_without_name_timezone(
+    def test_it_adds_a_workout_with_gpx_without_name_timezone(
         self,
         app: Flask,
         user_1: User,
@@ -290,8 +290,8 @@ def test_it_adds_an_workout_with_gpx_without_name_timezone(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 201
+        data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert (
@@ -332,9 +332,9 @@ def test_it_adds_a_workout_with_gpx_notes(
                 Authorization=f'Bearer {auth_token}',
             ),
         )
-        data = json.loads(response.data.decode())
 
         assert response.status_code == 201
+        data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0]['notes'] == input_notes
@@ -350,6 +350,7 @@ def test_it_calls_configured_tile_server_for_static_map(
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
+
         client.post(
             '/api/workouts',
             data=dict(
@@ -381,6 +382,7 @@ def test_it_calls_default_tile_server_for_static_map(
         client, auth_token = self.get_test_client_and_auth_token(
             app_default_static_map, user_1.email
         )
+
         client.post(
             '/api/workouts',
             data=dict(
@@ -424,8 +426,8 @@ def test_it_returns_500_if_gpx_file_has_not_tracks(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 500
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'Error during gpx processing.' in data['message']
         assert 'data' not in data
@@ -456,8 +458,8 @@ def test_it_returns_500_if_gpx_has_invalid_xml(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 500
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'Error during gpx file parsing.' in data['message']
         assert 'data' not in data
@@ -481,8 +483,8 @@ def test_it_returns_400_if_workout_gpx_has_invalid_extension(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
         assert data['status'] == 'fail'
         assert data['message'] == 'file extension not allowed'
 
@@ -504,8 +506,8 @@ def test_it_returns_400_if_sport_id_is_not_provided(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
         assert data['status'] == 'error'
         assert data['message'] == 'invalid payload'
 
@@ -528,8 +530,8 @@ def test_it_returns_500_if_sport_id_does_not_exist(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 500
+        data = json.loads(response.data.decode())
         assert data['status'] == 'error'
         assert data['message'] == 'Sport id: 2 does not exist'
 
@@ -549,8 +551,8 @@ def test_returns_400_if_no_gpx_file_is_provided(
             ),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
         assert data['status'] == 'fail'
         assert data['message'] == 'no file part'
 
@@ -576,8 +578,9 @@ def test_it_returns_error_if_file_size_exceeds_limit(
                 Authorization=f'Bearer {auth_token}',
             ),
         )
-        data = json.loads(response.data.decode())
+
         assert response.status_code == 413
+        data = json.loads(response.data.decode())
         assert 'fail' in data['status']
         assert re.match(
             r'Error during workout upload, file size \((.*)\) exceeds 1.0KB.',
@@ -587,7 +590,7 @@ def test_it_returns_error_if_file_size_exceeds_limit(
 
 
 class TestPostWorkoutWithoutGpx(ApiTestCaseMixin):
-    def test_it_adds_an_workout_without_gpx(
+    def test_it_adds_a_workout_without_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -608,8 +611,8 @@ def test_it_adds_an_workout_without_gpx(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 201
+        data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert_workout_data_wo_gpx(data)
@@ -628,8 +631,8 @@ def test_it_returns_400_if_workout_date_is_missing(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 400
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'invalid payload' in data['message']
 
@@ -654,8 +657,8 @@ def test_it_returns_500_if_workout_format_is_invalid(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 500
+        data = json.loads(response.data.decode())
         assert 'fail' in data['status']
         assert 'Error during workout save.' in data['message']
 
@@ -685,8 +688,8 @@ def test_it_adds_workout_with_zero_value(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 201
+        data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert 'creation_date' in data['data']['workouts'][0]
@@ -735,8 +738,8 @@ def test_it_adds_workouts_with_zip_archive(
                 ),
             )
 
-            data = json.loads(response.data.decode())
             assert response.status_code == 201
+            data = json.loads(response.data.decode())
             assert 'created' in data['status']
             assert len(data['data']['workouts']) == 3
             assert 'just a workout' == data['data']['workouts'][0]['title']
@@ -767,8 +770,8 @@ def test_it_returns_400_if_folder_is_present_in_zip_archive(
                 ),
             )
 
-            data = json.loads(response.data.decode())
             assert response.status_code == 400
+            data = json.loads(response.data.decode())
             assert 'fail' in data['status']
             assert len(data['data']['workouts']) == 0
 
@@ -796,8 +799,8 @@ def test_it_returns_500_if_one_file_in_zip_archive_is_invalid(
                 ),
             )
 
-            data = json.loads(response.data.decode())
             assert response.status_code == 500
+            data = json.loads(response.data.decode())
             assert 'error' in data['status']
             assert 'Error during gpx processing.' in data['message']
             assert 'data' not in data
@@ -832,6 +835,7 @@ def test_it_imports_only_max_number_of_files(
                 '/api/workouts',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
+
             data = json.loads(response.data.decode())
             assert len(data['data']['workouts']) == 2
 
@@ -860,8 +864,9 @@ def test_it_returns_error_if_archive_size_exceeds_limit(
                     Authorization=f'Bearer {auth_token}',
                 ),
             )
-            data = json.loads(response.data.decode())
+
             assert response.status_code == 413
+            data = json.loads(response.data.decode())
             assert 'fail' in data['status']
             assert (
                 'Error during workout upload, file size (2.5KB) exceeds 1.0KB.'
@@ -952,12 +957,12 @@ def workout_assertion(
             == 'error, please try again or contact the administrator'
         )
 
-    def test_it_gets_an_workout_created_with_gpx(
+    def test_it_gets_a_workout_created_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         return self.workout_assertion(app, user_1, gpx_file, False)
 
-    def test_it_gets_an_workout_created_with_gpx_with_segments(
+    def test_it_gets_a_workout_created_with_gpx_with_segments(
         self,
         app: Flask,
         user_1: User,
@@ -968,7 +973,7 @@ def test_it_gets_an_workout_created_with_gpx_with_segments(
             app, user_1, gpx_file_with_segments, True
         )
 
-    def test_it_gets_chart_data_for_an_workout_created_with_gpx(
+    def test_it_gets_chart_data_for_a_workout_created_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -999,7 +1004,7 @@ def test_it_gets_chart_data_for_an_workout_created_with_gpx(
         assert data['message'] == ''
         assert data['data']['chart_data'] != ''
 
-    def test_it_gets_segment_chart_data_for_an_workout_created_with_gpx(
+    def test_it_gets_segment_chart_data_for_a_workout_created_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -1030,114 +1035,9 @@ def test_it_gets_segment_chart_data_for_an_workout_created_with_gpx(
         assert data['message'] == ''
         assert data['data']['chart_data'] != ''
 
-    def test_it_returns_403_on_getting_chart_data_if_workout_belongs_to_another_user(  # noqa
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        sport_1_cycling: Sport,
-        gpx_file: str,
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-        response = client.post(
-            '/api/workouts',
-            data=dict(
-                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
-                data='{"sport_id": 1}',
-            ),
-            headers=dict(
-                content_type='multipart/form-data',
-                Authorization=f'Bearer {auth_token}',
-            ),
-        )
-        data = json.loads(response.data.decode())
-        workout_short_id = data['data']['workouts'][0]['id']
-
-        resp_login = client.post(
-            '/api/auth/login',
-            data=json.dumps(dict(email='toto@toto.com', password='87654321')),
-            content_type='application/json',
-        )
-        response = client.get(
-            f'/api/workouts/{workout_short_id}/chart_data',
-            headers=dict(
-                Authorization='Bearer '
-                + json.loads(resp_login.data.decode())['auth_token']
-            ),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 403
-        assert 'error' in data['status']
-        assert data['message'] == 'you do not have permissions'
-
-    def test_it_returns_500_on_invalid_segment_id(
-        self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.post(
-            '/api/workouts',
-            data=dict(
-                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
-                data='{"sport_id": 1}',
-            ),
-            headers=dict(
-                content_type='multipart/form-data',
-                Authorization=f'Bearer {auth_token}',
-            ),
-        )
-        data = json.loads(response.data.decode())
-        workout_short_id = data['data']['workouts'][0]['id']
-        response = client.get(
-            f'/api/workouts/{workout_short_id}/chart_data/segment/0',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 500
-        assert 'error' in data['status']
-        assert data['message'] == 'Incorrect segment id'
-        assert 'data' not in data
-
-    def test_it_returns_404_if_segment_id_does_not_exist(
-        self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.post(
-            '/api/workouts',
-            data=dict(
-                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
-                data='{"sport_id": 1}',
-            ),
-            headers=dict(
-                content_type='multipart/form-data',
-                Authorization=f'Bearer {auth_token}',
-            ),
-        )
-        data = json.loads(response.data.decode())
-        workout_short_id = data['data']['workouts'][0]['id']
-        response = client.get(
-            f'/api/workouts/{workout_short_id}/chart_data/segment/999999',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 404
-        assert 'not found' in data['status']
-        assert data['message'] == 'No segment with id \'999999\''
-        assert 'data' not in data
-
 
 class TestPostAndGetWorkoutWithoutGpx(ApiTestCaseMixin):
-    def test_it_add_and_gets_an_workout_wo_gpx(
+    def test_it_add_and_gets_a_workout_wo_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -1170,7 +1070,7 @@ def test_it_add_and_gets_an_workout_wo_gpx(
         assert len(data['data']['workouts']) == 1
         assert_workout_data_wo_gpx(data)
 
-    def test_it_adds_and_gets_an_workout_wo_gpx_notes(
+    def test_it_adds_and_gets_a_workout_wo_gpx_notes(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -1206,7 +1106,7 @@ def test_it_adds_and_gets_an_workout_wo_gpx_notes(
 
 
 class TestPostAndGetWorkoutUsingTimezones(ApiTestCaseMixin):
-    def test_it_add_and_gets_an_workout_wo_gpx_with_timezone(
+    def test_it_add_and_gets_a_workout_wo_gpx_with_timezone(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
         user_1.timezone = 'Europe/Paris'
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 10f0515ed..ca60749ad 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -9,7 +9,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
-from .utils import get_random_short_id, post_an_workout
+from .utils import get_random_short_id, post_a_workout
 
 
 def assert_workout_data_with_gpx(data: Dict, sport_id: int) -> None:
@@ -56,7 +56,7 @@ def assert_workout_data_with_gpx(data: Dict, sport_id: int) -> None:
 
 
 class TestEditWorkoutWithGpx(ApiTestCaseMixin):
-    def test_it_updates_title_for_an_workout_with_gpx(
+    def test_it_updates_title_for_a_workout_with_gpx(
         self,
         app: Flask,
         user_1: User,
@@ -64,7 +64,7 @@ def test_it_updates_title_for_an_workout_with_gpx(
         sport_2_running: Sport,
         gpx_file: str,
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
 
         response = client.patch(
@@ -100,7 +100,7 @@ def test_it_adds_notes_to_a_workout_with_gpx(
         sport_2_running: Sport,
         gpx_file: str,
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
 
         response = client.patch(
@@ -124,7 +124,7 @@ def test_it_empties_workout_notes(
         sport_2_running: Sport,
         gpx_file: str,
     ) -> None:
-        token, workout_short_id = post_an_workout(
+        token, workout_short_id = post_a_workout(
             app, gpx_file, notes=uuid4().hex
         )
         client = app.test_client()
@@ -142,7 +142,7 @@ def test_it_empties_workout_notes(
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0]['notes'] == ''
 
-    def test_it_raises_403_when_editing_an_workout_from_different_user(
+    def test_it_raises_403_when_editing_a_workout_from_different_user(
         self,
         app: Flask,
         user_1: User,
@@ -151,7 +151,7 @@ def test_it_raises_403_when_editing_an_workout_from_different_user(
         sport_2_running: Sport,
         gpx_file: str,
     ) -> None:
-        _, workout_short_id = post_an_workout(app, gpx_file)
+        _, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
@@ -182,7 +182,7 @@ def test_it_updates_sport(
         sport_2_running: Sport,
         gpx_file: str,
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
 
         response = client.patch(
@@ -203,7 +203,7 @@ def test_it_updates_sport(
     def test_it_returns_400_if_payload_is_empty(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
 
         response = client.patch(
@@ -221,7 +221,7 @@ def test_it_returns_400_if_payload_is_empty(
     def test_it_raises_500_if_sport_does_not_exist(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
 
         response = client.patch(
@@ -241,7 +241,7 @@ def test_it_raises_500_if_sport_does_not_exist(
 
 
 class TestEditWorkoutWithoutGpx(ApiTestCaseMixin):
-    def test_it_updates_an_workout_wo_gpx(
+    def test_it_updates_a_workout_wo_gpx(
         self,
         app: Flask,
         user_1: User,
@@ -382,7 +382,7 @@ def test_it_empties_workout_notes(
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0]['notes'] == ''
 
-    def test_returns_403_when_editing_an_workout_wo_gpx_from_different_user(
+    def test_returns_403_when_editing_a_workout_wo_gpx_from_different_user(
         self,
         app: Flask,
         user_1: User,
@@ -409,12 +409,12 @@ def test_returns_403_when_editing_an_workout_wo_gpx_from_different_user(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        data = json.loads(response.data.decode())
         assert response.status_code == 403
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'you do not have permissions' in data['message']
 
-    def test_it_updates_an_workout_wo_gpx_with_timezone(
+    def test_it_updates_a_workout_wo_gpx_with_timezone(
         self,
         app: Flask,
         user_1_paris: User,
@@ -489,7 +489,7 @@ def test_it_updates_an_workout_wo_gpx_with_timezone(
         assert records[3]['workout_date'] == 'Tue, 15 May 2018 13:05:00 GMT'
         assert records[3]['value'] == 8.0
 
-    def test_it_updates_only_sport_and_distance_an_workout_wo_gpx(
+    def test_it_updates_only_sport_and_distance_a_workout_wo_gpx(
         self,
         app: Flask,
         user_1: User,
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index 101df6142..9b7574ca5 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -8,7 +8,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
-from .utils import get_random_short_id, post_an_workout
+from .utils import get_random_short_id, post_a_workout
 
 
 def get_gpx_filepath(workout_id: int) -> str:
@@ -17,10 +17,10 @@ def get_gpx_filepath(workout_id: int) -> str:
 
 
 class TestDeleteWorkoutWithGpx(ApiTestCaseMixin):
-    def test_it_deletes_an_workout_with_gpx(
+    def test_it_deletes_workout_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
 
         response = client.delete(
@@ -30,7 +30,7 @@ def test_it_deletes_an_workout_with_gpx(
 
         assert response.status_code == 204
 
-    def test_it_returns_403_when_deleting_an_workout_from_different_user(
+    def test_it_returns_403_when_deleting_workout_from_different_user(
         self,
         app: Flask,
         user_1: User,
@@ -38,7 +38,7 @@ def test_it_returns_403_when_deleting_an_workout_from_different_user(
         sport_1_cycling: Sport,
         gpx_file: str,
     ) -> None:
-        _, workout_short_id = post_an_workout(app, gpx_file)
+        _, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
@@ -54,9 +54,8 @@ def test_it_returns_403_when_deleting_an_workout_from_different_user(
             ),
         )
 
-        data = json.loads(response.data.decode())
-
         assert response.status_code == 403
+        data = json.loads(response.data.decode())
         assert 'error' in data['status']
         assert 'you do not have permissions' in data['message']
 
@@ -74,10 +73,10 @@ def test_it_returns_404_if_workout_does_not_exist(
         assert response.status_code == 404
         assert 'not found' in data['status']
 
-    def test_it_returns_500_when_deleting_an_workout_with_gpx_invalid_file(
+    def test_it_returns_500_when_deleting_a_workout_with_gpx_invalid_file(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
-        token, workout_short_id = post_an_workout(app, gpx_file)
+        token, workout_short_id = post_a_workout(app, gpx_file)
         client = app.test_client()
         gpx_filepath = get_gpx_filepath(1)
         gpx_filepath = get_absolute_file_path(gpx_filepath)
@@ -99,7 +98,7 @@ def test_it_returns_500_when_deleting_an_workout_with_gpx_invalid_file(
 
 
 class TestDeleteWorkoutWithoutGpx(ApiTestCaseMixin):
-    def test_it_deletes_an_workout_wo_gpx(
+    def test_it_deletes_a_workout_wo_gpx(
         self,
         app: Flask,
         user_1: User,
@@ -115,7 +114,7 @@ def test_it_deletes_an_workout_wo_gpx(
         )
         assert response.status_code == 204
 
-    def test_it_returns_403_when_deleting_an_workout_from_different_user(
+    def test_it_returns_404_when_deleting_workout_from_different_user(
         self,
         app: Flask,
         user_1: User,
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 6c7167af6..e68173a42 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -1,14 +1,37 @@
+from typing import List, Optional
 from uuid import UUID
 
+import pytest
 from flask import Flask
 
 from fittrackee import db
 from fittrackee.users.models import User
+from fittrackee.users.privacy_levels import PrivacyLevel
+from fittrackee.workouts.exceptions import WorkoutForbiddenException
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.short_id import decode_short_id
 
+from ..utils import random_string
+
+
+class WorkoutModelTestCase:
+    @staticmethod
+    def update_workout(
+        workout: Workout,
+        map_id: Optional[str] = None,
+        gpx_path: Optional[str] = None,
+        bounds: Optional[List[float]] = None,
+    ) -> Workout:
+        workout.map_id = random_string() if map_id is None else map_id
+        workout.map = None if map_id is None else random_string()
+        workout.gpx = random_string() if gpx_path is None else gpx_path
+        workout.bounds = [1.0, 2.0, 3.0, 4.0] if bounds is None else bounds
+        return workout
+
+
+class TestWorkoutModelForOwner(WorkoutModelTestCase):
+    user_status = 'owner'
 
-class TestWorkoutModel:
     def test_workout_model(
         self,
         app: Flask,
@@ -33,7 +56,7 @@ def test_workout_model(
             workout_cycling_user_1
         )
 
-        serialized_workout = workout_cycling_user_1.serialize()
+        serialized_workout = workout_cycling_user_1.serialize(self.user_status)
         assert isinstance(decode_short_id(serialized_workout['id']), UUID)
         assert 'test' == serialized_workout['user']
         assert 1 == serialized_workout['sport_id']
@@ -74,3 +97,414 @@ def test_workout_segment_model(
             f'for workout \'{workout_cycling_user_1.short_id}\'>'
             == str(workout_cycling_user_1_segment)
         )
+
+    def test_default_values_for_visibility_are_private(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        assert workout_cycling_user_1.map_visibility == PrivacyLevel.PRIVATE
+        assert (
+            workout_cycling_user_1.workout_visibility == PrivacyLevel.PRIVATE
+        )
+
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+        assert serialized_workout['map_visibility'] == 'private'
+        assert serialized_workout['workout_visibility'] == 'private'
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility,'
+        'expected_map_visibility',
+        [
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.PUBLIC,
+            ),
+            (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.PRIVATE,
+            ),
+        ],
+    )
+    def test_workout_visibility_overrides_map_visibility_when_stricter(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        expected_map_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+
+        assert (
+            workout_cycling_user_1.calculated_map_visibility
+            == expected_map_visibility
+        )
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+        assert (
+            serialized_workout['map_visibility']
+            == expected_map_visibility.value
+        )
+
+    def test_serializer_returns_map_related_data(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] == workout.map
+        assert serialized_workout['bounds'] == workout.bounds
+        assert serialized_workout['with_gpx'] is True
+
+    def test_serializer_returns_notes(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.notes = random_string()
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['notes'] == workout_cycling_user_1.notes
+
+    def test_serializer_returns_next_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert (
+            serialized_workout['next_workout']
+            == workout_running_user_1.short_id
+        )
+
+    def test_serializer_returns_previous_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        serialized_workout = workout_running_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert (
+            serialized_workout['previous_workout']
+            == workout_cycling_user_1.short_id
+        )
+
+
+class TestWorkoutModelAsFollower(WorkoutModelTestCase):
+    user_status = 'follower'
+
+    def test_it_raises_exception_when_workout_visibility_is_private(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PRIVATE
+
+        with pytest.raises(WorkoutForbiddenException):
+            workout_cycling_user_1.serialize(user_status=self.user_status)
+
+    def test_serializer_does_not_return_notes(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.notes = random_string()
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['notes'] is None
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.PUBLIC,
+            ),
+            (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_serializer_returns_map_related_data(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] == workout.map
+        assert serialized_workout['bounds'] == workout.bounds
+        assert serialized_workout['with_gpx'] is True
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_serializer_does_not_return_map_related_data(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] is None
+        assert serialized_workout['bounds'] == []
+        assert serialized_workout['with_gpx'] is False
+
+    def test_serializer_does_not_return_next_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['next_workout'] is None
+
+    def test_serializer_does_not_return_previous_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        workout_running_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        serialized_workout = workout_running_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['previous_workout'] is None
+
+
+class TestWorkoutModelAsOther(WorkoutModelTestCase):
+    user_status = 'other'
+
+    @pytest.mark.parametrize(
+        'input_desc, input_workout_visibility',
+        [
+            ('visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('visibility: private', PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_raises_exception_when_workout_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+
+        with pytest.raises(WorkoutForbiddenException):
+            workout_cycling_user_1.serialize(user_status=self.user_status)
+
+    def test_serializer_does_not_return_notes(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.notes = random_string()
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['notes'] is None
+
+    def test_serializer_returns_map_related_data_when_visibility_is_public(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.map_visibility = PrivacyLevel.PUBLIC
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] == workout.map
+        assert serialized_workout['bounds'] == workout.bounds
+        assert serialized_workout['with_gpx'] is True
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PUBLIC,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_serializer_does_not_return_map_related_data(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] is None
+        assert serialized_workout['bounds'] == []
+        assert serialized_workout['with_gpx'] is False
+
+    def test_serializer_does_not_return_next_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        serialized_workout = workout_cycling_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['next_workout'] is None
+
+    def test_serializer_does_not_return_previous_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        workout_running_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        serialized_workout = workout_running_user_1.serialize(
+            user_status=self.user_status
+        )
+
+        assert serialized_workout['previous_workout'] is None
diff --git a/fittrackee/tests/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
new file mode 100644
index 000000000..4789f0987
--- /dev/null
+++ b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
@@ -0,0 +1,343 @@
+import pytest
+from flask import Flask
+
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.users.privacy_levels import PrivacyLevel
+from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.utils.visibility import can_view_workout
+
+
+class TestCanViewWorkout:
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.PUBLIC.value}',
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_workout_owner_can_view_his_workout(
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_1, 'workout_visibility', user_1
+        ) == (True, 'owner')
+
+    def test_follower_can_not_view_workout_when_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PRIVATE
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (False, 'follower')
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.PUBLIC.value}',
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_follower_can_view_workout_when_public_or_follower_only(
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (True, 'follower')
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+        ],
+    )
+    def test_another_user_can_not_view_workout_when_private_or_follower_only(
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (False, 'other')
+
+    def test_another_user_can_view_workout_when_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (True, 'other')
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+        ],
+    )
+    def test_workout_can_not_viewed_when_no_user_and_private_or_follower_only_visibility(  # noqa
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility'
+        ) == (False, 'other')
+
+    def test_workout_can_be_viewed_when_public_and_no_user_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility'
+        ) == (True, 'other')
+
+
+class TestCanViewWorkoutMap:
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.PUBLIC.value}',
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_workout_owner_can_view_his_workout_map(
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.map_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_1, 'map_visibility', user_1
+        ) == (True, 'owner')
+
+    def test_follower_can_not_view_workout_map_when_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.map_visibility = PrivacyLevel.PRIVATE
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (False, 'follower')
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.PUBLIC.value}',
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_follower_can_view_workout_map_when_public_or_follower_only(
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.map_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (True, 'follower')
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+        ],
+    )
+    def test_another_user_can_not_view_workout_map_when_private_or_follower_only(  # noqa
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.map_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (False, 'other')
+
+    def test_another_user_can_view_workout_map_when_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.map_visibility = PrivacyLevel.PUBLIC
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (True, 'other')
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            (
+                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                PrivacyLevel.PRIVATE,
+            ),
+            (
+                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                PrivacyLevel.FOLLOWERS,
+            ),
+        ],
+    )
+    def test_map_can_not_viewed_when_no_user_and_private_or_follower_only_visibility(  # noqa
+        self,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.map_visibility = input_workout_visibility
+
+        assert can_view_workout(workout_cycling_user_2, 'map_visibility') == (
+            False,
+            'other',
+        )
+
+    def test_workout_can_be_viewed_when_public_and_no_user_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.map_visibility = PrivacyLevel.PUBLIC
+
+        assert can_view_workout(workout_cycling_user_2, 'map_visibility') == (
+            True,
+            'other',
+        )
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 7aaea2f60..43bc65a93 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -12,7 +12,7 @@ def get_random_short_id() -> str:
     return encode_uuid(uuid4())
 
 
-def post_an_workout(
+def post_a_workout(
     app: Flask, gpx_file: str, notes: Optional[str] = None
 ) -> Tuple[str, str]:
     client = app.test_client()
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index 2aa1cc4fc..f6b1988ce 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -7,3 +7,8 @@ class WorkoutException(GenericException):
 
 class WorkoutGPXException(GenericException):
     ...
+
+
+class WorkoutForbiddenException(GenericException):
+    def __init__(self) -> None:
+        super().__init__('error', 'you do not have permissions')
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index fd19c6d2f..a91fb16a0 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -13,7 +13,9 @@
 
 from fittrackee import BaseModel, db
 from fittrackee.files import get_absolute_file_path
+from fittrackee.users.privacy_levels import PrivacyLevel
 
+from .exceptions import WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
 from .utils.short_id import encode_uuid
 
@@ -155,6 +157,12 @@ class Workout(BaseModel):
     weather_start = db.Column(JSON, nullable=True)
     weather_end = db.Column(JSON, nullable=True)
     notes = db.Column(db.String(500), nullable=True)
+    workout_visibility = db.Column(
+        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+    )
+    map_visibility = db.Column(
+        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+    )
     segments = db.relationship(
         'WorkoutSegment',
         lazy=True,
@@ -189,96 +197,133 @@ def __init__(
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
 
-    def serialize(self, params: Optional[Dict] = None) -> Dict:
-        date_from = params.get('from') if params else None
-        date_to = params.get('to') if params else None
-        distance_from = params.get('distance_from') if params else None
-        distance_to = params.get('distance_to') if params else None
-        duration_from = params.get('duration_from') if params else None
-        duration_to = params.get('duration_to') if params else None
-        ave_speed_from = params.get('ave_speed_from') if params else None
-        ave_speed_to = params.get('ave_speed_to') if params else None
-        max_speed_from = params.get('max_speed_from') if params else None
-        max_speed_to = params.get('max_speed_to') if params else None
-        sport_id = params.get('sport_id') if params else None
-        previous_workout = (
-            Workout.query.filter(
-                Workout.id != self.id,
-                Workout.user_id == self.user_id,
-                Workout.sport_id == sport_id if sport_id else True,
-                Workout.workout_date <= self.workout_date,
-                Workout.workout_date
-                >= datetime.datetime.strptime(date_from, '%Y-%m-%d')
-                if date_from
-                else True,
-                Workout.workout_date
-                <= datetime.datetime.strptime(date_to, '%Y-%m-%d')
-                if date_to
-                else True,
-                Workout.distance >= float(distance_from)
-                if distance_from
-                else True,
-                Workout.distance <= float(distance_to)
-                if distance_to
-                else True,
-                Workout.duration >= convert_in_duration(duration_from)
-                if duration_from
-                else True,
-                Workout.duration <= convert_in_duration(duration_to)
-                if duration_to
-                else True,
-                Workout.ave_speed >= float(ave_speed_from)
-                if ave_speed_from
-                else True,
-                Workout.ave_speed <= float(ave_speed_to)
-                if ave_speed_to
-                else True,
-                Workout.max_speed >= float(max_speed_from)
-                if max_speed_from
-                else True,
-                Workout.max_speed <= float(max_speed_to)
-                if max_speed_to
-                else True,
+    @property
+    def calculated_map_visibility(self) -> PrivacyLevel:
+        # workout privacy overrides map privacy, when stricter
+        if self.workout_visibility == PrivacyLevel.PRIVATE or (
+            self.workout_visibility == PrivacyLevel.FOLLOWERS
+            and self.map_visibility == PrivacyLevel.PUBLIC
+        ):
+            return self.workout_visibility
+        return self.map_visibility
+
+    def _can_see_map_data(self, user_status: str) -> bool:
+        return (
+            user_status == 'owner'
+            or self.calculated_map_visibility == PrivacyLevel.PUBLIC
+            or (
+                self.calculated_map_visibility == PrivacyLevel.FOLLOWERS
+                and user_status == 'follower'
             )
-            .order_by(Workout.workout_date.desc())
-            .first()
         )
-        next_workout = (
-            Workout.query.filter(
-                Workout.id != self.id,
-                Workout.user_id == self.user_id,
-                Workout.sport_id == sport_id if sport_id else True,
-                Workout.workout_date >= self.workout_date,
-                Workout.workout_date
-                >= datetime.datetime.strptime(date_from, '%Y-%m-%d')
-                if date_from
-                else True,
-                Workout.workout_date
-                <= datetime.datetime.strptime(date_to, '%Y-%m-%d')
-                if date_to
-                else True,
-                Workout.distance >= float(distance_from)
-                if distance_from
-                else True,
-                Workout.distance <= float(distance_to)
-                if distance_to
-                else True,
-                Workout.duration >= convert_in_duration(duration_from)
-                if duration_from
-                else True,
-                Workout.duration <= convert_in_duration(duration_to)
-                if duration_to
-                else True,
-                Workout.ave_speed >= float(ave_speed_from)
-                if ave_speed_from
-                else True,
-                Workout.ave_speed <= float(ave_speed_to)
-                if ave_speed_to
-                else True,
+
+    def serialize(
+        self, user_status: str, params: Optional[Dict] = None
+    ) -> Dict:
+        if (
+            self.workout_visibility == PrivacyLevel.PRIVATE
+            and user_status != 'owner'
+        ) or (
+            self.workout_visibility != PrivacyLevel.PUBLIC
+            and user_status == 'other'
+        ):
+            raise WorkoutForbiddenException()
+        can_see_map_data = self._can_see_map_data(user_status)
+
+        if user_status == 'owner':
+            date_from = params.get('from') if params else None
+            date_to = params.get('to') if params else None
+            distance_from = params.get('distance_from') if params else None
+            distance_to = params.get('distance_to') if params else None
+            duration_from = params.get('duration_from') if params else None
+            duration_to = params.get('duration_to') if params else None
+            ave_speed_from = params.get('ave_speed_from') if params else None
+            ave_speed_to = params.get('ave_speed_to') if params else None
+            max_speed_from = params.get('max_speed_from') if params else None
+            max_speed_to = params.get('max_speed_to') if params else None
+            sport_id = params.get('sport_id') if params else None
+            previous_workout = (
+                Workout.query.filter(
+                    Workout.id != self.id,
+                    Workout.user_id == self.user_id,
+                    Workout.sport_id == sport_id if sport_id else True,
+                    Workout.workout_date <= self.workout_date,
+                    Workout.workout_date
+                    >= datetime.datetime.strptime(date_from, '%Y-%m-%d')
+                    if date_from
+                    else True,
+                    Workout.workout_date
+                    <= datetime.datetime.strptime(date_to, '%Y-%m-%d')
+                    if date_to
+                    else True,
+                    Workout.distance >= float(distance_from)
+                    if distance_from
+                    else True,
+                    Workout.distance <= float(distance_to)
+                    if distance_to
+                    else True,
+                    Workout.duration >= convert_in_duration(duration_from)
+                    if duration_from
+                    else True,
+                    Workout.duration <= convert_in_duration(duration_to)
+                    if duration_to
+                    else True,
+                    Workout.ave_speed >= float(ave_speed_from)
+                    if ave_speed_from
+                    else True,
+                    Workout.ave_speed <= float(ave_speed_to)
+                    if ave_speed_to
+                    else True,
+                    Workout.max_speed >= float(max_speed_from)
+                    if max_speed_from
+                    else True,
+                    Workout.max_speed <= float(max_speed_to)
+                    if max_speed_to
+                    else True,
+                )
+                .order_by(Workout.workout_date.desc())
+                .first()
             )
-            .order_by(Workout.workout_date.asc())
-            .first()
-        )
+            next_workout = (
+                Workout.query.filter(
+                    Workout.id != self.id,
+                    Workout.user_id == self.user_id,
+                    Workout.sport_id == sport_id if sport_id else True,
+                    Workout.workout_date >= self.workout_date,
+                    Workout.workout_date
+                    >= datetime.datetime.strptime(date_from, '%Y-%m-%d')
+                    if date_from
+                    else True,
+                    Workout.workout_date
+                    <= datetime.datetime.strptime(date_to, '%Y-%m-%d')
+                    if date_to
+                    else True,
+                    Workout.distance >= float(distance_from)
+                    if distance_from
+                    else True,
+                    Workout.distance <= float(distance_to)
+                    if distance_to
+                    else True,
+                    Workout.duration >= convert_in_duration(duration_from)
+                    if duration_from
+                    else True,
+                    Workout.duration <= convert_in_duration(duration_to)
+                    if duration_to
+                    else True,
+                    Workout.ave_speed >= float(ave_speed_from)
+                    if ave_speed_from
+                    else True,
+                    Workout.ave_speed <= float(ave_speed_to)
+                    if ave_speed_to
+                    else True,
+                )
+                .order_by(Workout.workout_date.asc())
+                .first()
+            )
+        else:
+            next_workout = None
+            previous_workout = None
+
         return {
             'id': self.short_id,  # WARNING: client use uuid as id
             'user': self.user.username,
@@ -297,20 +342,24 @@ def serialize(self, params: Optional[Dict] = None) -> Dict:
             'ascent': float(self.ascent) if self.ascent else None,
             'max_speed': float(self.max_speed) if self.max_speed else None,
             'ave_speed': float(self.ave_speed) if self.ave_speed else None,
-            'with_gpx': self.gpx is not None,
-            'bounds': [float(bound) for bound in self.bounds]
-            if self.bounds
-            else [],  # noqa
+            'with_gpx': self.gpx is not None and can_see_map_data,
+            'bounds': (
+                [float(bound) for bound in self.bounds]
+                if self.bounds and can_see_map_data
+                else []
+            ),
             'previous_workout': previous_workout.short_id
             if previous_workout
             else None,  # noqa
             'next_workout': next_workout.short_id if next_workout else None,
             'segments': [segment.serialize() for segment in self.segments],
             'records': [record.serialize() for record in self.records],
-            'map': self.map_id if self.map else None,
+            'map': self.map_id if self.map and can_see_map_data else None,
+            'map_visibility': self.calculated_map_visibility.value,
             'weather_start': self.weather_start,
             'weather_end': self.weather_end,
-            'notes': self.notes,
+            'workout_visibility': self.workout_visibility.value,
+            'notes': self.notes if user_status == 'owner' else None,
         }
 
     @classmethod
diff --git a/fittrackee/workouts/utils/visibility.py b/fittrackee/workouts/utils/visibility.py
index f4a2ff466..20c255941 100644
--- a/fittrackee/workouts/utils/visibility.py
+++ b/fittrackee/workouts/utils/visibility.py
@@ -1,14 +1,44 @@
-from typing import Optional
+from typing import Optional, Tuple
 
-from fittrackee.responses import ForbiddenErrorResponse, HttpResponse
+from fittrackee.users.models import User
+from fittrackee.users.privacy_levels import PrivacyLevel
+from fittrackee.workouts.models import Workout
 
 
 def can_view_workout(
-    auth_user_id: int, workout_user_id: int
-) -> Optional[HttpResponse]:
+    workout: Workout,
+    visibility: str,
+    user: Optional[User] = None,
+) -> Tuple[bool, str]:
     """
-    Return error response if user has no right to view workout
+    returns if user can view workout and status used by workout serializer
+
+    status:
+    - owner: provided user is workout owner
+    - follower: provided user follows workout owner
+    - other: other cases (user does not follow workout owner,
+      unauthenticated user (no user provided)
     """
-    if auth_user_id != workout_user_id:
-        return ForbiddenErrorResponse()
-    return None
+    status = 'other'
+    if user is not None:
+        status = (
+            'owner'
+            if workout.user_id == user.id
+            else 'follower'
+            if user in workout.user.followers
+            else 'other'
+        )
+    visibility = getattr(workout, visibility)
+    if (
+        visibility == PrivacyLevel.PUBLIC
+        or user is not None
+        and (
+            workout.user_id == user.id
+            or (
+                user in workout.user.followers
+                and visibility == PrivacyLevel.FOLLOWERS
+            )
+        )
+    ):
+        return True, status
+    return False, status
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index d747c1285..4dd6ef2c6 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -20,6 +20,7 @@
 from fittrackee.responses import (
     DataInvalidPayloadErrorResponse,
     DataNotFoundErrorResponse,
+    ForbiddenErrorResponse,
     HttpResponse,
     InternalServerErrorResponse,
     InvalidPayloadErrorResponse,
@@ -28,7 +29,10 @@
     get_error_response_if_file_is_invalid,
     handle_error_and_return_response,
 )
-from fittrackee.users.decorators import authenticate
+from fittrackee.users.decorators import (
+    authenticate,
+    get_auth_user_if_authenticated,
+)
 from fittrackee.users.models import User
 
 from .models import Workout
@@ -281,7 +285,9 @@ def get_workouts(auth_user: User) -> Union[Dict, HttpResponse]:
         return {
             'status': 'success',
             'data': {
-                'workouts': [workout.serialize(params) for workout in workouts]
+                'workouts': [
+                    workout.serialize('owner', params) for workout in workouts
+                ]
             },
             'pagination': {
                 'has_next': workouts_pagination.has_next,
@@ -298,9 +304,9 @@ def get_workouts(auth_user: User) -> Union[Dict, HttpResponse]:
 @workouts_blueprint.route(
     '/workouts/<string:workout_short_id>', methods=['GET']
 )
-@authenticate
+@get_auth_user_if_authenticated
 def get_workout(
-    auth_user: User, workout_short_id: str
+    auth_user: Optional[User], workout_short_id: str
 ) -> Union[Dict, HttpResponse]:
     """
     Get an workout
@@ -389,34 +395,40 @@ def get_workout(
     if not workout:
         return DataNotFoundErrorResponse('workouts')
 
-    error_response = can_view_workout(auth_user.id, workout.user_id)
-    if error_response:
-        return error_response
+    can_view, user_status = can_view_workout(
+        workout, 'workout_visibility', auth_user
+    )
+    if not can_view:
+        return DataNotFoundErrorResponse('workouts')
 
     return {
         'status': 'success',
-        'data': {'workouts': [workout.serialize()]},
+        'data': {'workouts': [workout.serialize(user_status)]},
     }
 
 
 def get_workout_data(
-    auth_user: User,
+    auth_user: Optional[User],
     workout_short_id: str,
     data_type: str,
     segment_id: Optional[int] = None,
 ) -> Union[Dict, HttpResponse]:
-    """Get data from an workout gpx file"""
+    """Get data from workout gpx file"""
+    not_found_response = DataNotFoundErrorResponse(
+        data_type=data_type,
+        message=f'workout not found (id: {workout_short_id})',
+    )
     workout_uuid = decode_short_id(workout_short_id)
     workout = Workout.query.filter_by(uuid=workout_uuid).first()
     if not workout:
-        return DataNotFoundErrorResponse(
-            data_type=data_type,
-            message=f'workout not found (id: {workout_short_id})',
-        )
+        return not_found_response
+
+    can_view, user_status = can_view_workout(
+        workout, 'map_visibility', auth_user
+    )
+    if not can_view:
+        return not_found_response
 
-    error_response = can_view_workout(auth_user.id, workout.user_id)
-    if error_response:
-        return error_response
     if not workout.gpx or workout.gpx == '':
         return NotFoundErrorResponse(
             f'no gpx file for this workout (id: {workout_short_id})'
@@ -462,9 +474,9 @@ def get_workout_data(
 @workouts_blueprint.route(
     '/workouts/<string:workout_short_id>/gpx', methods=['GET']
 )
-@authenticate
+@get_auth_user_if_authenticated
 def get_workout_gpx(
-    auth_user: User, workout_short_id: str
+    auth_user: Optional[User], workout_short_id: str
 ) -> Union[Dict, HttpResponse]:
     """
     Get gpx file for an workout displayed on map with Leaflet
@@ -512,12 +524,12 @@ def get_workout_gpx(
 @workouts_blueprint.route(
     '/workouts/<string:workout_short_id>/chart_data', methods=['GET']
 )
-@authenticate
+@get_auth_user_if_authenticated
 def get_workout_chart_data(
-    auth_user: User, workout_short_id: str
+    auth_user: Optional[User], workout_short_id: str
 ) -> Union[Dict, HttpResponse]:
     """
-    Get chart data from an workout gpx file, to display it with Recharts
+    Get chart data from workout gpx file
 
     **Example request**:
 
@@ -582,18 +594,18 @@ def get_workout_chart_data(
     '/workouts/<string:workout_short_id>/gpx/segment/<int:segment_id>',
     methods=['GET'],
 )
-@authenticate
+@get_auth_user_if_authenticated
 def get_segment_gpx(
-    auth_user: User, workout_short_id: str, segment_id: int
+    auth_user: Optional[User], workout_short_id: str, segment_id: int
 ) -> Union[Dict, HttpResponse]:
     """
-    Get gpx file for an workout segment displayed on map with Leaflet
+    Get gpx file for  workout segment displayed on map with Leaflet
 
     **Example request**:
 
     .. sourcecode:: http
 
-      GET /api/workouts/kjxavSTUrJvoAh2wvCeGEF/gpx/segment/0 HTTP/1.1
+      GET /api/workouts/kjxavSTUrJvoAh2wvCeGEF/gpx/segment/1 HTTP/1.1
       Content-Type: application/json
 
     **Example response**:
@@ -634,18 +646,18 @@ def get_segment_gpx(
     '<int:segment_id>',
     methods=['GET'],
 )
-@authenticate
+@get_auth_user_if_authenticated
 def get_segment_chart_data(
-    auth_user: User, workout_short_id: str, segment_id: int
+    auth_user: Optional[User], workout_short_id: str, segment_id: int
 ) -> Union[Dict, HttpResponse]:
     """
-    Get chart data from an workout gpx file, to display it with Recharts
+    Get chart data from workout gpx file
 
     **Example request**:
 
     .. sourcecode:: http
 
-      GET /api/workouts/kjxavSTUrJvoAh2wvCeGEF/chart/segment/0 HTTP/1.1
+      GET /api/workouts/kjxavSTUrJvoAh2wvCeGEF/chart/segment/1 HTTP/1.1
       Content-Type: application/json
 
     **Example response**:
@@ -996,7 +1008,8 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
                 'status': 'created',
                 'data': {
                     'workouts': [
-                        new_workout.serialize() for new_workout in new_workouts
+                        new_workout.serialize('owner')
+                        for new_workout in new_workouts
                     ]
                 },
             }
@@ -1147,7 +1160,7 @@ def post_workout_no_gpx(
         return (
             {
                 'status': 'created',
-                'data': {'workouts': [new_workout.serialize()]},
+                'data': {'workouts': [new_workout.serialize('owner')]},
             },
             201,
         )
@@ -1293,15 +1306,17 @@ def update_workout(
         if not workout:
             return DataNotFoundErrorResponse('workouts')
 
-        response_object = can_view_workout(auth_user.id, workout.user_id)
-        if response_object:
-            return response_object
+        can_view, _ = can_view_workout(
+            workout, 'workout_visibility', auth_user
+        )
+        if not can_view:
+            return ForbiddenErrorResponse()
 
         workout = edit_workout(workout, workout_data, auth_user)
         db.session.commit()
         return {
             'status': 'success',
-            'data': {'workouts': [workout.serialize()]},
+            'data': {'workouts': [workout.serialize('owner')]},
         }
 
     except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
@@ -1351,9 +1366,12 @@ def delete_workout(
         workout = Workout.query.filter_by(uuid=workout_uuid).first()
         if not workout:
             return DataNotFoundErrorResponse('workouts')
-        error_response = can_view_workout(auth_user.id, workout.user_id)
-        if error_response:
-            return error_response
+
+        can_view, _ = can_view_workout(
+            workout, 'workout_visibility', auth_user
+        )
+        if not can_view:
+            return ForbiddenErrorResponse()
 
         db.session.delete(workout)
         db.session.commit()

From 5af40fd555534ad3c6d3d0effb4516e57fbc8fdc Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 2 Feb 2022 10:53:46 +0100
Subject: [PATCH 108/238] API - add workouts with privacy levels

---
 .../workouts/test_workouts_api_1_post.py      | 514 +++++++++++++++++-
 fittrackee/workouts/utils/workouts.py         |   7 +
 2 files changed, 495 insertions(+), 26 deletions(-)

diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 60fa20d4c..3847a79ca 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -10,6 +10,7 @@
 from flask import Flask
 
 from fittrackee.users.models import User
+from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.short_id import decode_short_id
 
@@ -207,7 +208,7 @@ def assert_workout_data_wo_gpx(data: Dict) -> None:
 
 
 class TestPostWorkoutWithGpx(ApiTestCaseMixin, CallArgsMixin):
-    def test_it_adds_a_workout_with_gpx_file(
+    def test_it_adds_a_workout(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -233,7 +234,7 @@ def test_it_adds_a_workout_with_gpx_file(
         assert 'just a workout' == data['data']['workouts'][0]['title']
         assert_workout_data_with_gpx(data)
 
-    def test_it_adds_a_workout_with_gpx_without_name(
+    def test_it_adds_a_workout_without_name(
         self,
         app: Flask,
         user_1: User,
@@ -266,7 +267,7 @@ def test_it_adds_a_workout_with_gpx_without_name(
         )
         assert_workout_data_with_gpx(data)
 
-    def test_it_adds_a_workout_with_gpx_without_name_timezone(
+    def test_it_adds_a_workout_when_user_has_specified_timezone(
         self,
         app: Flask,
         user_1: User,
@@ -308,7 +309,7 @@ def test_it_adds_a_workout_with_gpx_without_name_timezone(
             ('notes with special characters', 'test \nworkout'),
         ],
     )
-    def test_it_adds_a_workout_with_gpx_notes(
+    def test_it_adds_a_workout_with_notes(
         self,
         input_description: str,
         input_notes: str,
@@ -339,6 +340,158 @@ def test_it_adds_a_workout_with_gpx_notes(
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0]['notes'] == input_notes
 
+    @pytest.mark.parametrize(
+        'input_desc,input_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_workout_is_created_with_user_privacy_parameters_when_no_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_desc: str,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.map_visibility = input_visibility
+        user_1.workouts_visibility = input_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data='{"sport_id": 1}',
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == user_1.map_visibility.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == user_1.workouts_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_workout_is_created_with_provided_privacy_parameters(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{input_map_visibility.value}", '
+                    f'"workout_visibility": '
+                    f'"{input_workout_visibility.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == input_map_visibility.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_workout_is_created_with_valid_privacy_parameters_when_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        """
+        when workout visibility is stricter, map visibility is initialised
+        with workout visibility value
+        """
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{input_map_visibility.value}", '
+                    f'"workout_visibility": '
+                    f'"{input_workout_visibility.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == input_workout_visibility.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_visibility.value
+        )
+
     def test_it_calls_configured_tile_server_for_static_map(
         self,
         app: Flask,
@@ -556,7 +709,7 @@ def test_returns_400_if_no_gpx_file_is_provided(
         assert data['status'] == 'fail'
         assert data['message'] == 'no file part'
 
-    def test_it_returns_error_if_file_size_exceeds_limit(
+    def test_it_returns_error_when_file_size_exceeds_limit(
         self,
         app_with_max_file_size: Flask,
         user_1: User,
@@ -715,17 +868,169 @@ def test_it_adds_workout_with_zero_value(
         assert len(data['data']['workouts'][0]['segments']) == 0
         assert len(data['data']['workouts'][0]['records']) == 0
 
+    @pytest.mark.parametrize(
+        'input_desc,input_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_workout_is_created_with_user_privacy_parameters_when_no_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_desc: str,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.map_visibility = input_visibility
+        user_1.workouts_visibility = input_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == user_1.map_visibility.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == user_1.workouts_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_workout_is_created_with_provided_privacy_parameters(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                    map_visibility=input_map_visibility.value,
+                    workout_visibility=input_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == input_map_visibility.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_workout_is_created_with_valid_privacy_parameters_when_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        """
+        when workout visibility is stricter, map visibility is initialised
+        with workout visibility value
+        """
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                    map_visibility=input_map_visibility.value,
+                    workout_visibility=input_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == input_workout_visibility.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_visibility.value
+        )
+
 
 class TestPostWorkoutWithZipArchive(ApiTestCaseMixin):
     def test_it_adds_workouts_with_zip_archive(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
-        file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
         # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(
-                app, user_1.email
-            )
 
             response = client.post(
                 '/api/workouts',
@@ -748,15 +1053,15 @@ def test_it_adds_workouts_with_zip_archive(
     def test_it_returns_400_if_folder_is_present_in_zip_archive(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
+        # 'gpx_test_folder.zip' contains 3 gpx files (same data) and 1 non-gpx
+        # file in a folder
         file_path = os.path.join(
             app.root_path, 'tests/files/gpx_test_folder.zip'
         )
-        # 'gpx_test_folder.zip' contains 3 gpx files (same data) and 1 non-gpx
-        # file in a folder
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(
-                app, user_1.email
-            )
 
             response = client.post(
                 '/api/workouts',
@@ -778,14 +1083,14 @@ def test_it_returns_400_if_folder_is_present_in_zip_archive(
     def test_it_returns_500_if_one_file_in_zip_archive_is_invalid(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
     ) -> None:
+        # 'gpx_test_incorrect.zip' contains 2 gpx files, one is incorrect
         file_path = os.path.join(
             app.root_path, 'tests/files/gpx_test_incorrect.zip'
         )
-        # 'gpx_test_incorrect.zip' contains 2 gpx files, one is incorrect
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(
-                app, user_1.email
-            )
 
             response = client.post(
                 '/api/workouts',
@@ -811,14 +1116,14 @@ def test_it_imports_only_max_number_of_files(
         user_1: User,
         sport_1_cycling: Sport,
     ) -> None:
+        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
         file_path = os.path.join(
             app_with_max_workouts.root_path, 'tests/files/gpx_test.zip'
         )
-        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_max_workouts, user_1.email
+        )
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(
-                app_with_max_workouts, user_1.email
-            )
 
             client.post(
                 '/api/workouts',
@@ -845,14 +1150,14 @@ def test_it_returns_error_if_archive_size_exceeds_limit(
         user_1: User,
         sport_1_cycling: Sport,
     ) -> None:
+        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
         file_path = os.path.join(
             app_with_max_zip_file_size.root_path, 'tests/files/gpx_test.zip'
         )
-        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_max_zip_file_size, user_1.email
+        )
         with open(file_path, 'rb') as zip_file:
-            client, auth_token = self.get_test_client_and_auth_token(
-                app_with_max_zip_file_size, user_1.email
-            )
 
             response = client.post(
                 '/api/workouts',
@@ -874,6 +1179,163 @@ def test_it_returns_error_if_archive_size_exceeds_limit(
             )
             assert 'data' not in data
 
+    @pytest.mark.parametrize(
+        'input_desc,input_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_workouts_are_created_with_user_privacy_parameters_when_no_provided(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        input_desc: str,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
+        user_1.map_visibility = input_visibility
+        user_1.workouts_visibility = input_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        with open(file_path, 'rb') as zip_file:
+            response = client.post(
+                '/api/workouts',
+                data=dict(
+                    file=(zip_file, 'gpx_test.zip'), data='{"sport_id": 1}'
+                ),
+                headers=dict(
+                    content_type='multipart/form-data',
+                    Authorization=f'Bearer {auth_token}',
+                ),
+            )
+
+            assert response.status_code == 201
+            data = json.loads(response.data.decode())
+            assert 'created' in data['status']
+            assert len(data['data']['workouts']) == 3
+            for n in range(3):
+                assert (
+                    data['data']['workouts'][n]['map_visibility']
+                    == user_1.map_visibility.value
+                )
+                assert (
+                    data['data']['workouts'][n]['workout_visibility']
+                    == user_1.workouts_visibility.value
+                )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_workouts_are_created_with_provided_privacy_parameters(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        with open(file_path, 'rb') as zip_file:
+            response = client.post(
+                '/api/workouts',
+                data=dict(
+                    file=(zip_file, 'gpx_test.zip'),
+                    data=(
+                        f'{{"sport_id": 1, "map_visibility": '
+                        f'"{input_map_visibility.value}", '
+                        f'"workout_visibility": '
+                        f'"{input_workout_visibility.value}"}}'
+                    ),
+                ),
+                headers=dict(
+                    content_type='multipart/form-data',
+                    Authorization=f'Bearer {auth_token}',
+                ),
+            )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 3
+        for n in range(3):
+            assert (
+                data['data']['workouts'][n]['map_visibility']
+                == input_map_visibility.value
+            )
+            assert (
+                data['data']['workouts'][n]['workout_visibility']
+                == input_workout_visibility.value
+            )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_workouts_are_created_with_valid_privacy_parameters_when_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        """
+        when workout visibility is stricter, map visibility is initialised
+        with workout visibility value
+        """
+        file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        with open(file_path, 'rb') as zip_file:
+            response = client.post(
+                '/api/workouts',
+                data=dict(
+                    file=(zip_file, 'gpx_test.zip'),
+                    data=(
+                        f'{{"sport_id": 1, "map_visibility": '
+                        f'"{input_map_visibility.value}", '
+                        f'"workout_visibility": '
+                        f'"{input_workout_visibility.value}"}}'
+                    ),
+                ),
+                headers=dict(
+                    content_type='multipart/form-data',
+                    Authorization=f'Bearer {auth_token}',
+                ),
+            )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert 'created' in data['status']
+        assert len(data['data']['workouts']) == 3
+        for n in range(3):
+            assert (
+                data['data']['workouts'][n]['map_visibility']
+                == input_workout_visibility.value
+            )
+            assert (
+                data['data']['workouts'][n]['workout_visibility']
+                == input_workout_visibility.value
+            )
+
 
 class TestPostAndGetWorkoutWithGpx(ApiTestCaseMixin):
     def workout_assertion(
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index e9159423f..0e1b5326f 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -15,6 +15,7 @@
 from fittrackee import db
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.models import User, UserSportPreference
+from fittrackee.users.privacy_levels import PrivacyLevel
 
 from ..exceptions import WorkoutException
 from ..models import Sport, Workout, WorkoutSegment
@@ -117,6 +118,12 @@ def create_workout(
         duration=duration,
     )
     new_workout.notes = workout_data.get('notes')
+    new_workout.map_visibility = PrivacyLevel(
+        workout_data.get('map_visibility', user.map_visibility.value)
+    )
+    new_workout.workout_visibility = PrivacyLevel(
+        workout_data.get('workout_visibility', user.workouts_visibility.value)
+    )
 
     if title is not None and title != '':
         new_workout.title = title

From 7229123459515da061c538dc2f5b84a53f36e7fd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 19:49:06 +0100
Subject: [PATCH 109/238] API - update workout visibility

---
 fittrackee/tests/users/test_auth_api.py       |  43 ++++
 .../workouts/test_workouts_api_2_patch.py     | 204 ++++++++++++++++++
 fittrackee/users/auth.py                      |   6 +-
 fittrackee/users/privacy_levels.py            |  12 ++
 fittrackee/workouts/models.py                 |  10 +-
 fittrackee/workouts/utils/workouts.py         |  21 +-
 6 files changed, 282 insertions(+), 14 deletions(-)

diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index c98a9616b..759a93c6c 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -8,6 +8,7 @@
 from freezegun import freeze_time
 
 from fittrackee.users.models import User, UserSportPreference
+from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout
 
@@ -754,6 +755,48 @@ def test_it_updates_user_preferences(
         assert data['data']['map_visibility'] == 'followers_only'
         assert data['data']['workouts_visibility'] == 'public'
 
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_updates_user_preferences_with_valid_map_visibility(
+        self,
+        app: Flask,
+        user_1: User,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/auth/profile/edit/preferences',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    timezone='America/New_York',
+                    weekm=True,
+                    language='fr',
+                    imperial_units=True,
+                    map_visibility=input_map_visibility.value,
+                    workouts_visibility=input_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['data']['map_visibility'] == input_workout_visibility.value
+        assert (
+            data['data']['workouts_visibility']
+            == input_workout_visibility.value
+        )
+
     def test_it_returns_error_if_fields_are_missing(
         self, app: Flask, user_1: User
     ) -> None:
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index ca60749ad..e8083f852 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -6,6 +6,7 @@
 from flask import Flask
 
 from fittrackee.users.models import User
+from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
@@ -636,3 +637,206 @@ def test_it_returns_404_if_edited_workout_does_not_exist(
         assert response.status_code == 404
         assert 'not found' in data['status']
         assert len(data['data']['workouts']) == 0
+
+
+class TestUpdateVisibility(ApiTestCaseMixin):
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_updates_workout_visibility_for_workout_without_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(workout_visibility=input_workout_visibility.value)
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_description,input_map_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_does_not_update_map_visibility_for_workout_without_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_description: str,
+        input_map_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(dict(map_visibility=input_map_visibility.value)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == workout_cycling_user_1.map_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_description,input_workout_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_updates_workout_visibility_for_workout_with_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_description: str,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.gpx = 'file.gpx'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(workout_visibility=input_workout_visibility.value)
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_description,input_map_visibility',
+        [
+            ('private', PrivacyLevel.PRIVATE),
+            ('followers_only', PrivacyLevel.FOLLOWERS),
+            ('public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_updates_map_visibility_for_workout_with_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_description: str,
+        input_map_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_map_visibility
+        workout_cycling_user_1.gpx = 'file.gpx'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(dict(map_visibility=input_map_visibility.value)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == input_map_visibility.value
+        )
+        assert (
+            workout_cycling_user_1.map_visibility.value
+            == input_map_visibility.value
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+        ],
+    )
+    def test_it_updates_valid_map_visibility_for_workout_with_gpx(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.gpx = 'file.gpx'
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(dict(map_visibility=input_map_visibility.value)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == input_workout_visibility.value
+        )
+        assert (
+            workout_cycling_user_1.map_visibility.value
+            == input_workout_visibility.value
+        )
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 596a6dc16..fd4fc15f0 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -27,7 +27,7 @@
 
 from .decorators import authenticate
 from .models import User, UserSportPreference
-from .privacy_levels import PrivacyLevel
+from .privacy_levels import PrivacyLevel, get_map_visibility
 from .utils.controls import check_passwords, register_controls
 from .utils.token import decode_user_token
 
@@ -705,8 +705,10 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
         auth_user.language = language
         auth_user.timezone = timezone
         auth_user.weekm = weekm
-        auth_user.map_visibility = PrivacyLevel(map_visibility)
         auth_user.workouts_visibility = PrivacyLevel(workouts_visibility)
+        auth_user.map_visibility = get_map_visibility(
+            PrivacyLevel(map_visibility), auth_user.workouts_visibility
+        )
         db.session.commit()
 
         return {
diff --git a/fittrackee/users/privacy_levels.py b/fittrackee/users/privacy_levels.py
index 744c866c3..094d86b52 100644
--- a/fittrackee/users/privacy_levels.py
+++ b/fittrackee/users/privacy_levels.py
@@ -5,3 +5,15 @@ class PrivacyLevel(Enum):
     PUBLIC = 'public'
     FOLLOWERS = 'followers_only'
     PRIVATE = 'private'
+
+
+def get_map_visibility(
+    map_visibility: PrivacyLevel, workout_visibility: PrivacyLevel
+) -> PrivacyLevel:
+    # workout privacy overrides map privacy, when stricter
+    if workout_visibility == PrivacyLevel.PRIVATE or (
+        workout_visibility == PrivacyLevel.FOLLOWERS
+        and map_visibility == PrivacyLevel.PUBLIC
+    ):
+        return workout_visibility
+    return map_visibility
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index a91fb16a0..bf3a90715 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -13,7 +13,7 @@
 
 from fittrackee import BaseModel, db
 from fittrackee.files import get_absolute_file_path
-from fittrackee.users.privacy_levels import PrivacyLevel
+from fittrackee.users.privacy_levels import PrivacyLevel, get_map_visibility
 
 from .exceptions import WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
@@ -199,13 +199,7 @@ def short_id(self) -> str:
 
     @property
     def calculated_map_visibility(self) -> PrivacyLevel:
-        # workout privacy overrides map privacy, when stricter
-        if self.workout_visibility == PrivacyLevel.PRIVATE or (
-            self.workout_visibility == PrivacyLevel.FOLLOWERS
-            and self.map_visibility == PrivacyLevel.PUBLIC
-        ):
-            return self.workout_visibility
-        return self.map_visibility
+        return get_map_visibility(self.map_visibility, self.workout_visibility)
 
     def _can_see_map_data(self, user_status: str) -> bool:
         return (
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index 0e1b5326f..0bae2b9fd 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -15,7 +15,7 @@
 from fittrackee import db
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.models import User, UserSportPreference
-from fittrackee.users.privacy_levels import PrivacyLevel
+from fittrackee.users.privacy_levels import PrivacyLevel, get_map_visibility
 
 from ..exceptions import WorkoutException
 from ..models import Sport, Workout, WorkoutSegment
@@ -118,12 +118,15 @@ def create_workout(
         duration=duration,
     )
     new_workout.notes = workout_data.get('notes')
-    new_workout.map_visibility = PrivacyLevel(
-        workout_data.get('map_visibility', user.map_visibility.value)
-    )
     new_workout.workout_visibility = PrivacyLevel(
         workout_data.get('workout_visibility', user.workouts_visibility.value)
     )
+    new_workout.map_visibility = get_map_visibility(
+        PrivacyLevel(
+            workout_data.get('map_visibility', user.map_visibility.value)
+        ),
+        new_workout.workout_visibility,
+    )
 
     if title is not None and title != '':
         new_workout.title = title
@@ -207,6 +210,10 @@ def edit_workout(
         workout.title = workout_data.get('title')
     if workout_data.get('notes') is not None:
         workout.notes = workout_data.get('notes')
+    if workout_data.get('workout_visibility') is not None:
+        workout.workout_visibility = PrivacyLevel(
+            workout_data.get('workout_visibility')
+        )
     if not workout.gpx:
         if workout_data.get('workout_date'):
             workout_date = datetime.strptime(
@@ -229,6 +236,12 @@ def edit_workout(
             else float(workout.distance) / (workout.duration.seconds / 3600)
         )
         workout.max_speed = workout.ave_speed
+    else:
+        if workout_data.get('map_visibility') is not None:
+            map_visibility = PrivacyLevel(workout_data.get('map_visibility'))
+            workout.map_visibility = get_map_visibility(
+                map_visibility, workout.workout_visibility
+            )
     return workout
 
 

From dfab3edd46c47ddcc43c14088ff47f964013a1a5 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 19:54:53 +0100
Subject: [PATCH 110/238] API - minor refacto

---
 fittrackee/{users => }/privacy_levels.py                     | 0
 fittrackee/tests/users/test_auth_api.py                      | 2 +-
 fittrackee/tests/workouts/test_workouts_api_0_get_workout.py | 2 +-
 fittrackee/tests/workouts/test_workouts_api_1_post.py        | 2 +-
 fittrackee/tests/workouts/test_workouts_api_2_patch.py       | 2 +-
 fittrackee/tests/workouts/test_workouts_model.py             | 2 +-
 fittrackee/tests/workouts/test_workouts_utils_visibility.py  | 2 +-
 fittrackee/users/auth.py                                     | 2 +-
 fittrackee/users/models.py                                   | 2 +-
 fittrackee/workouts/models.py                                | 2 +-
 fittrackee/workouts/utils/visibility.py                      | 2 +-
 fittrackee/workouts/utils/workouts.py                        | 2 +-
 12 files changed, 11 insertions(+), 11 deletions(-)
 rename fittrackee/{users => }/privacy_levels.py (100%)

diff --git a/fittrackee/users/privacy_levels.py b/fittrackee/privacy_levels.py
similarity index 100%
rename from fittrackee/users/privacy_levels.py
rename to fittrackee/privacy_levels.py
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 759a93c6c..d8c14732e 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -7,8 +7,8 @@
 from flask import Flask
 from freezegun import freeze_time
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User, UserSportPreference
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout
 
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index 5fc2c466a..1313a2e9a 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -5,8 +5,8 @@
 import pytest
 from flask import Flask
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
 
 from ..test_case_mixins import ApiTestCaseMixin
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 3847a79ca..f27073d65 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -9,8 +9,8 @@
 import pytest
 from flask import Flask
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.short_id import decode_short_id
 
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index e8083f852..3c2232fd9 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -5,8 +5,8 @@
 import pytest
 from flask import Flask
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index e68173a42..e60219a82 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -5,8 +5,8 @@
 from flask import Flask
 
 from fittrackee import db
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.exceptions import WorkoutForbiddenException
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.short_id import decode_short_id
diff --git a/fittrackee/tests/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
index 4789f0987..d12a7a4c8 100644
--- a/fittrackee/tests/workouts/test_workouts_utils_visibility.py
+++ b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
@@ -1,8 +1,8 @@
 import pytest
 from flask import Flask
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.visibility import can_view_workout
 
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index fd4fc15f0..c3c9da68f 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -12,6 +12,7 @@
 from fittrackee import appLog, bcrypt, db
 from fittrackee.emails.tasks import reset_password_email
 from fittrackee.files import get_absolute_file_path
+from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 from fittrackee.responses import (
     ForbiddenErrorResponse,
     HttpResponse,
@@ -27,7 +28,6 @@
 
 from .decorators import authenticate
 from .models import User, UserSportPreference
-from .privacy_levels import PrivacyLevel, get_map_visibility
 from .utils.controls import check_passwords, register_controls
 from .utils.token import decode_user_token
 
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 86ae81353..a47c293b6 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -14,6 +14,7 @@
 from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Workout
 
 from .exceptions import (
@@ -21,7 +22,6 @@
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
-from .privacy_levels import PrivacyLevel
 from .roles import UserRole
 from .utils.token import decode_user_token, get_user_token
 
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index bf3a90715..5d6b0a222 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -13,7 +13,7 @@
 
 from fittrackee import BaseModel, db
 from fittrackee.files import get_absolute_file_path
-from fittrackee.users.privacy_levels import PrivacyLevel, get_map_visibility
+from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 
 from .exceptions import WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
diff --git a/fittrackee/workouts/utils/visibility.py b/fittrackee/workouts/utils/visibility.py
index 20c255941..b7d18bfd7 100644
--- a/fittrackee/workouts/utils/visibility.py
+++ b/fittrackee/workouts/utils/visibility.py
@@ -1,7 +1,7 @@
 from typing import Optional, Tuple
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
-from fittrackee.users.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Workout
 
 
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index 0bae2b9fd..1c778836d 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -14,8 +14,8 @@
 
 from fittrackee import db
 from fittrackee.files import get_absolute_file_path
+from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 from fittrackee.users.models import User, UserSportPreference
-from fittrackee.users.privacy_levels import PrivacyLevel, get_map_visibility
 
 from ..exceptions import WorkoutException
 from ..models import Sport, Workout, WorkoutSegment

From 4fc6b0b2d1e02a365e3b4fe6e18543c93e721e8a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 2 Feb 2022 18:06:03 +0100
Subject: [PATCH 111/238] Client - add visibility on workout (WIP)

---
 .../User/ProfileDisplay/UserPreferences.vue   |  8 +-
 .../ProfileEdition/UserPreferencesEdition.vue | 40 +++++----
 .../WorkoutDetail/WorkoutVisibility.vue       | 81 +++++++++++++++++++
 .../Workout/WorkoutDetail/index.vue           | 33 +++++---
 .../src/components/Workout/WorkoutEdition.vue | 58 +++++++++++++
 fittrackee_client/src/locales/en/en.ts        |  2 +
 fittrackee_client/src/locales/en/privacy.json | 11 +++
 fittrackee_client/src/locales/en/user.json    |  9 ---
 .../src/locales/en/workouts.json              |  1 +
 fittrackee_client/src/locales/fr/fr.ts        |  2 +
 fittrackee_client/src/locales/fr/privacy.json | 11 +++
 fittrackee_client/src/locales/fr/user.json    |  9 ---
 .../src/locales/fr/workouts.json              |  1 +
 fittrackee_client/src/scss/colors.scss        |  1 +
 .../src/store/modules/workouts/actions.ts     |  4 +-
 fittrackee_client/src/types/workouts.ts       |  7 ++
 fittrackee_client/src/utils/privacy.ts        | 35 ++++++++
 .../tests/unit/utils/privacy.spec.ts          | 45 +++++++++++
 18 files changed, 310 insertions(+), 48 deletions(-)
 create mode 100644 fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
 create mode 100644 fittrackee_client/src/locales/en/privacy.json
 create mode 100644 fittrackee_client/src/locales/fr/privacy.json
 create mode 100644 fittrackee_client/src/utils/privacy.ts
 create mode 100644 fittrackee_client/tests/unit/utils/privacy.spec.ts

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
index 1adcd2af6..db56e9be0 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
@@ -15,10 +15,10 @@
           )
         }}
       </dd>
-      <dt>{{ $t('user.PRIVACY.WORKOUTS_VISIBILITY') }}:</dt>
-      <dd>{{ $t(`user.PRIVACY.LEVELS.${user.workouts_visibility}`) }}</dd>
-      <dt>{{ $t('user.PRIVACY.MAP_VISIBILITY') }}:</dt>
-      <dd>{{ $t(`user.PRIVACY.LEVELS.${user.map_visibility}`) }}</dd>
+      <dt>{{ $t('privacy.WORKOUTS_VISIBILITY') }}:</dt>
+      <dd>{{ $t(`privacy.LEVELS.${user.workouts_visibility}`) }}</dd>
+      <dt>{{ $t('privacy.MAP_VISIBILITY') }}:</dt>
+      <dd>{{ $t(`privacy.LEVELS.${user.map_visibility}`) }}</dd>
     </dl>
     <div class="profile-buttons">
       <button @click="$router.push('/profile/edit/preferences')">
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
index a4a2b8408..2f432a2b0 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
@@ -52,26 +52,31 @@
           </select>
         </label>
         <label class="form-items">
-          {{ $t('user.PRIVACY.WORKOUTS_VISIBILITY') }}
+          {{ $t('privacy.WORKOUTS_VISIBILITY') }}
           <select
             id="workouts_visibility"
             v-model="userForm.workouts_visibility"
             :disabled="loading"
+            @change="updateMapVisibility"
           >
             <option v-for="level in privacyLevels" :value="level" :key="level">
-              {{ $t(`user.PRIVACY.LEVELS.${level}`) }}
+              {{ $t(`privacy.LEVELS.${level}`) }}
             </option>
           </select>
         </label>
         <label class="form-items">
-          {{ $t('user.PRIVACY.MAP_VISIBILITY') }}
+          {{ $t('privacy.MAP_VISIBILITY') }}
           <select
             id="map_visibility"
             v-model="userForm.map_visibility"
             :disabled="loading"
           >
-            <option v-for="level in privacyLevels" :value="level" :key="level">
-              {{ $t(`user.PRIVACY.LEVELS.${level}`) }}
+            <option
+              v-for="level in mapPrivacyLevels"
+              :value="level"
+              :key="level"
+            >
+              {{ $t(`privacy.LEVELS.${level}`) }}
             </option>
           </select>
         </label>
@@ -96,13 +101,14 @@
 
   import TimezoneDropdown from '@/components/User/ProfileEdition/TimezoneDropdown.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
-  import {
-    IUserPreferencesPayload,
-    TPrivacyLevels,
-    IAuthUserProfile,
-  } from '@/types/user'
+  import { IUserPreferencesPayload, IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { availableLanguages } from '@/utils/locales'
+  import {
+    privacyLevels,
+    getUpdatedMapVisibility,
+    getMapVisibilityLevels,
+  } from '@/utils/privacy'
 
   interface Props {
     user: IAuthUserProfile
@@ -139,17 +145,15 @@
       value: false,
     },
   ]
-  const privacyLevels: TPrivacyLevels[] = [
-    'private',
-    'followers_only',
-    'public',
-  ]
   const loading = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.USER_LOADING]
   )
   const errorMessages: ComputedRef<string | string[] | null> = computed(
     () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
   )
+  const mapPrivacyLevels = computed(() =>
+    getMapVisibilityLevels(userForm.workouts_visibility)
+  )
 
   onMounted(() => {
     if (props.user) {
@@ -175,4 +179,10 @@
   function updateTZ(value: string) {
     userForm.timezone = value
   }
+  function updateMapVisibility() {
+    userForm.map_visibility = getUpdatedMapVisibility(
+      userForm.map_visibility,
+      userForm.workouts_visibility
+    )
+  }
 </script>
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
new file mode 100644
index 000000000..00a6f54ca
--- /dev/null
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
@@ -0,0 +1,81 @@
+<template>
+  <div class="workout-visibility-levels">
+    {{ $t('privacy.VISIBILITY') }}:
+    <div class="visibility">
+      <span v-if="workoutObject.with_gpx" class="workout-visibility">
+        {{ $t('workouts.WORKOUT') }}
+      </span>
+      <i
+        :class="`fa fa-${getPrivacyIcon(workoutObject.workoutVisibility)}`"
+        aria-hidden="true"
+        :title="$t(`privacy.LEVELS.${workoutObject.workoutVisibility}`)"
+      />
+      <span class="visibility-label">
+        ({{ $t(`privacy.LEVELS.${workoutObject.workoutVisibility}`) }})
+      </span>
+      <span v-if="workoutObject.with_gpx">-</span>
+    </div>
+    <div class="visibility" v-if="workoutObject.with_gpx">
+      {{ $t('workouts.MAP') }}
+      <i
+        :class="`fa fa-${getPrivacyIcon(workoutObject.mapVisibility)}`"
+        aria-hidden="true"
+        :title="$t(`privacy.LEVELS.${workoutObject.mapVisibility}`)"
+      />
+      <span class="visibility-label">
+        ({{ $t(`privacy.LEVELS.${workoutObject.mapVisibility}`) }})
+      </span>
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { toRefs } from 'vue'
+
+  import { TPrivacyLevels } from '@/types/user'
+  import { IWorkoutObject } from '@/types/workouts'
+
+  interface Props {
+    workoutObject: IWorkoutObject
+  }
+  const props = defineProps<Props>()
+  const { workoutObject } = toRefs(props)
+
+  function getPrivacyIcon(privacyLevel: TPrivacyLevels): string {
+    switch (privacyLevel) {
+      case 'public':
+        return 'globe'
+      case 'followers_only':
+        return 'users'
+      default:
+      case 'private':
+        return 'lock'
+    }
+  }
+</script>
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+
+  .workout-visibility-levels {
+    display: flex;
+    align-items: center;
+    font-size: 0.9em;
+    font-style: italic;
+
+    .visibility {
+      padding-left: $default-padding * 0.5;
+      .workout-visibility {
+        padding-right: $default-padding * 0.5;
+      }
+      .visibility-label {
+        color: var(--text-visibilty);
+        text-transform: lowercase;
+      }
+      @media screen and (max-width: $x-small-limit) {
+        .visibility-label {
+          display: none;
+        }
+      }
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index 1034cbdcf..b967cddc5 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -16,14 +16,17 @@
         />
       </template>
       <template #content>
-        <WorkoutMap
-          :workoutData="workoutData"
-          :markerCoordinates="markerCoordinates"
-        />
-        <WorkoutData
-          :workoutObject="workoutObject"
-          :useImperialUnits="authUser.imperial_units"
-        />
+        <div class="workout-map-data">
+          <WorkoutMap
+            :workoutData="workoutData"
+            :markerCoordinates="markerCoordinates"
+          />
+          <WorkoutData
+            :workoutObject="workoutObject"
+            :useImperialUnits="authUser.imperial_units"
+          />
+        </div>
+        <WorkoutVisibility :workoutObject="workoutObject" />
       </template>
     </Card>
   </div>
@@ -44,6 +47,7 @@
   import WorkoutCardTitle from '@/components/Workout/WorkoutDetail/WorkoutCardTitle.vue'
   import WorkoutData from '@/components/Workout/WorkoutDetail/WorkoutData.vue'
   import WorkoutMap from '@/components/Workout/WorkoutDetail/WorkoutMap/index.vue'
+  import WorkoutVisibility from '@/components/Workout/WorkoutDetail/WorkoutVisibility.vue'
   import { WORKOUTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
   import { IAuthUserProfile } from '@/types/user'
@@ -138,6 +142,7 @@
       distance: segment ? segment.distance : workout.distance,
       descent: segment ? segment.descent : workout.descent,
       duration: segment ? segment.duration : workout.duration,
+      mapVisibility: segment ? null : workout.map_visibility,
       maxAlt: segment ? segment.max_alt : workout.max_alt,
       maxSpeed: segment ? segment.max_speed : workout.max_speed,
       minAlt: segment ? segment.min_alt : workout.min_alt,
@@ -155,6 +160,7 @@
       with_gpx: workout.with_gpx,
       workoutId: workout.id,
       workoutTime: workoutDate.workout_time,
+      workoutVisibility: segment ? null : workout.workout_visibility,
     }
   }
   function updateDisplayModal(value: boolean) {
@@ -184,9 +190,16 @@
       width: 100%;
       .card-content {
         display: flex;
-        flex-direction: row;
+        flex-direction: column;
+        .workout-map-data {
+          display: flex;
+          flex-direction: row;
+        }
         @media screen and (max-width: $medium-limit) {
-          flex-direction: column;
+          .workout-map-data {
+            display: flex;
+            flex-direction: column;
+          }
         }
       }
     }
diff --git a/fittrackee_client/src/components/Workout/WorkoutEdition.vue b/fittrackee_client/src/components/Workout/WorkoutEdition.vue
index 462635f98..c5ef3f80f 100644
--- a/fittrackee_client/src/components/Workout/WorkoutEdition.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutEdition.vue
@@ -190,6 +190,39 @@
                   />
                 </div>
               </div>
+              <div class="form-item">
+                <label> {{ $t('privacy.WORKOUT_VISIBILITY') }}: </label>
+                <select
+                  id="workout_visibility"
+                  v-model="workoutForm.workoutVisibility"
+                  :disabled="loading"
+                  @change="updateMapVisibility"
+                >
+                  <option
+                    v-for="level in privacyLevels"
+                    :value="level"
+                    :key="level"
+                  >
+                    {{ $t(`privacy.LEVELS.${level}`) }}
+                  </option>
+                </select>
+              </div>
+              <div class="form-item" v-if="withGpx">
+                <label> {{ $t('privacy.MAP_VISIBILITY') }}: </label>
+                <select
+                  id="map_visibility"
+                  v-model="workoutForm.mapVisibility"
+                  :disabled="loading"
+                >
+                  <option
+                    v-for="level in mapPrivacyLevels"
+                    :value="level"
+                    :key="level"
+                  >
+                    {{ $t(`privacy.LEVELS.${level}`) }}
+                  </option>
+                </select>
+              </div>
               <div class="form-item">
                 <label> {{ $t('workouts.NOTES') }}: </label>
                 <CustomTextArea
@@ -242,6 +275,11 @@
   import { useStore } from '@/use/useStore'
   import { formatWorkoutDate, getDateWithTZ } from '@/utils/dates'
   import { getReadableFileSize } from '@/utils/files'
+  import {
+    getMapVisibilityLevels,
+    getUpdatedMapVisibility,
+    privacyLevels,
+  } from '@/utils/privacy'
   import { translateSports } from '@/utils/sports'
   import { convertDistance } from '@/utils/units'
 
@@ -294,12 +332,17 @@
     workoutDurationMinutes: '',
     workoutDurationSeconds: '',
     workoutDistance: '',
+    mapVisibility: authUser.value.map_visibility,
+    workoutVisibility: authUser.value.workouts_visibility,
   })
   let withGpx = ref(
     props.workout.id ? props.workout.with_gpx : props.isCreation
   )
   let gpxFile: File | null = null
   const formErrors = ref(false)
+  const mapPrivacyLevels = computed(() =>
+    getMapVisibilityLevels(workoutForm.workoutVisibility)
+  )
 
   onMounted(() => {
     if (props.workout.id) {
@@ -323,6 +366,8 @@
     workoutForm.sport_id = `${workout.sport_id}`
     workoutForm.title = workout.title
     workoutForm.notes = workout.notes
+    workoutForm.workoutVisibility = workout.workout_visibility
+    workoutForm.mapVisibility = workout.map_visibility
     if (!workout.with_gpx) {
       const workoutDateTime = formatWorkoutDate(
         getDateWithTZ(workout.workout_date, props.authUser.timezone),
@@ -351,15 +396,18 @@
       +workoutForm.workoutDurationMinutes * 60 +
       +workoutForm.workoutDurationSeconds
     payload.workout_date = `${workoutForm.workoutDate} ${workoutForm.workoutTime}`
+    payload.workout_visibility = workoutForm.workoutVisibility
   }
   function updateWorkout() {
     const payload: IWorkoutForm = {
       sport_id: +workoutForm.sport_id,
       notes: workoutForm.notes,
+      workout_visibility: workoutForm.workoutVisibility,
     }
     if (props.workout.id) {
       if (props.workout.with_gpx) {
         payload.title = workoutForm.title
+        payload.map_visibility = workoutForm.mapVisibility
       } else {
         formatPayload(payload)
       }
@@ -375,6 +423,7 @@
           return
         }
         payload.file = gpxFile
+        payload.map_visibility = workoutForm.mapVisibility
         store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_WORKOUT, payload)
       } else {
         formatPayload(payload)
@@ -395,6 +444,12 @@
   function invalidateForm() {
     formErrors.value = true
   }
+  function updateMapVisibility() {
+    workoutForm.mapVisibility = getUpdatedMapVisibility(
+      workoutForm.mapVisibility,
+      workoutForm.workoutVisibility
+    )
+  }
 
   onUnmounted(() => store.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES))
 
@@ -440,6 +495,9 @@
             input {
               height: 20px;
             }
+            label {
+              text-transform: lowercase;
+            }
 
             .workout-date-duration {
               display: flex;
diff --git a/fittrackee_client/src/locales/en/en.ts b/fittrackee_client/src/locales/en/en.ts
index fc7c0860f..5d0e96e7f 100644
--- a/fittrackee_client/src/locales/en/en.ts
+++ b/fittrackee_client/src/locales/en/en.ts
@@ -4,6 +4,7 @@ import ButtonsTranslations from './buttons.json'
 import CommonTranslations from './common.json'
 import DashboardTranslations from './dashboard.json'
 import ErrorTranslations from './error.json'
+import PrivacyLevelsTranslations from './privacy.json'
 import SportsTranslations from './sports.json'
 import StatisticsTranslations from './statistics.json'
 import UserTranslations from './user.json'
@@ -16,6 +17,7 @@ export default {
   common: CommonTranslations,
   dashboard: DashboardTranslations,
   error: ErrorTranslations,
+  privacy: PrivacyLevelsTranslations,
   sports: SportsTranslations,
   statistics: StatisticsTranslations,
   user: UserTranslations,
diff --git a/fittrackee_client/src/locales/en/privacy.json b/fittrackee_client/src/locales/en/privacy.json
new file mode 100644
index 000000000..fc4143b88
--- /dev/null
+++ b/fittrackee_client/src/locales/en/privacy.json
@@ -0,0 +1,11 @@
+{
+  "LEVELS": {
+    "private": "Private (only me)",
+    "followers_only": "Followers only",
+    "public": "Public (everyone)"
+  },
+  "MAP_VISIBILITY": "Map and analysis visibility",
+  "VISIBILITY": "visibility",
+  "WORKOUT_VISIBILITY": "Workout visibility",
+  "WORKOUTS_VISIBILITY": "Workouts related data visibility"
+}
\ No newline at end of file
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index cd076c023..c819fa6b1 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -20,15 +20,6 @@
   "PASSWORD_RESET": "Password reset",
   "PASSWORD_SENT_EMAIL_TEXT": "Check your email. If your address is in our database, you'll received an email with a link to reset your password.",
   "PASSWORD_UPDATED": "Your password have been updated. Click {0} to log in.",
-  "PRIVACY": {
-    "LEVELS": {
-      "private": "Private (only me)",
-      "followers_only": "Followers only",
-      "public": "Public (everyone)"
-    },
-    "MAP_VISIBILITY": "Map and analysis visibility",
-    "WORKOUTS_VISIBILITY": "Workouts related data visibility"
-  },
   "PROFILE": {
     "BACK_TO_PROFILE": "Back to profile",
     "BIO": "Bio",
diff --git a/fittrackee_client/src/locales/en/workouts.json b/fittrackee_client/src/locales/en/workouts.json
index 2685ea393..492f14a6e 100644
--- a/fittrackee_client/src/locales/en/workouts.json
+++ b/fittrackee_client/src/locales/en/workouts.json
@@ -18,6 +18,7 @@
   "HIDE_FILTERS": "hide filters",
   "LATEST_WORKOUTS": "Latest workouts",
   "LOAD_MORE_WORKOUT": "Load more workouts",
+  "MAP": "map",
   "MAX_ALTITUDE": "max. altitude",
   "MAX_FILES": "max files",
   "MAX_SIZE": "max size",
diff --git a/fittrackee_client/src/locales/fr/fr.ts b/fittrackee_client/src/locales/fr/fr.ts
index fc7c0860f..5d0e96e7f 100644
--- a/fittrackee_client/src/locales/fr/fr.ts
+++ b/fittrackee_client/src/locales/fr/fr.ts
@@ -4,6 +4,7 @@ import ButtonsTranslations from './buttons.json'
 import CommonTranslations from './common.json'
 import DashboardTranslations from './dashboard.json'
 import ErrorTranslations from './error.json'
+import PrivacyLevelsTranslations from './privacy.json'
 import SportsTranslations from './sports.json'
 import StatisticsTranslations from './statistics.json'
 import UserTranslations from './user.json'
@@ -16,6 +17,7 @@ export default {
   common: CommonTranslations,
   dashboard: DashboardTranslations,
   error: ErrorTranslations,
+  privacy: PrivacyLevelsTranslations,
   sports: SportsTranslations,
   statistics: StatisticsTranslations,
   user: UserTranslations,
diff --git a/fittrackee_client/src/locales/fr/privacy.json b/fittrackee_client/src/locales/fr/privacy.json
new file mode 100644
index 000000000..185a7d8c8
--- /dev/null
+++ b/fittrackee_client/src/locales/fr/privacy.json
@@ -0,0 +1,11 @@
+{
+  "LEVELS": {
+    "private": "Privé (seulement moi)",
+    "followers_only": "Abonnées uniquement",
+    "public": "Public (tout le monde)"
+  },
+  "MAP_VISIBILITY": "Visibilité de la carte et de l'analyse",
+  "VISIBILITY": "visibilité",
+  "WORKOUT_VISIBILITY": "Visibilité de la séance",
+  "WORKOUTS_VISIBILITY": "Visibilité des données relatives aux séances"
+}
\ No newline at end of file
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index b0a172ddd..a548f3c92 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -20,15 +20,6 @@
   "PASSWORD_RESET": "Réinitialisation du mot de passe",
   "PASSWORD_SENT_EMAIL_TEXT": "Vérifiez votre boite mail. Si vote adresse est dans notre base de données, vous recevrez un email avec un lien pour réinitialiser votre mot de passe.",
   "PASSWORD_UPDATED": "Votre mot de passe a été mis à jour. Cliquez {0} pour vous connecter.",
-  "PRIVACY": {
-    "LEVELS": {
-      "private": "Privé (seulement moi)",
-      "followers_only": "Abonnées uniquement",
-      "public": "Public (tout le monde)"
-    },
-    "MAP_VISIBILITY": "Visibilité de la carte et de l'analyse",
-    "WORKOUTS_VISIBILITY": "Visibilité des données relatives aux séances"
-  },
   "PROFILE": {
     "BACK_TO_PROFILE": "Revenir au profil",
     "BIO": "Bio",
diff --git a/fittrackee_client/src/locales/fr/workouts.json b/fittrackee_client/src/locales/fr/workouts.json
index 5d5f38585..790007102 100644
--- a/fittrackee_client/src/locales/fr/workouts.json
+++ b/fittrackee_client/src/locales/fr/workouts.json
@@ -18,6 +18,7 @@
   "HIDE_FILTERS": "masquer les filtres",
   "LATEST_WORKOUTS": "Séances récentes",
   "LOAD_MORE_WORKOUT": "Charger les séances suivantes",
+  "MAP": "carte",
   "MAX_ALTITUDE": "altitude max",
   "MAX_FILES": "fichiers max. ",
   "MAX_SIZE": "taille max. ",
diff --git a/fittrackee_client/src/scss/colors.scss b/fittrackee_client/src/scss/colors.scss
index d7a0f493b..c39ba09ad 100644
--- a/fittrackee_client/src/scss/colors.scss
+++ b/fittrackee_client/src/scss/colors.scss
@@ -69,4 +69,5 @@
   --svg-filter: drop-shadow(10px 10px 10px var(--app-shadow-color));
 
   --text-background-color: rgb(114, 114, 114, 0.1);
+  --text-visibilty: rgba(37, 37, 37, 0.65);
 }
\ No newline at end of file
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 7f643cc40..cff066f7c 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -189,7 +189,9 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
     form.append('file', payload.file)
     form.append(
       'data',
-      `{"sport_id": ${payload.sport_id}, "notes": "${payload.notes}"}`
+      `{"sport_id": ${payload.sport_id}, "notes": "${payload.notes}",` +
+        ` "workout_visibility": "${payload.workout_visibility}",` +
+        ` "map_visibility": "${payload.map_visibility}"}`
     )
     authApi
       .post('workouts', form, {
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index e60ae42e5..8d7261ca3 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -1,5 +1,6 @@
 import { TPaginationPayload } from '@/types/api'
 import { IChartDataset } from '@/types/chart'
+import { TPrivacyLevels } from '@/types/user'
 
 export interface IWorkoutSegment {
   ascent: number
@@ -56,6 +57,7 @@ export interface IWorkout {
   duration: string
   id: string
   map: string | null
+  map_visibility: TPrivacyLevels
   max_alt: number | null
   max_speed: number
   min_alt: number | null
@@ -74,6 +76,7 @@ export interface IWorkout {
   weather_start: IWeather | null
   with_gpx: boolean
   workout_date: string
+  workout_visibility: TPrivacyLevels
 }
 
 export interface IWorkoutObject {
@@ -84,6 +87,7 @@ export interface IWorkoutObject {
   duration: string
   maxAlt: number | null
   maxSpeed: number
+  mapVisibility: TPrivacyLevels | null
   minAlt: number | null
   moving: string
   nextUrl: string | null
@@ -99,6 +103,7 @@ export interface IWorkoutObject {
   with_gpx: boolean
   workoutId: string
   workoutTime: string
+  workoutVisibility: TPrivacyLevels | null
 }
 
 export interface IWorkoutForm {
@@ -109,6 +114,8 @@ export interface IWorkoutForm {
   distance?: number
   duration?: number
   file?: Blob
+  map_visibility?: TPrivacyLevels
+  workout_visibility: TPrivacyLevels
 }
 
 export interface IWorkoutPayload {
diff --git a/fittrackee_client/src/utils/privacy.ts b/fittrackee_client/src/utils/privacy.ts
new file mode 100644
index 000000000..c085b9098
--- /dev/null
+++ b/fittrackee_client/src/utils/privacy.ts
@@ -0,0 +1,35 @@
+import { TPrivacyLevels } from '@/types/user'
+
+export const privacyLevels: TPrivacyLevels[] = [
+  'private',
+  'followers_only',
+  'public',
+]
+
+export const getUpdatedMapVisibility = (
+  mapVisibility: TPrivacyLevels,
+  workoutVisibility: TPrivacyLevels
+): TPrivacyLevels => {
+  // when workout visibility is stricter, it returns workout visibility value
+  // for map visibility
+  if (
+    workoutVisibility === 'private' ||
+    (workoutVisibility === 'followers_only' && mapVisibility === 'public')
+  ) {
+    return workoutVisibility
+  }
+  return mapVisibility
+}
+
+export const getMapVisibilityLevels = (
+  workoutVisibility: TPrivacyLevels
+): TPrivacyLevels[] => {
+  switch (workoutVisibility) {
+    case 'public':
+      return privacyLevels
+    case 'followers_only':
+      return ['private', 'followers_only']
+    case 'private':
+      return ['private']
+  }
+}
diff --git a/fittrackee_client/tests/unit/utils/privacy.spec.ts b/fittrackee_client/tests/unit/utils/privacy.spec.ts
new file mode 100644
index 000000000..6757cf8c8
--- /dev/null
+++ b/fittrackee_client/tests/unit/utils/privacy.spec.ts
@@ -0,0 +1,45 @@
+import { assert } from 'chai'
+
+import { TPrivacyLevels } from '@/types/user'
+import {
+  getUpdatedMapVisibility,
+  getMapVisibilityLevels,
+} from '@/utils/privacy'
+
+describe('getUpdatedMapVisibility', () => {
+  const testsParams: [TPrivacyLevels, TPrivacyLevels, TPrivacyLevels][] = [
+    // input map visibility, input workout visibility, excepted map visibility
+    ['private', 'private', 'private'],
+    ['private', 'followers_only', 'private'],
+    ['private', 'public', 'private'],
+    ['followers_only', 'private', 'private'],
+    ['followers_only', 'followers_only', 'followers_only'],
+    ['followers_only', 'public', 'followers_only'],
+    ['public', 'private', 'private'],
+    ['public', 'followers_only', 'followers_only'],
+    ['public', 'public', 'public'],
+  ]
+
+  testsParams.map((testParams) => {
+    it(`get map visibility (input value: '${testParams[0]}') when workout visibility is '${testParams[1]}'`, () => {
+      assert.equal(
+        getUpdatedMapVisibility(testParams[0], testParams[1]),
+        testParams[2]
+      )
+    })
+  })
+})
+
+describe('getMapVisibilityLevels', () => {
+  const testsParams: [TPrivacyLevels, TPrivacyLevels[]][] = [
+    ['private', ['private']],
+    ['followers_only', ['private', 'followers_only']],
+    ['public', ['private', 'followers_only', 'public']],
+  ]
+
+  testsParams.map((testParams) => {
+    it(`get visibility levels depending on workout visibility (input value: '${testParams[0]}')`, () => {
+      assert.deepEqual(getMapVisibilityLevels(testParams[0]), testParams[1])
+    })
+  })
+})

From 76a6be22e1493629608b1c84957c1585ea59a1e9 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 2 Feb 2022 18:41:28 +0100
Subject: [PATCH 112/238] API - return visibility preferences only for
 authenticated user

---
 fittrackee/tests/users/test_users_model.py | 10 ++++++++--
 fittrackee/users/models.py                 |  4 ++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 888c1afb9..fe7997b9e 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -27,9 +27,7 @@ def assert_serialized_used(serialized_user: Dict) -> None:
         assert serialized_user['location'] is None
         assert serialized_user['birth_date'] is None
         assert serialized_user['picture'] is False
-        assert serialized_user['map_visibility'] == 'private'
         assert serialized_user['nb_workouts'] == 0
-        assert serialized_user['workouts_visibility'] == 'private'
 
     def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
         assert '<User \'test\'>' == str(user_1)
@@ -48,6 +46,8 @@ def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
         assert serialized_user['language'] is None
         assert serialized_user['timezone'] is None
         assert serialized_user['weekm'] is False
+        assert serialized_user['map_visibility'] == 'private'
+        assert serialized_user['workouts_visibility'] == 'private'
         assert 'follows' not in serialized_user
         assert 'is_followed_by' not in serialized_user
 
@@ -72,6 +72,8 @@ def test_user_model_as_admin(
         assert 'weekm' not in serialized_user
         assert serialized_user['follows'] == 'false'
         assert serialized_user['is_followed_by'] == 'false'
+        assert 'map_visibility' not in serialized_user
+        assert 'workouts_visibility' not in serialized_user
 
     def test_user_model_as_regular_user(
         self, app: Flask, user_1: User, user_2: User
@@ -94,6 +96,8 @@ def test_user_model_as_regular_user(
         assert 'weekm' not in serialized_user
         assert serialized_user['follows'] == 'false'
         assert serialized_user['is_followed_by'] == 'false'
+        assert 'map_visibility' not in serialized_user
+        assert 'workouts_visibility' not in serialized_user
 
     def test_user_model_when_no_user_provided(
         self, app: Flask, user_1: User
@@ -115,6 +119,8 @@ def test_user_model_when_no_user_provided(
         assert 'weekm' not in serialized_user
         assert 'follows' not in serialized_user
         assert 'is_followed_by' not in serialized_user
+        assert 'map_visibility' not in serialized_user
+        assert 'workouts_visibility' not in serialized_user
 
     def test_encode_auth_token(self, app: Flask, user_1: User) -> None:
         auth_token = user_1.encode_auth_token(user_1.id)
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index a47c293b6..5e6abd322 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -447,10 +447,8 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
             'is_remote': self.is_remote,
             'last_name': self.last_name,
             'location': self.location,
-            'map_visibility': self.map_visibility.value,
             'nb_workouts': self.workouts_count,
             'picture': self.picture is not None,
-            'workouts_visibility': self.workouts_visibility.value,
             'username': self.username,
         }
         if self.is_remote:
@@ -494,6 +492,8 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
                     'language': self.language,
                     'timezone': self.timezone,
                     'weekm': self.weekm,
+                    'map_visibility': self.map_visibility.value,
+                    'workouts_visibility': self.workouts_visibility.value,
                 },
             }
 

From eb5edc9bf422f8b9104171455ece866c7850c9b4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 19:57:03 +0100
Subject: [PATCH 113/238] API - return user with workout

---
 .../test_workouts_api_0_get_workout.py        | 18 ++++++---
 .../test_workouts_api_0_get_workouts.py       |  9 ++++-
 .../workouts/test_workouts_api_1_post.py      | 39 ++++++++++++-------
 .../workouts/test_workouts_api_2_patch.py     | 25 ++++++++----
 .../tests/workouts/test_workouts_model.py     |  2 +-
 fittrackee/workouts/models.py                 |  2 +-
 6 files changed, 64 insertions(+), 31 deletions(-)

diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index 1313a2e9a..6c94b5f08 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -10,7 +10,7 @@
 from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
 
 from ..test_case_mixins import ApiTestCaseMixin
-from ..utils import random_string
+from ..utils import jsonify_dict, random_string
 from .utils import get_random_short_id
 
 
@@ -66,7 +66,9 @@ def test_it_gets_owner_workout(
             'Mon, 01 Jan 2018 00:00:00 GMT'
             == data['data']['workouts'][0]['workout_date']
         )
-        assert 'test' == data['data']['workouts'][0]['user']
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert 1 == data['data']['workouts'][0]['sport_id']
         assert 10.0 == data['data']['workouts'][0]['distance']
         assert '1:00:00' == data['data']['workouts'][0]['duration']
@@ -132,7 +134,9 @@ def test_it_returns_followed_user_workout(
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['workouts']) == 1
-        assert data['data']['workouts'][0]['user'] == user_2.username
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_2.serialize()
+        )
         assert (
             data['data']['workouts'][0]['workout_visibility']
             == input_workout_level.value
@@ -211,7 +215,9 @@ def test_it_returns_another_user_workout_when_visibility_is_public(
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['workouts']) == 1
-        assert data['data']['workouts'][0]['user'] == user_2.username
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_2.serialize()
+        )
         assert data['data']['workouts'][0]['workout_visibility'] == 'public'
 
 
@@ -276,7 +282,9 @@ def test_it_returns_a_user_workout_when_visibility_is_public(
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert len(data['data']['workouts']) == 1
-        assert data['data']['workouts'][0]['user'] == user_1.username
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert data['data']['workouts'][0]['workout_visibility'] == 'public'
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
index 64cfa7aea..7b7f48d3d 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
@@ -7,6 +7,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import jsonify_dict
 
 
 class TestGetWorkouts(ApiTestCaseMixin):
@@ -39,7 +40,9 @@ def test_it_gets_all_workouts_for_authenticated_user(
             'Sun, 01 Apr 2018 00:00:00 GMT'
             == data['data']['workouts'][0]['workout_date']
         )
-        assert 'test' == data['data']['workouts'][0]['user']
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert 2 == data['data']['workouts'][0]['sport_id']
         assert 12.0 == data['data']['workouts'][0]['distance']
         assert '1:40:00' == data['data']['workouts'][0]['duration']
@@ -49,7 +52,9 @@ def test_it_gets_all_workouts_for_authenticated_user(
             'Mon, 01 Jan 2018 00:00:00 GMT'
             == data['data']['workouts'][1]['workout_date']
         )
-        assert 'test' == data['data']['workouts'][1]['user']
+        assert data['data']['workouts'][1]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert 1 == data['data']['workouts'][1]['sport_id']
         assert 10.0 == data['data']['workouts'][1]['distance']
         assert '1:00:00' == data['data']['workouts'][1]['duration']
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index f27073d65..90bd8c83a 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -15,15 +15,18 @@
 from fittrackee.workouts.utils.short_id import decode_short_id
 
 from ..test_case_mixins import ApiTestCaseMixin, CallArgsMixin
+from ..utils import jsonify_dict
 
 
-def assert_workout_data_with_gpx(data: Dict) -> None:
+def assert_workout_data_with_gpx(data: Dict, user: User) -> None:
     assert 'creation_date' in data['data']['workouts'][0]
     assert (
         'Tue, 13 Mar 2018 12:44:45 GMT'
         == data['data']['workouts'][0]['workout_date']
     )
-    assert 'test' == data['data']['workouts'][0]['user']
+    assert data['data']['workouts'][0]['user'] == jsonify_dict(
+        user.serialize()
+    )
     assert 1 == data['data']['workouts'][0]['sport_id']
     assert '0:04:10' == data['data']['workouts'][0]['duration']
     assert data['data']['workouts'][0]['ascent'] == 0.4
@@ -80,13 +83,15 @@ def assert_workout_data_with_gpx(data: Dict) -> None:
     assert records[3]['value'] == 4.61
 
 
-def assert_workout_data_with_gpx_segments(data: Dict) -> None:
+def assert_workout_data_with_gpx_segments(data: Dict, user: User) -> None:
     assert 'creation_date' in data['data']['workouts'][0]
     assert (
         'Tue, 13 Mar 2018 12:44:45 GMT'
         == data['data']['workouts'][0]['workout_date']
     )
-    assert 'test' == data['data']['workouts'][0]['user']
+    assert data['data']['workouts'][0]['user'] == jsonify_dict(
+        user.serialize()
+    )
     assert 1 == data['data']['workouts'][0]['sport_id']
     assert '0:04:10' == data['data']['workouts'][0]['duration']
     assert data['data']['workouts'][0]['ascent'] == 0.4
@@ -154,13 +159,15 @@ def assert_workout_data_with_gpx_segments(data: Dict) -> None:
     assert records[2]['value'] == 4.59
 
 
-def assert_workout_data_wo_gpx(data: Dict) -> None:
+def assert_workout_data_wo_gpx(data: Dict, user: User) -> None:
     assert 'creation_date' in data['data']['workouts'][0]
     assert (
         data['data']['workouts'][0]['workout_date']
         == 'Tue, 15 May 2018 14:05:00 GMT'
     )
-    assert data['data']['workouts'][0]['user'] == 'test'
+    assert data['data']['workouts'][0]['user'] == jsonify_dict(
+        user.serialize()
+    )
     assert data['data']['workouts'][0]['sport_id'] == 1
     assert data['data']['workouts'][0]['duration'] == '1:00:00'
     assert (
@@ -232,7 +239,7 @@ def test_it_adds_a_workout(
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
         assert 'just a workout' == data['data']['workouts'][0]['title']
-        assert_workout_data_with_gpx(data)
+        assert_workout_data_with_gpx(data, user_1)
 
     def test_it_adds_a_workout_without_name(
         self,
@@ -265,7 +272,7 @@ def test_it_adds_a_workout_without_name(
             'Cycling - 2018-03-13 12:44:45'
             == data['data']['workouts'][0]['title']
         )
-        assert_workout_data_with_gpx(data)
+        assert_workout_data_with_gpx(data, user_1)
 
     def test_it_adds_a_workout_when_user_has_specified_timezone(
         self,
@@ -299,7 +306,7 @@ def test_it_adds_a_workout_when_user_has_specified_timezone(
             'Cycling - 2018-03-13 13:44:45'
             == data['data']['workouts'][0]['title']
         )
-        assert_workout_data_with_gpx(data)
+        assert_workout_data_with_gpx(data, user_1)
 
     @pytest.mark.parametrize(
         'input_description,input_notes',
@@ -768,7 +775,7 @@ def test_it_adds_a_workout_without_gpx(
         data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
-        assert_workout_data_wo_gpx(data)
+        assert_workout_data_wo_gpx(data, user_1)
 
     def test_it_returns_400_if_workout_date_is_missing(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
@@ -850,7 +857,9 @@ def test_it_adds_workout_with_zero_value(
             data['data']['workouts'][0]['workout_date']
             == 'Mon, 14 May 2018 14:05:00 GMT'
         )
-        assert data['data']['workouts'][0]['user'] == 'test'
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert data['data']['workouts'][0]['sport_id'] == 1
         assert data['data']['workouts'][0]['duration'] is None
         assert data['data']['workouts'][0]['title'] == 'Workout test'
@@ -1048,7 +1057,7 @@ def test_it_adds_workouts_with_zip_archive(
             assert 'created' in data['status']
             assert len(data['data']['workouts']) == 3
             assert 'just a workout' == data['data']['workouts'][0]['title']
-            assert_workout_data_with_gpx(data)
+            assert_workout_data_with_gpx(data, user_1)
 
     def test_it_returns_400_if_folder_is_present_in_zip_archive(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
@@ -1362,9 +1371,9 @@ def workout_assertion(
         assert len(data['data']['workouts']) == 1
         assert 'just a workout' == data['data']['workouts'][0]['title']
         if with_segments:
-            assert_workout_data_with_gpx_segments(data)
+            assert_workout_data_with_gpx_segments(data, user_1)
         else:
-            assert_workout_data_with_gpx(data)
+            assert_workout_data_with_gpx(data, user_1)
         map_id = data['data']['workouts'][0]['map']
         workout_short_id = data['data']['workouts'][0]['id']
 
@@ -1530,7 +1539,7 @@ def test_it_add_and_gets_a_workout_wo_gpx(
         assert response.status_code == 200
         assert 'success' in data['status']
         assert len(data['data']['workouts']) == 1
-        assert_workout_data_wo_gpx(data)
+        assert_workout_data_wo_gpx(data, user_1)
 
     def test_it_adds_and_gets_a_workout_wo_gpx_notes(
         self, app: Flask, user_1: User, sport_1_cycling: Sport
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 3c2232fd9..f551b3965 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -10,16 +10,21 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
+from ..utils import jsonify_dict
 from .utils import get_random_short_id, post_a_workout
 
 
-def assert_workout_data_with_gpx(data: Dict, sport_id: int) -> None:
+def assert_workout_data_with_gpx(
+    data: Dict, sport_id: int, user: User
+) -> None:
     assert 'creation_date' in data['data']['workouts'][0]
     assert (
         'Tue, 13 Mar 2018 12:44:45 GMT'
         == data['data']['workouts'][0]['workout_date']
     )
-    assert 'test' == data['data']['workouts'][0]['user']
+    assert data['data']['workouts'][0]['user'] == jsonify_dict(
+        user.serialize()
+    )
     assert '0:04:10' == data['data']['workouts'][0]['duration']
     assert data['data']['workouts'][0]['ascent'] == 0.4
     assert data['data']['workouts'][0]['ave_speed'] == 4.61
@@ -81,7 +86,7 @@ def test_it_updates_title_for_a_workout_with_gpx(
         assert len(data['data']['workouts']) == 1
         assert sport_2_running.id == data['data']['workouts'][0]['sport_id']
         assert data['data']['workouts'][0]['title'] == 'Workout test'
-        assert_workout_data_with_gpx(data, sport_2_running.id)
+        assert_workout_data_with_gpx(data, sport_2_running.id, user_1)
 
     @pytest.mark.parametrize(
         'input_description,input_notes',
@@ -199,7 +204,7 @@ def test_it_updates_sport(
         assert len(data['data']['workouts']) == 1
         assert sport_2_running.id == data['data']['workouts'][0]['sport_id']
         assert data['data']['workouts'][0]['title'] == 'just a workout'
-        assert_workout_data_with_gpx(data, sport_2_running.id)
+        assert_workout_data_with_gpx(data, sport_2_running.id, user_1)
 
     def test_it_returns_400_if_payload_is_empty(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
@@ -280,7 +285,9 @@ def test_it_updates_a_workout_wo_gpx(
             data['data']['workouts'][0]['workout_date']
             == 'Tue, 15 May 2018 15:05:00 GMT'
         )
-        assert data['data']['workouts'][0]['user'] == 'test'
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert data['data']['workouts'][0]['sport_id'] == sport_2_running.id
         assert data['data']['workouts'][0]['duration'] == '1:00:00'
         assert data['data']['workouts'][0]['title'] == 'Workout test'
@@ -452,7 +459,9 @@ def test_it_updates_a_workout_wo_gpx_with_timezone(
             data['data']['workouts'][0]['workout_date']
             == 'Tue, 15 May 2018 13:05:00 GMT'
         )
-        assert data['data']['workouts'][0]['user'] == 'test'
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1_paris.serialize()
+        )
         assert data['data']['workouts'][0]['sport_id'] == sport_2_running.id
         assert data['data']['workouts'][0]['duration'] == '1:00:00'
         assert data['data']['workouts'][0]['title'] == 'Workout test'
@@ -519,7 +528,9 @@ def test_it_updates_only_sport_and_distance_a_workout_wo_gpx(
             data['data']['workouts'][0]['workout_date']
             == 'Mon, 01 Jan 2018 00:00:00 GMT'
         )
-        assert data['data']['workouts'][0]['user'] == 'test'
+        assert data['data']['workouts'][0]['user'] == jsonify_dict(
+            user_1.serialize()
+        )
         assert data['data']['workouts'][0]['sport_id'] == sport_2_running.id
         assert data['data']['workouts'][0]['duration'] == '1:00:00'
         assert data['data']['workouts'][0]['title'] is None
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index e60219a82..a6c4dde28 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -58,7 +58,7 @@ def test_workout_model(
 
         serialized_workout = workout_cycling_user_1.serialize(self.user_status)
         assert isinstance(decode_short_id(serialized_workout['id']), UUID)
-        assert 'test' == serialized_workout['user']
+        assert serialized_workout['user'] == user_1.serialize()
         assert 1 == serialized_workout['sport_id']
         assert serialized_workout['title'] == 'Test'
         assert 'creation_date' in serialized_workout
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 5d6b0a222..a6521133c 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -320,7 +320,7 @@ def serialize(
 
         return {
             'id': self.short_id,  # WARNING: client use uuid as id
-            'user': self.user.username,
+            'user': self.user.serialize(),
             'sport_id': self.sport_id,
             'title': self.title,
             'creation_date': self.creation_date,

From 9eed417e2d7d793697aaca8f0f29d9c1069d6f43 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 2 Feb 2022 19:24:13 +0100
Subject: [PATCH 114/238] API - return visibility only for workout owner

---
 .../workouts/test_workouts_api_0_get_workout.py      | 12 ++++++------
 fittrackee/tests/workouts/test_workouts_model.py     | 10 ++++++++++
 fittrackee/workouts/models.py                        |  8 +++++---
 3 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index 6c94b5f08..f6ecf2e37 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -137,10 +137,8 @@ def test_it_returns_followed_user_workout(
         assert data['data']['workouts'][0]['user'] == jsonify_dict(
             user_2.serialize()
         )
-        assert (
-            data['data']['workouts'][0]['workout_visibility']
-            == input_workout_level.value
-        )
+        assert 'map_visibility' not in data['data']['workouts'][0]
+        assert 'workout_visibility' not in data['data']['workouts'][0]
 
 
 class TestGetWorkoutAsUser(GetWorkoutTestCase):
@@ -218,7 +216,8 @@ def test_it_returns_another_user_workout_when_visibility_is_public(
         assert data['data']['workouts'][0]['user'] == jsonify_dict(
             user_2.serialize()
         )
-        assert data['data']['workouts'][0]['workout_visibility'] == 'public'
+        assert 'map_visibility' not in data['data']['workouts'][0]
+        assert 'workout_visibility' not in data['data']['workouts'][0]
 
 
 class TestGetWorkoutAsUnauthenticatedUser(GetWorkoutTestCase):
@@ -285,7 +284,8 @@ def test_it_returns_a_user_workout_when_visibility_is_public(
         assert data['data']['workouts'][0]['user'] == jsonify_dict(
             user_1.serialize()
         )
-        assert data['data']['workouts'][0]['workout_visibility'] == 'public'
+        assert 'map_visibility' not in data['data']['workouts'][0]
+        assert 'workout_visibility' not in data['data']['workouts'][0]
 
 
 class GetWorkoutGpxTestCase(ApiTestCaseMixin):
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index a6c4dde28..2cc05c1a7 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -323,6 +323,8 @@ def test_serializer_returns_map_related_data(
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
         assert serialized_workout['with_gpx'] is True
+        assert 'map_visibility' not in serialized_workout
+        assert 'workout_visibility' not in serialized_workout
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -355,6 +357,8 @@ def test_serializer_does_not_return_map_related_data(
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
         assert serialized_workout['with_gpx'] is False
+        assert 'map_visibility' not in serialized_workout
+        assert 'workout_visibility' not in serialized_workout
 
     def test_serializer_does_not_return_next_workout(
         self,
@@ -444,6 +448,8 @@ def test_serializer_returns_map_related_data_when_visibility_is_public(
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
         assert serialized_workout['with_gpx'] is True
+        assert 'map_visibility' not in serialized_workout
+        assert 'workout_visibility' not in serialized_workout
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -476,6 +482,8 @@ def test_serializer_does_not_return_map_related_data(
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
         assert serialized_workout['with_gpx'] is False
+        assert 'map_visibility' not in serialized_workout
+        assert 'workout_visibility' not in serialized_workout
 
     def test_serializer_does_not_return_next_workout(
         self,
@@ -508,3 +516,5 @@ def test_serializer_does_not_return_previous_workout(
         )
 
         assert serialized_workout['previous_workout'] is None
+        assert 'map_visibility' not in serialized_workout
+        assert 'workout_visibility' not in serialized_workout
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index a6521133c..6afc9e3a3 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -318,7 +318,7 @@ def serialize(
             next_workout = None
             previous_workout = None
 
-        return {
+        workout = {
             'id': self.short_id,  # WARNING: client use uuid as id
             'user': self.user.serialize(),
             'sport_id': self.sport_id,
@@ -349,12 +349,14 @@ def serialize(
             'segments': [segment.serialize() for segment in self.segments],
             'records': [record.serialize() for record in self.records],
             'map': self.map_id if self.map and can_see_map_data else None,
-            'map_visibility': self.calculated_map_visibility.value,
             'weather_start': self.weather_start,
             'weather_end': self.weather_end,
-            'workout_visibility': self.workout_visibility.value,
             'notes': self.notes if user_status == 'owner' else None,
         }
+        if user_status == 'owner':
+            workout['workout_visibility'] = self.workout_visibility.value
+            workout['map_visibility'] = self.calculated_map_visibility.value
+        return workout
 
     @classmethod
     def get_user_workout_records(

From 2fe09686109202a04500564727b0bf48ebd5b4a4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Feb 2022 20:04:42 +0100
Subject: [PATCH 115/238] API - only workout owner can edit or delete a workout

---
 .../workouts/test_workouts_api_2_patch.py     | 217 ++++++++++++++++--
 .../workouts/test_workouts_api_3_delete.py    | 203 ++++++++++++++--
 fittrackee/tests/workouts/utils.py            |   8 +-
 fittrackee/workouts/workouts.py               |   4 +
 4 files changed, 404 insertions(+), 28 deletions(-)

diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index f551b3965..35847031a 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -6,7 +6,7 @@
 from flask import Flask
 
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.users.models import User
+from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
@@ -148,20 +148,38 @@ def test_it_empties_workout_notes(
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0]['notes'] == ''
 
-    def test_it_raises_403_when_editing_a_workout_from_different_user(
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                403,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_it_returns_error_when_deleting_workout_from_followed_user_user(
         self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
-        sport_2_running: Sport,
         gpx_file: str,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        _, workout_short_id = post_a_workout(app, gpx_file)
+        user_1.approves_follow_request_from(user_2)
+        _, workout_short_id = post_a_workout(
+            app, gpx_file, workout_visibility=input_workout_visibility
+        )
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
-            data=json.dumps(dict(email='toto@toto.com', password='87654321')),
+            data=json.dumps(dict(email=user_2.email, password='87654321')),
             content_type='application/json',
         )
 
@@ -175,10 +193,85 @@ def test_it_raises_403_when_editing_a_workout_from_different_user(
             ),
         )
 
-        data = json.loads(response.data.decode())
-        assert response.status_code == 403
-        assert 'error' in data['status']
-        assert 'you do not have permissions' in data['message']
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                404,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_it_returns_error_when_deleting_workout_from_different_user(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        _, workout_short_id = post_a_workout(
+            app, gpx_file, workout_visibility=input_workout_visibility
+        )
+        client = app.test_client()
+        resp_login = client.post(
+            '/api/auth/login',
+            data=json.dumps(dict(email=user_2.email, password='87654321')),
+            content_type='application/json',
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_short_id}',
+            content_type='application/json',
+            data=json.dumps(dict(sport_id=2, title="Workout test")),
+            headers=dict(
+                Authorization='Bearer '
+                + json.loads(resp_login.data.decode())['auth_token']
+            ),
+        )
+
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_401_when_no_authenticated(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        _, workout_short_id = post_a_workout(
+            app, gpx_file, workout_visibility=input_workout_visibility
+        )
+        client = app.test_client()
+
+        response = client.patch(
+            f'/api/workouts/{workout_short_id}',
+            content_type='application/json',
+            data=json.dumps(dict(sport_id=2, title="Workout test")),
+        )
+
+        assert response.status_code == 401
 
     def test_it_updates_sport(
         self,
@@ -390,14 +483,77 @@ def test_it_empties_workout_notes(
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0]['notes'] == ''
 
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                403,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_returns_403_when_editing_a_workout_wo_gpx_from_followed_user(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_2.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=2,
+                    duration=3600,
+                    workout_date='2018-05-15 15:05',
+                    distance=8,
+                    title='Workout test',
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                404,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
     def test_returns_403_when_editing_a_workout_wo_gpx_from_different_user(
         self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -417,10 +573,45 @@ def test_returns_403_when_editing_a_workout_wo_gpx_from_different_user(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        assert response.status_code == 403
-        data = json.loads(response.data.decode())
-        assert 'error' in data['status']
-        assert 'you do not have permissions' in data['message']
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_401_when_no_authenticated(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client = app.test_client()
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=2,
+                    duration=3600,
+                    workout_date='2018-05-15 15:05',
+                    distance=8,
+                    title='Workout test',
+                )
+            ),
+        )
+
+        assert response.status_code == 401
 
     def test_it_updates_a_workout_wo_gpx_with_timezone(
         self,
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index 9b7574ca5..17f3cea1d 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -1,10 +1,12 @@
 import json
 import os
 
+import pytest
 from flask import Flask
 
 from fittrackee.files import get_absolute_file_path
-from fittrackee.users.models import User
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
 from ..test_case_mixins import ApiTestCaseMixin
@@ -30,19 +32,39 @@ def test_it_deletes_workout_with_gpx(
 
         assert response.status_code == 204
 
-    def test_it_returns_403_when_deleting_workout_from_different_user(
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                403,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_it_returns_error_when_deleting_workout_from_followed_user_user(
         self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         gpx_file: str,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
-        _, workout_short_id = post_a_workout(app, gpx_file)
+        user_1.approves_follow_request_from(user_2)
+
+        _, workout_short_id = post_a_workout(
+            app, gpx_file, workout_visibility=input_workout_visibility
+        )
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
-            data=json.dumps(dict(email='toto@toto.com', password='87654321')),
+            data=json.dumps(dict(email=user_2.email, password='87654321')),
             content_type='application/json',
         )
 
@@ -54,10 +76,81 @@ def test_it_returns_403_when_deleting_workout_from_different_user(
             ),
         )
 
-        assert response.status_code == 403
-        data = json.loads(response.data.decode())
-        assert 'error' in data['status']
-        assert 'you do not have permissions' in data['message']
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                404,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_it_returns_error_when_deleting_workout_from_different_user(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        _, workout_short_id = post_a_workout(
+            app, gpx_file, workout_visibility=input_workout_visibility
+        )
+        client = app.test_client()
+        resp_login = client.post(
+            '/api/auth/login',
+            data=json.dumps(dict(email=user_2.email, password='87654321')),
+            content_type='application/json',
+        )
+
+        response = client.delete(
+            f'/api/workouts/{workout_short_id}',
+            headers=dict(
+                Authorization='Bearer '
+                + json.loads(resp_login.data.decode())['auth_token']
+            ),
+        )
+
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_401_when_no_authenticated(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        _, workout_short_id = post_a_workout(
+            app, gpx_file, workout_visibility=input_workout_visibility
+        )
+        client = app.test_client()
+
+        response = client.delete(
+            f'/api/workouts/{workout_short_id}',
+        )
+
+        assert response.status_code == 401
 
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
@@ -114,18 +207,36 @@ def test_it_deletes_a_workout_wo_gpx(
         )
         assert response.status_code == 204
 
-    def test_it_returns_404_when_deleting_workout_from_different_user(
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                403,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_it_returns_error_when_deleting_workout_from_followed_user_user(
         self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
     ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
-            data=json.dumps(dict(email='toto@toto.com', password='87654321')),
+            data=json.dumps(dict(email=user_2.email, password='87654321')),
             content_type='application/json',
         )
         response = client.delete(
@@ -136,8 +247,72 @@ def test_it_returns_404_when_deleting_workout_from_different_user(
             ),
         )
 
-        data = json.loads(response.data.decode())
+        assert response.status_code == expected_status_code
 
-        assert response.status_code == 403
-        assert 'error' in data['status']
-        assert 'you do not have permissions' in data['message']
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility,expected_status_code',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE, 404),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+                404,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC, 403),
+        ],
+    )
+    def test_it_returns_error_when_deleting_workout_from_different_user(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        expected_status_code: int,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        client = app.test_client()
+        resp_login = client.post(
+            '/api/auth/login',
+            data=json.dumps(dict(email=user_2.email, password='87654321')),
+            content_type='application/json',
+        )
+        response = client.delete(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            headers=dict(
+                Authorization='Bearer '
+                + json.loads(resp_login.data.decode())['auth_token']
+            ),
+        )
+
+        assert response.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_401_when_no_authenticated(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client = app.test_client()
+
+        response = client.delete(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+        )
+
+        assert response.status_code == 401
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 43bc65a93..af165189e 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -5,6 +5,7 @@
 
 from flask import Flask
 
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.utils.short_id import encode_uuid
 
 
@@ -13,7 +14,10 @@ def get_random_short_id() -> str:
 
 
 def post_a_workout(
-    app: Flask, gpx_file: str, notes: Optional[str] = None
+    app: Flask,
+    gpx_file: str,
+    notes: Optional[str] = None,
+    workout_visibility: Optional[PrivacyLevel] = None,
 ) -> Tuple[str, str]:
     client = app.test_client()
     resp_login = client.post(
@@ -25,6 +29,8 @@ def post_a_workout(
     workout_data = '{"sport_id": 1'
     if notes is not None:
         workout_data += f', "notes": "{notes}"'
+    if workout_visibility is not None:
+        workout_data += f', "workout_visibility": "{workout_visibility.value}"'
     workout_data += '}'
     response = client.post(
         '/api/workouts',
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 4dd6ef2c6..cdf1cb04f 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1310,6 +1310,8 @@ def update_workout(
             workout, 'workout_visibility', auth_user
         )
         if not can_view:
+            return DataNotFoundErrorResponse('workouts')
+        if auth_user.id != workout.user.id:
             return ForbiddenErrorResponse()
 
         workout = edit_workout(workout, workout_data, auth_user)
@@ -1371,6 +1373,8 @@ def delete_workout(
             workout, 'workout_visibility', auth_user
         )
         if not can_view:
+            return DataNotFoundErrorResponse('workouts')
+        if auth_user.id != workout.user.id:
             return ForbiddenErrorResponse()
 
         db.session.delete(workout)

From e24eee023ef86d0de2e4031fef204b947b9194bc Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 3 Feb 2022 11:33:55 +0100
Subject: [PATCH 116/238] Client - display workout depending on visibility
 (WIP)

---
 .../WorkoutDetail/WorkoutCardTitle.vue        |  7 +-
 .../Workout/WorkoutDetail/WorkoutUser.vue     | 93 +++++++++++++++++++
 .../WorkoutDetail/WorkoutVisibility.vue       |  2 +-
 .../Workout/WorkoutDetail/index.vue           | 10 +-
 fittrackee_client/src/types/user.ts           |  4 +-
 fittrackee_client/src/types/workouts.ts       | 10 +-
 .../src/views/workouts/Workout.vue            | 27 +++++-
 7 files changed, 140 insertions(+), 13 deletions(-)
 create mode 100644 fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
index 2089778ff..692d760f1 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
@@ -24,6 +24,7 @@
           <i
             class="fa fa-edit"
             aria-hidden="true"
+            v-if="isWorkoutOwner"
             @click="
               $router.push({
                 name: 'EditWorkout',
@@ -32,13 +33,14 @@
             "
           />
           <i
-            v-if="workoutObject.with_gpx"
+            v-if="workoutObject.with_gpx && isWorkoutOwner"
             class="fa fa-download"
             aria-hidden="true"
             @click.prevent="downloadGpx(workoutObject.workoutId)"
           />
           <i
             class="fa fa-trash"
+            v-if="isWorkoutOwner"
             aria-hidden="true"
             @click="emit('displayModal', true)"
           />
@@ -96,12 +98,13 @@
   interface Props {
     sport: ISport
     workoutObject: IWorkoutObject
+    isWorkoutOwner: boolean
   }
   const props = defineProps<Props>()
 
   const emit = defineEmits(['displayModal'])
 
-  const { sport, workoutObject } = toRefs(props)
+  const { isWorkoutOwner, sport, workoutObject } = toRefs(props)
 
   async function downloadGpx(workoutId: string) {
     await authApi
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue
new file mode 100644
index 000000000..4e51458e4
--- /dev/null
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue
@@ -0,0 +1,93 @@
+<template>
+  <div class="box workout-user">
+    <div class="user-img-name">
+      <UserPicture :user="user" />
+      <router-link
+        class="user-name"
+        :to="`/users/${getUserName(user)}?from=users`"
+      >
+        {{ user.username }}
+      </router-link>
+    </div>
+    <UserStats :user="user" />
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { toRefs } from 'vue'
+
+  import UserPicture from '@/components/User/UserPicture.vue'
+  import UserStats from '@/components/User/UserStats.vue'
+  import { IUserProfile } from '@/types/user'
+  import { getUserName } from '@/utils/user'
+
+  interface Props {
+    user: IUserProfile
+  }
+  const props = defineProps<Props>()
+
+  const { user } = toRefs(props)
+</script>
+
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+
+  .workout-user {
+    display: flex;
+    flex-direction: row;
+    gap: $default-padding * 2;
+    align-items: center;
+
+    .user-img-name {
+      display: flex;
+      align-items: center;
+      gap: $default-padding;
+
+      ::v-deep(.user-picture) {
+        padding-left: $default-padding;
+        min-width: 0;
+        img {
+          height: 48px;
+          width: 48px;
+        }
+        .no-picture {
+          font-size: 3em;
+        }
+      }
+
+      .user-name {
+        font-size: 1.3em;
+      }
+    }
+
+    @media screen and (max-width: $small-limit) {
+      flex-direction: column;
+      align-items: flex-start;
+      gap: 0;
+    }
+
+    @media screen and (max-width: $x-small-limit) {
+      .user-img-name {
+        ::v-deep(.user-picture) {
+          padding-left: $default-padding;
+          min-width: 0;
+          img {
+            height: 30px;
+            width: 30px;
+          }
+          .no-picture {
+            font-size: 2em;
+          }
+        }
+
+        .user-name {
+          font-size: 1em;
+          padding-left: $default-padding * 0.5;
+        }
+      }
+      ::v-deep(.user-stats) {
+        flex-wrap: wrap;
+      }
+    }
+  }
+</style>
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
index 00a6f54ca..b0131afbb 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="workout-visibility-levels">
+  <div class="workout-visibility-levels" v-if="workoutObject.workoutVisibility">
     {{ $t('privacy.VISIBILITY') }}:
     <div class="visibility">
       <span v-if="workoutObject.with_gpx" class="workout-visibility">
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index b967cddc5..369c425f8 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -12,6 +12,7 @@
         <WorkoutCardTitle
           :sport="sport"
           :workoutObject="workoutObject"
+          :isWorkoutOwner="isWorkoutOwner"
           @displayModal="updateDisplayModal(true)"
         />
       </template>
@@ -26,7 +27,10 @@
             :useImperialUnits="authUser.imperial_units"
           />
         </div>
-        <WorkoutVisibility :workoutObject="workoutObject" />
+        <WorkoutVisibility
+          :workoutObject="workoutObject"
+          v-if="workoutObject.workoutVisibility"
+        />
       </template>
     </Card>
   </div>
@@ -67,6 +71,7 @@
     sports: ISport[]
     workoutData: IWorkoutData
     markerCoordinates?: TCoordinates
+    isWorkoutOwner: boolean
   }
   const props = withDefaults(defineProps<Props>(), {
     markerCoordinates: () => ({} as TCoordinates),
@@ -75,7 +80,8 @@
   const route = useRoute()
   const store = useStore()
 
-  const { authUser, markerCoordinates, workoutData } = toRefs(props)
+  const { authUser, isWorkoutOwner, markerCoordinates, workoutData } =
+    toRefs(props)
   const workout: ComputedRef<IWorkout> = computed(
     () => props.workoutData.workout
   )
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index 73a1ee8e1..49ba39e52 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -23,7 +23,6 @@ export interface IUserProfile {
   is_remote: boolean
   last_name: string | null
   location: string | null
-  map_visibility: TPrivacyLevels
   nb_sports?: number
   nb_workouts: number
   picture: string | boolean
@@ -33,13 +32,13 @@ export interface IUserProfile {
   total_distance?: number
   total_duration?: string
   username: string
-  workouts_visibility: TPrivacyLevels
 }
 
 export interface IAuthUserProfile extends IUserProfile {
   email: string
   imperial_units: boolean
   language: string | null
+  map_visibility: TPrivacyLevels
   nb_sports: number
   records: IRecord[]
   sports_list: number[]
@@ -47,6 +46,7 @@ export interface IAuthUserProfile extends IUserProfile {
   total_distance: number
   total_duration: string
   weekm: boolean
+  workouts_visibility: TPrivacyLevels
 }
 
 export interface IUserPayload {
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 8d7261ca3..3b22514aa 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -1,6 +1,6 @@
 import { TPaginationPayload } from '@/types/api'
 import { IChartDataset } from '@/types/chart'
-import { TPrivacyLevels } from '@/types/user'
+import { IUserProfile, TPrivacyLevels } from '@/types/user'
 
 export interface IWorkoutSegment {
   ascent: number
@@ -57,7 +57,7 @@ export interface IWorkout {
   duration: string
   id: string
   map: string | null
-  map_visibility: TPrivacyLevels
+  map_visibility?: TPrivacyLevels
   max_alt: number | null
   max_speed: number
   min_alt: number | null
@@ -71,12 +71,12 @@ export interface IWorkout {
   segments: IWorkoutSegment[]
   sport_id: number
   title: string
-  user: string
+  user: IUserProfile
   weather_end: IWeather | null
   weather_start: IWeather | null
   with_gpx: boolean
   workout_date: string
-  workout_visibility: TPrivacyLevels
+  workout_visibility?: TPrivacyLevels
 }
 
 export interface IWorkoutObject {
@@ -103,7 +103,7 @@ export interface IWorkoutObject {
   with_gpx: boolean
   workoutId: string
   workoutTime: string
-  workoutVisibility: TPrivacyLevels | null
+  workoutVisibility: TPrivacyLevels | null | undefined
 }
 
 export interface IWorkoutForm {
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index 704913071..af5ba4ea6 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -3,12 +3,14 @@
     <div class="container">
       <div class="workout-container" v-if="sports.length > 0">
         <div v-if="workoutData.workout.id">
+          <WorkoutUser :user="workoutData.workout.user"></WorkoutUser>
           <WorkoutDetail
             :workoutData="workoutData"
             :sports="sports"
             :authUser="authUser"
             :markerCoordinates="markerCoordinates"
             :displaySegment="displaySegment"
+            :isWorkoutOwner="isWorkoutOwner"
           />
           <WorkoutChart
             v-if="
@@ -25,7 +27,7 @@
             :useImperialUnits="authUser.imperial_units"
           />
           <WorkoutNotes
-            v-if="!displaySegment"
+            v-if="!displaySegment && isWorkoutOwner"
             :notes="workoutData.workout.notes"
           />
           <div id="bottom" />
@@ -56,6 +58,7 @@
   import WorkoutChart from '@/components/Workout/WorkoutDetail/WorkoutChart/index.vue'
   import WorkoutNotes from '@/components/Workout/WorkoutDetail/WorkoutNotes.vue'
   import WorkoutSegments from '@/components/Workout/WorkoutDetail/WorkoutSegments.vue'
+  import WorkoutUser from '@/components/Workout/WorkoutDetail/WorkoutUser.vue'
   import {
     AUTH_USER_STORE,
     SPORTS_STORE,
@@ -65,6 +68,7 @@
   import { IAuthUserProfile } from '@/types/user'
   import { IWorkoutData, IWorkoutPayload, TCoordinates } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
+  import { getUserName } from '@/utils/user'
 
   interface Props {
     displaySegment: boolean
@@ -88,6 +92,11 @@
     latitude: null,
     longitude: null,
   })
+  const isWorkoutOwner = computed(
+    () =>
+      getUserName(authUser.value) ===
+      getUserName(workoutData.value.workout.user)
+  )
 
   onBeforeMount(() => {
     const payload: IWorkoutPayload = { workoutId: route.params.workoutId }
@@ -143,6 +152,22 @@
       padding: 0;
       .workout-container {
         width: 100%;
+
+        .user-header {
+          align-items: center;
+          ::v-deep(.user-picture) {
+            img {
+              height: 50px;
+              width: 50px;
+            }
+            .no-picture {
+              font-size: 3em;
+            }
+          }
+          ::v-deep(.user-details) {
+            flex-direction: row;
+          }
+        }
       }
       .workout-loading {
         height: $app-height;

From 90c1d67c14e19cab5efb2bb53faf9616f01b2cbe Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 3 Feb 2022 19:03:48 +0100
Subject: [PATCH 117/238] Client - minor style fix

---
 fittrackee_client/src/components/NavBar.vue   | 11 +++++++++-
 .../src/components/User/UserCard.vue          | 21 ++++++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/fittrackee_client/src/components/NavBar.vue b/fittrackee_client/src/components/NavBar.vue
index ac4075c0a..bb115748b 100644
--- a/fittrackee_client/src/components/NavBar.vue
+++ b/fittrackee_client/src/components/NavBar.vue
@@ -58,9 +58,10 @@
               class="nav-item nav-profile-img"
               to="/profile"
               @click="closeMenu"
+              :title="authUser.username"
             >
               <UserPicture :user="authUser" />
-              {{ authUser.username }}
+              <span class="user-name">{{ authUser.username }}</span>
             </router-link>
             <div
               class="nav-item nav-link logout-fa"
@@ -247,6 +248,7 @@
         align-items: flex-start;
         margin-bottom: -$default-padding;
         ::v-deep(.user-picture) {
+          min-width: auto;
           img {
             height: 32px;
             width: 32px;
@@ -254,8 +256,15 @@
           }
           .no-picture {
             font-size: 1.7em;
+            padding: 0;
           }
         }
+        .user-name {
+          max-width: 180px;
+          white-space: nowrap;
+          overflow: hidden;
+          text-overflow: ellipsis;
+        }
       }
 
       .nav-separator {
diff --git a/fittrackee_client/src/components/User/UserCard.vue b/fittrackee_client/src/components/User/UserCard.vue
index dec0a945d..fa32f2c98 100644
--- a/fittrackee_client/src/components/User/UserCard.vue
+++ b/fittrackee_client/src/components/User/UserCard.vue
@@ -6,10 +6,15 @@
         <router-link
           class="user-name"
           :to="`/users/${getUserName(user)}?from=users`"
+          :title="user.username"
         >
           {{ user.username }}
         </router-link>
-        <div class="remote-user-account" v-if="user.is_remote">
+        <div
+          class="remote-user-account"
+          v-if="user.is_remote"
+          :title="user.fullname"
+        >
           {{ user.fullname }}
         </div>
       </div>
@@ -90,6 +95,20 @@
           }
         }
 
+        .remote-user-account,
+        .user-name {
+          max-width: 170px;
+          overflow: hidden;
+          white-space: nowrap;
+          text-overflow: ellipsis;
+          @media screen and (max-width: $small-limit) {
+            max-width: fit-content;
+          }
+          @media screen and (max-width: $x-small-limit) {
+            max-width: 170px;
+          }
+        }
+
         .remote-user-account {
           font-size: 0.8em;
           font-style: italic;

From 9748e6bbbbe70fb615734840787da33c69f6c6c6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 4 Feb 2022 08:20:54 +0100
Subject: [PATCH 118/238] API - init timeline route

---
 fittrackee/__init__.py                        |   2 +
 .../tests/workouts/test_timeline_api.py       | 346 ++++++++++++++++++
 fittrackee/workouts/timeline.py               |  59 +++
 3 files changed, 407 insertions(+)
 create mode 100644 fittrackee/tests/workouts/test_timeline_api.py
 create mode 100644 fittrackee/workouts/timeline.py

diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index c02687169..9a0c76d7b 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -88,6 +88,7 @@ def create_app() -> Flask:
     from .workouts.records import records_blueprint  # noqa
     from .workouts.sports import sports_blueprint  # noqa
     from .workouts.stats import stats_blueprint  # noqa
+    from .workouts.timeline import timeline_blueprint  # noqa
     from .workouts.workouts import workouts_blueprint  # noqa
 
     app.register_blueprint(auth_blueprint, url_prefix='/api')
@@ -98,6 +99,7 @@ def create_app() -> Flask:
     app.register_blueprint(users_blueprint, url_prefix='/api')
     app.register_blueprint(workouts_blueprint, url_prefix='/api')
     app.register_blueprint(follow_requests_blueprint, url_prefix='/api')
+    app.register_blueprint(timeline_blueprint, url_prefix='/api')
 
     # ActivityPub federation
     from .federation.federation import ap_federation_blueprint  # noqa
diff --git a/fittrackee/tests/workouts/test_timeline_api.py b/fittrackee/tests/workouts/test_timeline_api.py
new file mode 100644
index 000000000..2d5e826e3
--- /dev/null
+++ b/fittrackee/tests/workouts/test_timeline_api.py
@@ -0,0 +1,346 @@
+import json
+
+import pytest
+from flask import Flask
+from werkzeug.test import TestResponse
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ..test_case_mixins import ApiTestCaseMixin
+
+
+class TestGetUserTimeline(ApiTestCaseMixin):
+    @staticmethod
+    def assert_no_workout_returned(response: TestResponse) -> None:
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    @staticmethod
+    def assert_workout_returned(
+        response: TestResponse, workout: Workout
+    ) -> None:
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert data['data']['workouts'][0]['id'] == workout.short_id
+
+    def test_it_returns_401_if_no_authentication(self, app: Flask) -> None:
+        client = app.test_client()
+
+        response = client.get('/api/timeline')
+
+        assert response.status_code == 401
+
+    def test_it_returns_empty_list_when_no_workouts(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_no_workout_returned(response)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_authenticated_user_workout(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_workout_returned(response, workout_cycling_user_1)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_followed_user_workout_when_visibility_allows_it(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_workout_returned(response, workout_cycling_user_2)
+
+    def test_it_does_not_return_followed_user_private_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PRIVATE
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_no_workout_returned(response)
+
+    def test_it_returns_public_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_workout_returned(response, workout_cycling_user_2)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+        ],
+    )
+    def test_it_does_return_workout_if_visibility_does_not_allow_it(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_no_workout_returned(response)
+
+
+class TestGetUserTimelinePagination(ApiTestCaseMixin):
+    def test_it_returns_pagination_when_no_workouts(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
+    def test_it_returns_pagination_when_one_workout_returned(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 1,
+        }
+
+    def test_it_gets_first_page(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        seven_workouts_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['workouts']) == 5
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 7,
+        }
+
+    def test_it_gets_second_page(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        seven_workouts_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline?page=2',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['workouts']) == 2
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 7,
+        }
+
+    def test_it_gets_empty_third_page(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        seven_workouts_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline?page=3',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['workouts']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 3,
+            'pages': 2,
+            'total': 7,
+        }
+
+    def test_it_returns_workouts_ordered_by_workout_date_descending(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        seven_workouts_user_1: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert (
+            'Wed, 09 May 2018 00:00:00 GMT'
+            == data['data']['workouts'][0]['workout_date']
+        )
+        assert (
+            'Mon, 01 Jan 2018 00:00:00 GMT'
+            == data['data']['workouts'][4]['workout_date']
+        )
diff --git a/fittrackee/workouts/timeline.py b/fittrackee/workouts/timeline.py
new file mode 100644
index 000000000..b1fce1173
--- /dev/null
+++ b/fittrackee/workouts/timeline.py
@@ -0,0 +1,59 @@
+from typing import Dict, Union
+
+from flask import Blueprint, request
+from sqlalchemy import and_, or_
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.responses import HttpResponse, handle_error_and_return_response
+from fittrackee.users.decorators import authenticate
+from fittrackee.users.models import User
+
+from .models import Workout
+
+timeline_blueprint = Blueprint('timeline', __name__)
+
+DEFAULT_WORKOUTS_PER_PAGE = 5
+
+
+@timeline_blueprint.route('/timeline', methods=['GET'])
+@authenticate
+def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
+    try:
+        params = request.args.copy()
+        page = int(params.get('page', 1))
+        workouts_pagination = (
+            Workout.query.filter(
+                or_(
+                    Workout.user_id == auth_user.id,
+                    and_(
+                        Workout.user_id.in_(
+                            [user.id for user in auth_user.following]
+                        ),
+                        Workout.workout_visibility == PrivacyLevel.FOLLOWERS,
+                    ),
+                    Workout.workout_visibility == PrivacyLevel.PUBLIC,
+                )
+            )
+            .order_by(
+                Workout.workout_date.desc(),
+            )
+            .paginate(page, DEFAULT_WORKOUTS_PER_PAGE, False)
+        )
+        workouts = workouts_pagination.items
+        return {
+            'status': 'success',
+            'data': {
+                'workouts': [
+                    workout.serialize('owner') for workout in workouts
+                ]
+            },
+            'pagination': {
+                'has_next': workouts_pagination.has_next,
+                'has_prev': workouts_pagination.has_prev,
+                'page': workouts_pagination.page,
+                'pages': workouts_pagination.pages,
+                'total': workouts_pagination.total,
+            },
+        }
+    except Exception as e:
+        return handle_error_and_return_response(e)

From 997725b4c17f4aecab5755cb3d5e8c0bc45b180f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 4 Feb 2022 08:46:18 +0100
Subject: [PATCH 119/238] Client - init timeline display on dashboard

---
 .../src/components/Dashboard/Timeline.vue           |  2 +-
 .../src/components/Workout/WorkoutCard.vue          | 13 ++++++++++++-
 .../src/store/modules/workouts/actions.ts           |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/fittrackee_client/src/components/Dashboard/Timeline.vue b/fittrackee_client/src/components/Dashboard/Timeline.vue
index 72c3e34ba..051b3455a 100644
--- a/fittrackee_client/src/components/Dashboard/Timeline.vue
+++ b/fittrackee_client/src/components/Dashboard/Timeline.vue
@@ -18,7 +18,7 @@
             ? sports.filter((s) => s.id === workout.sport_id)[0]
             : null
         "
-        :user="user"
+        :user="workout.user"
         :useImperialUnits="user.imperial_units"
         :key="workout.id"
       />
diff --git a/fittrackee_client/src/components/Workout/WorkoutCard.vue b/fittrackee_client/src/components/Workout/WorkoutCard.vue
index dc3582f77..b0e779cb1 100644
--- a/fittrackee_client/src/components/Workout/WorkoutCard.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutCard.vue
@@ -11,6 +11,7 @@
               name: 'User',
               params: { username: user.username },
             }"
+            :title="user.username"
           >
             {{ user.username }}
           </router-link>
@@ -193,6 +194,7 @@
         .workout-user {
           display: flex;
           ::v-deep(.user-picture) {
+            min-width: min-content;
             img {
               height: 25px;
               width: 25px;
@@ -202,8 +204,17 @@
             }
           }
           .workout-user-name {
-            white-space: nowrap;
             padding-left: 5px;
+            max-width: 300px;
+            white-space: nowrap;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            @media screen and (max-width: $small-limit) {
+              max-width: fit-content;
+            }
+            @media screen and (max-width: $x-small-limit) {
+              max-width: 170px;
+            }
           }
         }
         .workout-date {
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index cff066f7c..3752aca03 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -24,7 +24,7 @@ const getWorkouts = (
 ): void => {
   context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
   authApi
-    .get('workouts', {
+    .get(target.match('TIMELINE') ? 'timeline' : 'workouts', {
       params: payload,
     })
     .then((res) => {

From 66011764ba797d618ee27c45e910174abc1dac2e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 4 Feb 2022 09:06:56 +0100
Subject: [PATCH 120/238] Client - dashboard minor changes

---
 .../Dashboard/UserCalendar/index.vue          |  1 +
 .../components/Dashboard/UserMonthStats.vue   | 25 ++++++++++---------
 .../src/locales/en/workouts.json              |  1 +
 .../src/locales/fr/workouts.json              |  1 +
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/fittrackee_client/src/components/Dashboard/UserCalendar/index.vue b/fittrackee_client/src/components/Dashboard/UserCalendar/index.vue
index da9aa65d0..e59558ab6 100644
--- a/fittrackee_client/src/components/Dashboard/UserCalendar/index.vue
+++ b/fittrackee_client/src/components/Dashboard/UserCalendar/index.vue
@@ -1,5 +1,6 @@
 <template>
   <div id="user-calendar">
+    <div class="section-title">{{ $t('workouts.MY_WORKOUTS') }}</div>
     <div class="calendar-card box">
       <CalendarHeader
         :day="day"
diff --git a/fittrackee_client/src/components/Dashboard/UserMonthStats.vue b/fittrackee_client/src/components/Dashboard/UserMonthStats.vue
index 7b0176f41..50f08cd22 100644
--- a/fittrackee_client/src/components/Dashboard/UserMonthStats.vue
+++ b/fittrackee_client/src/components/Dashboard/UserMonthStats.vue
@@ -1,17 +1,18 @@
 <template>
   <div class="user-month-stats">
-    <Card>
-      <template #title>{{ $t('dashboard.THIS_MONTH') }}</template>
-      <template #content>
-        <StatChart
-          :sports="sports"
-          :user="user"
-          :chart-params="chartParams"
-          :displayed-sport-ids="selectedSportIds"
-          :hide-chart-if-no-data="true"
-        />
-      </template>
-    </Card>
+    <div class="section-title">
+      <i class="fa fa-calendar custom-fa-small" aria-hidden="true" />
+      {{ $t('dashboard.THIS_MONTH') }}
+    </div>
+    <div class="box">
+      <StatChart
+        :sports="sports"
+        :user="user"
+        :chart-params="chartParams"
+        :displayed-sport-ids="selectedSportIds"
+        :hide-chart-if-no-data="true"
+      />
+    </div>
   </div>
 </template>
 
diff --git a/fittrackee_client/src/locales/en/workouts.json b/fittrackee_client/src/locales/en/workouts.json
index 492f14a6e..75546efee 100644
--- a/fittrackee_client/src/locales/en/workouts.json
+++ b/fittrackee_client/src/locales/en/workouts.json
@@ -24,6 +24,7 @@
   "MAX_SIZE": "max size",
   "MAX_SPEED": "max. speed",
   "MIN_ALTITUDE": "min. altitude",
+  "MY_WORKOUTS": "My workouts",
   "NEXT_SEGMENT": "No next segment",
   "NEXT_WORKOUT": "Next workout",
   "NO_DATA_CLEANING": "data from gpx, without any cleaning",
diff --git a/fittrackee_client/src/locales/fr/workouts.json b/fittrackee_client/src/locales/fr/workouts.json
index 790007102..6715e93b4 100644
--- a/fittrackee_client/src/locales/fr/workouts.json
+++ b/fittrackee_client/src/locales/fr/workouts.json
@@ -24,6 +24,7 @@
   "MAX_SIZE": "taille max. ",
   "MAX_SPEED": "vitesse max",
   "MIN_ALTITUDE": "altitude min",
+  "MY_WORKOUTS": "Mes séances",
   "NEXT_SEGMENT": "Segment suivant",
   "NEXT_WORKOUT": "Séance suivante",
   "NO_DATA_CLEANING": "données issues du fichier gpx, sans correction",

From 8a3a2c6f8e54379f47a4064efa1a7793fd5faa46 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 24 Apr 2022 17:16:24 +0200
Subject: [PATCH 121/238] API - minor test  refacto

---
 .../tests/workouts/test_workouts_model.py     | 16 ++++---
 .../test_workouts_utils_visibility.py         | 42 +++++++++----------
 2 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 412ebb54b..f8be551fa 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -22,8 +22,8 @@ def update_workout(
         gpx_path: Optional[str] = None,
         bounds: Optional[List[float]] = None,
     ) -> Workout:
-        workout.map_id = random_string() if map_id is None else map_id
-        workout.map = None if map_id is None else random_string()
+        workout.map_id = map_id
+        workout.map = random_string() if map_id is None else map_id
         workout.gpx = random_string() if gpx_path is None else gpx_path
         workout.bounds = [1.0, 2.0, 3.0, 4.0] if bounds is None else bounds
         workout.pauses = timedelta(minutes=15)
@@ -149,7 +149,9 @@ def test_serializer_returns_map_related_data(
         user_1: User,
         workout_cycling_user_1: Workout,
     ) -> None:
-        workout = self.update_workout(workout_cycling_user_1)
+        workout = self.update_workout(
+            workout_cycling_user_1, map_id=random_string()
+        )
 
         serialized_workout = workout.serialize(user_status=self.user_status)
 
@@ -338,7 +340,9 @@ def test_serializer_returns_map_related_data(
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
-        workout = self.update_workout(workout_cycling_user_1)
+        workout = self.update_workout(
+            workout_cycling_user_1, map_id=random_string()
+        )
 
         serialized_workout = workout.serialize(user_status=self.user_status)
 
@@ -463,7 +467,9 @@ def test_serializer_returns_map_related_data_when_visibility_is_public(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.map_visibility = PrivacyLevel.PUBLIC
-        workout = self.update_workout(workout_cycling_user_1)
+        workout = self.update_workout(
+            workout_cycling_user_1, map_id=random_string()
+        )
 
         serialized_workout = workout.serialize(user_status=self.user_status)
 
diff --git a/fittrackee/tests/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
index d12a7a4c8..33f381ed9 100644
--- a/fittrackee/tests/workouts/test_workouts_utils_visibility.py
+++ b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
@@ -176,18 +176,18 @@ def test_workout_can_be_viewed_when_public_and_no_user_provided(
 
 class TestCanViewWorkoutMap:
     @pytest.mark.parametrize(
-        'input_description,input_workout_visibility',
+        'input_description,input_map_visibility',
         [
             (
-                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                f'map visibility: {PrivacyLevel.PRIVATE.value}',
                 PrivacyLevel.PRIVATE,
             ),
             (
-                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                f'map visibility: {PrivacyLevel.FOLLOWERS.value}',
                 PrivacyLevel.FOLLOWERS,
             ),
             (
-                f'workout visibility: {PrivacyLevel.PUBLIC.value}',
+                f'map visibility: {PrivacyLevel.PUBLIC.value}',
                 PrivacyLevel.PUBLIC,
             ),
         ],
@@ -195,13 +195,13 @@ class TestCanViewWorkoutMap:
     def test_workout_owner_can_view_his_workout_map(
         self,
         input_description: str,
-        input_workout_visibility: PrivacyLevel,
+        input_map_visibility: PrivacyLevel,
         app: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        workout_cycling_user_1.map_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
 
         assert can_view_workout(
             workout_cycling_user_1, 'map_visibility', user_1
@@ -224,14 +224,14 @@ def test_follower_can_not_view_workout_map_when_private(
         ) == (False, 'follower')
 
     @pytest.mark.parametrize(
-        'input_description,input_workout_visibility',
+        'input_description,input_map_visibility',
         [
             (
-                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                f'map visibility: {PrivacyLevel.FOLLOWERS.value}',
                 PrivacyLevel.FOLLOWERS,
             ),
             (
-                f'workout visibility: {PrivacyLevel.PUBLIC.value}',
+                f'map visibility: {PrivacyLevel.PUBLIC.value}',
                 PrivacyLevel.PUBLIC,
             ),
         ],
@@ -239,7 +239,7 @@ def test_follower_can_not_view_workout_map_when_private(
     def test_follower_can_view_workout_map_when_public_or_follower_only(
         self,
         input_description: str,
-        input_workout_visibility: PrivacyLevel,
+        input_map_visibility: PrivacyLevel,
         app: Flask,
         user_1: User,
         user_2: User,
@@ -248,21 +248,21 @@ def test_follower_can_view_workout_map_when_public_or_follower_only(
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
         user_2.approves_follow_request_from(user_1)
-        workout_cycling_user_2.map_visibility = input_workout_visibility
+        workout_cycling_user_2.map_visibility = input_map_visibility
 
         assert can_view_workout(
             workout_cycling_user_2, 'map_visibility', user_1
         ) == (True, 'follower')
 
     @pytest.mark.parametrize(
-        'input_description,input_workout_visibility',
+        'input_description,input_map_visibility',
         [
             (
-                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                f'map visibility: {PrivacyLevel.PRIVATE.value}',
                 PrivacyLevel.PRIVATE,
             ),
             (
-                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                f'map visibility: {PrivacyLevel.FOLLOWERS.value}',
                 PrivacyLevel.FOLLOWERS,
             ),
         ],
@@ -270,14 +270,14 @@ def test_follower_can_view_workout_map_when_public_or_follower_only(
     def test_another_user_can_not_view_workout_map_when_private_or_follower_only(  # noqa
         self,
         input_description: str,
-        input_workout_visibility: PrivacyLevel,
+        input_map_visibility: PrivacyLevel,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        workout_cycling_user_2.map_visibility = input_workout_visibility
+        workout_cycling_user_2.map_visibility = input_map_visibility
 
         assert can_view_workout(
             workout_cycling_user_2, 'map_visibility', user_1
@@ -298,14 +298,14 @@ def test_another_user_can_view_workout_map_when_public(
         ) == (True, 'other')
 
     @pytest.mark.parametrize(
-        'input_description,input_workout_visibility',
+        'input_description,input_map_visibility',
         [
             (
-                f'workout visibility: {PrivacyLevel.PRIVATE.value}',
+                f'map visibility: {PrivacyLevel.PRIVATE.value}',
                 PrivacyLevel.PRIVATE,
             ),
             (
-                f'workout visibility: {PrivacyLevel.FOLLOWERS.value}',
+                f'map visibility: {PrivacyLevel.FOLLOWERS.value}',
                 PrivacyLevel.FOLLOWERS,
             ),
         ],
@@ -313,14 +313,14 @@ def test_another_user_can_view_workout_map_when_public(
     def test_map_can_not_viewed_when_no_user_and_private_or_follower_only_visibility(  # noqa
         self,
         input_description: str,
-        input_workout_visibility: PrivacyLevel,
+        input_map_visibility: PrivacyLevel,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
     ) -> None:
-        workout_cycling_user_2.map_visibility = input_workout_visibility
+        workout_cycling_user_2.map_visibility = input_map_visibility
 
         assert can_view_workout(workout_cycling_user_2, 'map_visibility') == (
             False,

From a9d5734ea255ec7118e8dd9fe3b9c415e6490cf3 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 24 Apr 2022 17:31:51 +0200
Subject: [PATCH 122/238] API - display workouts on timelime depending on
 visibility

---
 .../tests/workouts/test_timeline_api.py       | 79 +++++++++++++++++++
 .../test_workouts_utils_visibility.py         | 39 ++++++++-
 fittrackee/workouts/timeline.py               |  6 +-
 fittrackee/workouts/utils/visibility.py       | 19 ++++-
 4 files changed, 140 insertions(+), 3 deletions(-)

diff --git a/fittrackee/tests/workouts/test_timeline_api.py b/fittrackee/tests/workouts/test_timeline_api.py
index 423b66376..dd37ca631 100644
--- a/fittrackee/tests/workouts/test_timeline_api.py
+++ b/fittrackee/tests/workouts/test_timeline_api.py
@@ -190,6 +190,85 @@ def test_it_does_return_workout_if_visibility_does_not_allow_it(
 
         self.assert_no_workout_returned(response)
 
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_does_not_return_followed_user_workout_map_when_private(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        if input_workout_visibility == PrivacyLevel.FOLLOWERS:
+            user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        workout_cycling_user_2.map_visibility = PrivacyLevel.PRIVATE
+        workout_cycling_user_2.map_id = self.random_string()
+        workout_cycling_user_2.map = self.random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['data']['workouts'][0]['map'] is None
+
+    @pytest.mark.parametrize(
+        'input_desc,input_visibility',
+        [
+            (
+                'workout and map visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout and map visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_followed_user_workout_map_when_visibility_allows_it(
+        self,
+        input_desc: str,
+        input_visibility: PrivacyLevel,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        if input_visibility == PrivacyLevel.FOLLOWERS:
+            user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_visibility
+        workout_cycling_user_2.map_visibility = input_visibility
+        map_id = self.random_string()
+        workout_cycling_user_2.map_id = map_id
+        workout_cycling_user_2.map = self.random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['data']['workouts'][0]['map'] == map_id
+
 
 class TestGetUserTimelinePagination(ApiTestCaseMixin):
     def test_it_returns_pagination_when_no_workouts(
diff --git a/fittrackee/tests/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
index 33f381ed9..f51a5091e 100644
--- a/fittrackee/tests/workouts/test_workouts_utils_visibility.py
+++ b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
@@ -1,10 +1,15 @@
+from unittest.mock import patch
+
 import pytest
 from flask import Flask
 
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
-from fittrackee.workouts.utils.visibility import can_view_workout
+from fittrackee.workouts.utils.visibility import (
+    can_view_workout,
+    get_workout_user_status,
+)
 
 
 class TestCanViewWorkout:
@@ -341,3 +346,35 @@ def test_workout_can_be_viewed_when_public_and_no_user_provided(
             True,
             'other',
         )
+
+
+class TestGetUserStatus:
+    def test_it_calls_can_view_workout_to_get_user_status(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        with patch(
+            'fittrackee.workouts.utils.visibility.can_view_workout',
+            return_value=(False, 'other'),
+        ) as can_view_workout_mock:
+            get_workout_user_status(workout_cycling_user_2, user_1)
+
+        can_view_workout_mock.assert_called_once_with(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        )
+
+    def test_it_returns_user_status(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        assert (
+            get_workout_user_status(workout_cycling_user_2, user_1) == 'other'
+        )
diff --git a/fittrackee/workouts/timeline.py b/fittrackee/workouts/timeline.py
index b1fce1173..50109525e 100644
--- a/fittrackee/workouts/timeline.py
+++ b/fittrackee/workouts/timeline.py
@@ -9,6 +9,7 @@
 from fittrackee.users.models import User
 
 from .models import Workout
+from .utils.visibility import get_workout_user_status
 
 timeline_blueprint = Blueprint('timeline', __name__)
 
@@ -44,7 +45,10 @@ def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
             'status': 'success',
             'data': {
                 'workouts': [
-                    workout.serialize('owner') for workout in workouts
+                    workout.serialize(
+                        get_workout_user_status(workout, auth_user)
+                    )
+                    for workout in workouts
                 ]
             },
             'pagination': {
diff --git a/fittrackee/workouts/utils/visibility.py b/fittrackee/workouts/utils/visibility.py
index b7d18bfd7..ba7a3903e 100644
--- a/fittrackee/workouts/utils/visibility.py
+++ b/fittrackee/workouts/utils/visibility.py
@@ -17,7 +17,7 @@ def can_view_workout(
     - owner: provided user is workout owner
     - follower: provided user follows workout owner
     - other: other cases (user does not follow workout owner,
-      unauthenticated user (no user provided)
+      unauthenticated user (no user provided))
     """
     status = 'other'
     if user is not None:
@@ -42,3 +42,20 @@ def can_view_workout(
     ):
         return True, status
     return False, status
+
+
+def get_workout_user_status(
+    workout: Workout,
+    user: Optional[User] = None,
+) -> str:
+    """
+    returns user status depending on workout visibility and relationship
+
+    status:
+    - owner: provided user is workout owner
+    - follower: provided user follows workout owner
+    - other: other cases (user does not follow workout owner,
+      unauthenticated user (no user provided))
+    """
+    _, user_status = can_view_workout(workout, 'workout_visibility', user)
+    return user_status

From 3b89dd698da0e7d15042204e27220d3bd465b600 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 24 Apr 2022 18:01:20 +0200
Subject: [PATCH 123/238] API - fix User and Workouts models

(add missing nullable attribute)
---
 fittrackee/users/models.py    | 8 ++++++--
 fittrackee/workouts/models.py | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 5a4894cce..72da4e2e6 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -148,10 +148,14 @@ class User(BaseModel):
     )
     is_remote = db.Column(db.Boolean, default=False, nullable=False)
     workouts_visibility = db.Column(
-        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+        Enum(PrivacyLevel, name='privacy_levels'),
+        server_default='PRIVATE',
+        nullable=False,
     )
     map_visibility = db.Column(
-        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+        Enum(PrivacyLevel, name='privacy_levels'),
+        server_default='PRIVATE',
+        nullable=False,
     )
 
     workouts = db.relationship(
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 6afc9e3a3..4e1be9b0d 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -158,10 +158,14 @@ class Workout(BaseModel):
     weather_end = db.Column(JSON, nullable=True)
     notes = db.Column(db.String(500), nullable=True)
     workout_visibility = db.Column(
-        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+        Enum(PrivacyLevel, name='privacy_levels'),
+        server_default='PRIVATE',
+        nullable=False,
     )
     map_visibility = db.Column(
-        Enum(PrivacyLevel, name='privacy_levels'), server_default='PRIVATE'
+        Enum(PrivacyLevel, name='privacy_levels'),
+        server_default='PRIVATE',
+        nullable=False,
     )
     segments = db.relationship(
         'WorkoutSegment',

From 55b840df2d7846ca95ef806cef32c8185a55bc76 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 24 Apr 2022 18:45:04 +0200
Subject: [PATCH 124/238] API - store remote instance software name and version

---
 fittrackee/federation/exceptions.py           |  8 ++
 fittrackee/federation/models.py               | 28 +++++-
 fittrackee/federation/remote_domain.py        | 32 +++++++
 fittrackee/federation/tasks/remote_server.py  | 23 +++++
 fittrackee/federation/utils_user.py           |  2 +
 .../24_8842c351a2d8_init_federation.py        |  6 +-
 .../federation/test_federation_models.py      | 37 ++++++++
 .../test_federation_remote_server.py          | 93 +++++++++++++++++++
 .../test_federation_tasks_remote_server.py    | 37 ++++++++
 .../federation/test_federation_utils_user.py  | 28 ++++++
 fittrackee/tests/fixtures/fixtures_app.py     |  4 +-
 11 files changed, 290 insertions(+), 8 deletions(-)
 create mode 100644 fittrackee/federation/remote_domain.py
 create mode 100644 fittrackee/federation/tasks/remote_server.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_remote_server.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_tasks_remote_server.py

diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index dba521aa2..97a50f54a 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -53,6 +53,14 @@ def __init__(self, message: Optional[str] = None) -> None:
         )
 
 
+class RemoteServerException(GenericException):
+    def __init__(self, message: Optional[str] = None) -> None:
+        super().__init__(
+            status='error',
+            message=(message if message else 'Invalid remote server'),
+        )
+
+
 class UnsupportedActivityException(GenericException):
     def __init__(self, activity_type: str) -> None:
         super().__init__(
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index e22ec5277..c1fe71612 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -8,7 +8,7 @@
 from sqlalchemy.orm.session import Session
 from sqlalchemy.types import Enum
 
-from fittrackee import BaseModel, db
+from fittrackee import VERSION, BaseModel, db
 
 from .constants import AP_CTX
 from .enums import ActorType
@@ -29,6 +29,8 @@ class Domain(BaseModel):
     name = db.Column(db.String(1000), unique=True, nullable=False)
     created_at = db.Column(db.DateTime, nullable=False)
     is_allowed = db.Column(db.Boolean, default=True, nullable=False)
+    software_name = db.Column(db.String(255), nullable=True)
+    software_version = db.Column(db.String(255), nullable=True)
 
     actors = db.relationship('Actor', back_populates='domain')
 
@@ -36,15 +38,27 @@ def __str__(self) -> str:
         return f'<Domain \'{self.name}\'>'
 
     def __init__(
-        self, name: str, created_at: Optional[datetime] = datetime.utcnow()
+        self,
+        name: str,
+        created_at: Optional[datetime] = None,
+        software_name: Optional[str] = None,
+        software_version: Optional[str] = None,
     ) -> None:
         self.name = name
-        self.created_at = created_at
+        self.created_at = (
+            datetime.utcnow() if created_at is None else created_at
+        )
+        self.software_name = software_name
+        self.software_version = software_version
 
     @property
     def is_remote(self) -> bool:
         return self.name != current_app.config['AP_DOMAIN']
 
+    @property
+    def software_current_version(self) -> bool:
+        return self.software_version if self.is_remote else VERSION
+
     def serialize(self) -> Dict:
         return {
             'id': self.id,
@@ -52,6 +66,8 @@ def serialize(self) -> Dict:
             'created_at': self.created_at,
             'is_remote': self.is_remote,
             'is_allowed': self.is_allowed,
+            'software_name': self.software_name,
+            'software_version': self.software_current_version,
         }
 
 
@@ -97,10 +113,12 @@ def __init__(
         self,
         preferred_username: str,
         domain_id: int,
-        created_at: Optional[datetime] = datetime.utcnow(),
+        created_at: Optional[datetime] = None,
         remote_user_data: Optional[Dict] = None,
     ) -> None:
-        self.created_at = created_at
+        self.created_at = (
+            datetime.utcnow() if created_at is None else created_at
+        )
         self.domain_id = domain_id
         self.preferred_username = preferred_username
         if remote_user_data:
diff --git a/fittrackee/federation/remote_domain.py b/fittrackee/federation/remote_domain.py
new file mode 100644
index 000000000..13081337d
--- /dev/null
+++ b/fittrackee/federation/remote_domain.py
@@ -0,0 +1,32 @@
+from typing import Dict
+
+import requests
+
+from fittrackee.federation.exceptions import RemoteServerException
+
+
+def get_remote_server_node_info_url(domain_name: str) -> str:
+    response = requests.get(
+        f'https://{domain_name}/.well-known/nodeinfo',
+    )
+    if response.status_code >= 400:
+        raise RemoteServerException(
+            f"Error when getting node_info url for server '{domain_name}'"
+        )
+
+    node_info_url = response.json().get('links', [{}])[0].get('href')
+    if not node_info_url:
+        raise RemoteServerException(
+            f"Invalid node_info url for server '{domain_name}'"
+        )
+
+    return node_info_url
+
+
+def get_remote_server_node_info_data(node_info_url: str) -> Dict:
+    response = requests.get(node_info_url)
+    if response.status_code >= 400:
+        raise RemoteServerException(
+            f"Error when getting node_info data from '{node_info_url}'"
+        )
+    return response.json()
diff --git a/fittrackee/federation/tasks/remote_server.py b/fittrackee/federation/tasks/remote_server.py
new file mode 100644
index 000000000..5686a5664
--- /dev/null
+++ b/fittrackee/federation/tasks/remote_server.py
@@ -0,0 +1,23 @@
+from fittrackee import appLog, db, dramatiq
+from fittrackee.federation.models import Domain
+from fittrackee.federation.remote_domain import (
+    get_remote_server_node_info_data,
+    get_remote_server_node_info_url,
+)
+
+
+@dramatiq.actor(queue_name='fittrackee_remote_server')
+def update_remote_server(domain_name: str) -> None:
+    try:
+        node_info_url = get_remote_server_node_info_url(domain_name)
+        node_info_data = get_remote_server_node_info_data(node_info_url)
+
+        domain = Domain.query.filter_by(name=domain_name).first()
+        domain.software_name = node_info_data.get('software', {}).get('name')
+        domain.software_version = node_info_data.get('software', {}).get(
+            'version'
+        )
+
+        db.session.commit()
+    except Exception as e:
+        appLog.error(f"Error when updating remote server '{domain_name}': {e}")
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils_user.py
index 691e2dfc6..c3823961a 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils_user.py
@@ -13,6 +13,7 @@
     fetch_account_from_webfinger,
     get_remote_actor_url,
 )
+from fittrackee.federation.tasks.remote_server import update_remote_server
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
@@ -98,6 +99,7 @@ def get_or_create_remote_domain(domain_name: str) -> Domain:
         remote_domain = Domain(name=domain_name)
         db.session.add(remote_domain)
         db.session.commit()
+    update_remote_server.send(domain_name=domain_name)
     return remote_domain
 
 
diff --git a/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
index f88c082f8..cd5c08fbf 100644
--- a/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
@@ -42,6 +42,8 @@ def upgrade():
         sa.Column('name', sa.String(length=1000), nullable=False),
         sa.Column('created_at', sa.DateTime(), nullable=False),
         sa.Column('is_allowed', sa.Boolean(), nullable=False),
+        sa.Column('software_name', sa.String(length=255), nullable=True),
+        sa.Column('software_version', sa.String(length=255), nullable=True),
         sa.PrimaryKeyConstraint('id'),
         sa.UniqueConstraint('name'),
     )
@@ -50,8 +52,8 @@ def upgrade():
     domain = remove_url_scheme(os.environ['UI_URL'])
     created_at = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
     op.execute(
-        "INSERT INTO domains (name, created_at, is_allowed)"
-        f"VALUES ('{domain}', '{created_at}'::timestamp, True)"
+        "INSERT INTO domains (name, created_at, is_allowed, software_name)"
+        f"VALUES ('{domain}', '{created_at}'::timestamp, True, 'fittrackee')"
     )
 
     actors_table = op.create_table(
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index d0a716466..4f2951834 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -1,3 +1,4 @@
+from typing import Optional
 from uuid import uuid4
 
 import pytest
@@ -6,6 +7,7 @@
 from Crypto.Signature import pkcs1_15
 from flask import Flask
 
+from fittrackee import VERSION
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.models import Actor, Domain, RemoteActorStats
 from fittrackee.federation.utils import get_ap_url
@@ -27,6 +29,7 @@ def test_it_returns_string_representation(
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
         ).first()
+
         assert f"<Domain '{app_with_federation.config['AP_DOMAIN']}'>" == str(
             local_domain
         )
@@ -35,6 +38,7 @@ def test_app_domain_is_local(self, app_with_federation: Flask) -> None:
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
         ).first()
+
         assert not local_domain.is_remote
 
     def test_domain_is_remote(
@@ -42,12 +46,40 @@ def test_domain_is_remote(
     ) -> None:
         assert remote_domain.is_remote
 
+    def test_it_returns_current_version_when_local(
+        self, app_with_federation: Flask
+    ) -> None:
+        local_domain = Domain.query.filter_by(
+            name=app_with_federation.config['AP_DOMAIN']
+        ).first()
+
+        assert local_domain.software_version is None
+        assert local_domain.software_current_version == VERSION
+
+    @pytest.mark.parametrize(
+        'input_software_version,',
+        [
+            (None,),
+            (uuid4().hex,),
+        ],
+    )
+    def test_it_returns_current_version_when_remote(
+        self,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+        input_software_version: Optional[str],
+    ) -> None:
+        remote_domain.software_version = input_software_version
+
+        assert remote_domain.software_current_version == input_software_version
+
     def test_it_returns_serialized_object(
         self, app_with_federation: Flask
     ) -> None:
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
         ).first()
+
         serialized_domain = local_domain.serialize()
 
         assert serialized_domain['id']
@@ -58,6 +90,11 @@ def test_it_returns_serialized_object(
         )
         assert serialized_domain['is_allowed']
         assert not serialized_domain['is_remote']
+        assert serialized_domain['software_name'] == local_domain.software_name
+        assert (
+            serialized_domain['software_version']
+            == local_domain.software_current_version
+        )
 
 
 class TestActivityPubLocalPersonActorModel:
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_server.py b/fittrackee/tests/federation/federation/test_federation_remote_server.py
new file mode 100644
index 000000000..c27567b20
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_remote_server.py
@@ -0,0 +1,93 @@
+from unittest.mock import patch
+
+import pytest
+import requests
+
+from fittrackee.federation.exceptions import RemoteServerException
+from fittrackee.federation.remote_domain import (
+    get_remote_server_node_info_data,
+    get_remote_server_node_info_url,
+)
+
+from ...utils import generate_response, random_domain
+
+
+class TestGetNodeInfoUrl:
+    def test_it_raises_exception_when_requests_returns_error(self) -> None:
+        domain_name = random_domain()
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(status_code=400)
+
+            with pytest.raises(
+                RemoteServerException,
+                match=(
+                    "Error when getting node_info url "
+                    f"for server '{domain_name}'"
+                ),
+            ):
+                get_remote_server_node_info_url(domain_name)
+
+    def test_it_raises_exception_when_node_info_url_is_invalid(self) -> None:
+        domain_name = random_domain()
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200, content={}
+            )
+
+            with pytest.raises(
+                RemoteServerException,
+                match=f"Invalid node_info url for server '{domain_name}'",
+            ):
+                get_remote_server_node_info_url(domain_name)
+
+    def test_it_returns_node_info_url(self) -> None:
+        domain_name = random_domain()
+        expected_node_info_url = f'https://{domain_name}/nodeinfo/2.0'
+        node_infos_links = {
+            'links': [
+                {
+                    'rel': 'http://nodeinfo.diaspora.software/ns/schema/2.0',
+                    'href': expected_node_info_url,
+                }
+            ]
+        }
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200, content=node_infos_links
+            )
+
+            node_info_url = get_remote_server_node_info_url(domain_name)
+
+        assert node_info_url == expected_node_info_url
+
+
+class TestGetNodeInfoData:
+    node_info_url = f'https://{random_domain()}/nodeinfo/2.0'
+
+    def test_it_raises_exception_when_requests_returns_error(self) -> None:
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(status_code=400)
+
+            with pytest.raises(
+                RemoteServerException,
+                match=(
+                    "Error when getting node_info data from "
+                    f"'{self.node_info_url}'"
+                ),
+            ):
+                get_remote_server_node_info_data(self.node_info_url)
+
+    def test_it_returns_node_info_data(self) -> None:
+        expected_node_info_data = {
+            'protocols': ['activitypub'],
+        }
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200, content=expected_node_info_data
+            )
+
+            node_info_data = get_remote_server_node_info_data(
+                self.node_info_url
+            )
+
+        assert node_info_data == expected_node_info_data
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks_remote_server.py b/fittrackee/tests/federation/federation/test_federation_tasks_remote_server.py
new file mode 100644
index 000000000..07b2165e3
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_remote_server.py
@@ -0,0 +1,37 @@
+from unittest.mock import patch
+
+from fittrackee.federation.models import Domain
+from fittrackee.federation.tasks.remote_server import update_remote_server
+
+from ...utils import random_string
+
+MODULE = 'fittrackee.federation.tasks.remote_server'
+
+
+class TestUpdateRemoteServer:
+    def test_it_update_remote_server(self, remote_domain: Domain) -> None:
+        expected_software_name = random_string()
+        expected_software_version = random_string()
+        node_info_data = {
+            'version': '2.0',
+            'software': {
+                'name': expected_software_name,
+                'version': expected_software_version,
+            },
+        }
+        with patch(
+            'fittrackee.federation.tasks.remote_server.'
+            'get_remote_server_node_info_url'
+        ), patch(
+            'fittrackee.federation.tasks.remote_server.'
+            'get_remote_server_node_info_data',
+            return_value=node_info_data,
+        ):
+
+            update_remote_server(remote_domain.name)
+
+        assert remote_domain.software_name == expected_software_name
+        assert remote_domain.software_version == expected_software_version
+        assert (
+            remote_domain.software_current_version == expected_software_version
+        )
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 6230c390b..3caf809cf 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -101,6 +101,20 @@ def test_it_creates_and_returns_remote_domain(
         assert isinstance(domain, Domain)
         assert domain.name == urlparse(random_actor.activitypub_id).netloc
 
+    def test_it_calls_update_remote_server_when_creating_domain(
+        self, app_with_federation: Flask, random_actor: RandomActor
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_server'
+        ) as update_remote_server_mock:
+            domain = get_or_create_remote_domain_from_url(
+                random_actor.activitypub_id
+            )
+
+        update_remote_server_mock.send.assert_called_with(
+            domain_name=domain.name
+        )
+
     def test_it_returns_existing_remote_domain(
         self, app_with_federation: Flask, remote_domain: Domain
     ) -> None:
@@ -110,6 +124,20 @@ def test_it_returns_existing_remote_domain(
 
         assert domain == remote_domain
 
+    def test_it_calls_update_remote_server_when_domain_exists(
+        self, app_with_federation: Flask, remote_domain: Domain
+    ) -> None:
+        with patch(
+            'fittrackee.federation.utils_user.update_remote_server'
+        ) as update_remote_server_mock:
+            get_or_create_remote_domain_from_url(
+                f'https://{remote_domain.name}/users/random'
+            )
+
+        update_remote_server_mock.send.assert_called_with(
+            domain_name=remote_domain.name
+        )
+
 
 class TestCreateRemoteUser:
     def test_it_returns_error_if_remote_actor_domain_is_local(
diff --git a/fittrackee/tests/fixtures/fixtures_app.py b/fittrackee/tests/fixtures/fixtures_app.py
index 07643da47..f5528e111 100644
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@@ -62,7 +62,9 @@ def get_app(
             if app_db_config:
                 update_app_config_from_database(app, app_db_config)
             if with_domain:
-                domain = Domain(name=app.config['AP_DOMAIN'])
+                domain = Domain(
+                    name=app.config['AP_DOMAIN'], software_name='fittrackee'
+                )
                 db.session.add(domain)
                 db.session.commit()
             yield app

From ff8d93af82cffa12af869f658a8b6cf3fb16c3a6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 7 May 2022 10:59:21 +0200
Subject: [PATCH 125/238] API - minor refacto

---
 fittrackee/federation/activities.py           |  2 +-
 fittrackee/federation/collections.py          |  2 +-
 fittrackee/federation/constants.py            |  1 +
 fittrackee/federation/tasks/remote_server.py  |  2 +-
 .../{utils.py => utils/__init__.py}           |  2 +-
 .../federation/{ => utils}/remote_actor.py    |  0
 .../federation/{ => utils}/remote_domain.py   |  0
 .../{utils_user.py => utils/user.py}          |  6 +-
 .../24_8842c351a2d8_init_federation.py        |  4 +-
 .../federation/test_federation_activities.py  |  6 +-
 .../test_federation_remote_server.py          |  2 +-
 .../federation/test_federation_utils_user.py  | 86 +++++++++----------
 .../federation/test_remote_actor.py           |  2 +-
 .../tests/federation/users/test_users_api.py  | 16 ++--
 fittrackee/users/follow_requests.py           |  2 +-
 fittrackee/users/users.py                     |  2 +-
 fittrackee/users/utils/admin.py               |  2 +-
 17 files changed, 70 insertions(+), 67 deletions(-)
 rename fittrackee/federation/{utils.py => utils/__init__.py} (97%)
 rename fittrackee/federation/{ => utils}/remote_actor.py (100%)
 rename fittrackee/federation/{ => utils}/remote_domain.py (100%)
 rename fittrackee/federation/{utils_user.py => utils/user.py} (98%)

diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities.py
index 6af9a9472..78dd9499b 100644
--- a/fittrackee/federation/activities.py
+++ b/fittrackee/federation/activities.py
@@ -4,7 +4,7 @@
 from fittrackee import appLog
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
-from fittrackee.federation.utils_user import (
+from fittrackee.federation.utils.user import (
     create_remote_user,
     get_or_create_remote_domain_from_url,
 )
diff --git a/fittrackee/federation/collections.py b/fittrackee/federation/collections.py
index 0a5e281aa..e54198276 100644
--- a/fittrackee/federation/collections.py
+++ b/fittrackee/federation/collections.py
@@ -2,7 +2,7 @@
 
 from flask_sqlalchemy import BaseQuery, Pagination
 
-CONTEXT = 'https://www.w3.org/ns/activitystreams'
+from fittrackee.federation.constants import CONTEXT
 
 
 class OrderedCollection:
diff --git a/fittrackee/federation/constants.py b/fittrackee/federation/constants.py
index bf8b15e43..27770c073 100644
--- a/fittrackee/federation/constants.py
+++ b/fittrackee/federation/constants.py
@@ -2,3 +2,4 @@
     'https://www.w3.org/ns/activitystreams',
     'https://w3id.org/security/v1',
 ]
+CONTEXT = 'https://www.w3.org/ns/activitystreams'
diff --git a/fittrackee/federation/tasks/remote_server.py b/fittrackee/federation/tasks/remote_server.py
index 5686a5664..bde58e2c9 100644
--- a/fittrackee/federation/tasks/remote_server.py
+++ b/fittrackee/federation/tasks/remote_server.py
@@ -1,6 +1,6 @@
 from fittrackee import appLog, db, dramatiq
 from fittrackee.federation.models import Domain
-from fittrackee.federation.remote_domain import (
+from fittrackee.federation.utils.remote_domain import (
     get_remote_server_node_info_data,
     get_remote_server_node_info_url,
 )
diff --git a/fittrackee/federation/utils.py b/fittrackee/federation/utils/__init__.py
similarity index 97%
rename from fittrackee/federation/utils.py
rename to fittrackee/federation/utils/__init__.py
index 458d8de5b..b29a4ade8 100644
--- a/fittrackee/federation/utils.py
+++ b/fittrackee/federation/utils/__init__.py
@@ -4,7 +4,7 @@
 from Crypto.PublicKey import RSA
 from flask import current_app
 
-from .enums import ActivityType
+from ..enums import ActivityType
 
 
 def generate_keys() -> Tuple[str, str]:
diff --git a/fittrackee/federation/remote_actor.py b/fittrackee/federation/utils/remote_actor.py
similarity index 100%
rename from fittrackee/federation/remote_actor.py
rename to fittrackee/federation/utils/remote_actor.py
diff --git a/fittrackee/federation/remote_domain.py b/fittrackee/federation/utils/remote_domain.py
similarity index 100%
rename from fittrackee/federation/remote_domain.py
rename to fittrackee/federation/utils/remote_domain.py
diff --git a/fittrackee/federation/utils_user.py b/fittrackee/federation/utils/user.py
similarity index 98%
rename from fittrackee/federation/utils_user.py
rename to fittrackee/federation/utils/user.py
index c3823961a..13a9c51b2 100644
--- a/fittrackee/federation/utils_user.py
+++ b/fittrackee/federation/utils/user.py
@@ -9,16 +9,16 @@
 from fittrackee import appLog, db
 from fittrackee.federation.exceptions import RemoteActorException
 from fittrackee.federation.models import MEDIA_TYPES, Actor, Domain
-from fittrackee.federation.remote_actor import (
+from fittrackee.federation.tasks.remote_server import update_remote_server
+from fittrackee.federation.utils.remote_actor import (
     fetch_account_from_webfinger,
     get_remote_actor_url,
 )
-from fittrackee.federation.tasks.remote_server import update_remote_server
 from fittrackee.files import get_absolute_file_path
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
-from .exceptions import ActorNotFoundException
+from ..exceptions import ActorNotFoundException
 
 FULL_NAME_REGEX = r'^@?([\w_\-\.]+)@([\w_\-\.]+\.[a-z]{2,})$'
 MEDIA_EXTENSIONS = {value: key for (key, value) in MEDIA_TYPES.items()}
diff --git a/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
index cd5c08fbf..19f64a5b6 100644
--- a/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
@@ -12,7 +12,9 @@
 from alembic import op
 from sqlalchemy.dialects.postgresql import ENUM
 
-from fittrackee.federation.utils import generate_keys, get_ap_url, remove_url_scheme
+from fittrackee.federation.utils import (
+    generate_keys, get_ap_url, remove_url_scheme
+)
 
 
 # revision identifiers, used by Alembic.
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities.py
index bd7ec72e7..0357b89ef 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities.py
@@ -195,12 +195,12 @@ def test_it_creates_remote_user_and_follow_request(
             activity_dict=follow_activity
         )
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ), patch(
-            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
         ), patch(
-            'fittrackee.federation.utils_user.update_remote_actor_stats'
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
         ):
             activity.process_activity()
 
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_server.py b/fittrackee/tests/federation/federation/test_federation_remote_server.py
index c27567b20..be0ed6611 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_server.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_server.py
@@ -4,7 +4,7 @@
 import requests
 
 from fittrackee.federation.exceptions import RemoteServerException
-from fittrackee.federation.remote_domain import (
+from fittrackee.federation.utils.remote_domain import (
     get_remote_server_node_info_data,
     get_remote_server_node_info_url,
 )
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index 3caf809cf..38d8234a2 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -11,7 +11,7 @@
     RemoteActorException,
 )
 from fittrackee.federation.models import Domain
-from fittrackee.federation.utils_user import (
+from fittrackee.federation.utils.user import (
     create_remote_user_from_username,
     get_or_create_remote_domain_from_url,
     get_user_from_username,
@@ -105,7 +105,7 @@ def test_it_calls_update_remote_server_when_creating_domain(
         self, app_with_federation: Flask, random_actor: RandomActor
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.update_remote_server'
+            'fittrackee.federation.utils.user.update_remote_server'
         ) as update_remote_server_mock:
             domain = get_or_create_remote_domain_from_url(
                 random_actor.activitypub_id
@@ -128,7 +128,7 @@ def test_it_calls_update_remote_server_when_domain_exists(
         self, app_with_federation: Flask, remote_domain: Domain
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.update_remote_server'
+            'fittrackee.federation.utils.user.update_remote_server'
         ) as update_remote_server_mock:
             get_or_create_remote_domain_from_url(
                 f'https://{remote_domain.name}/users/random'
@@ -162,7 +162,7 @@ def test_it_returns_error_if_remote_webfinger_returns_error(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             side_effect=ActorNotFoundException(),
         ), pytest.raises(
             RemoteActorException,
@@ -216,7 +216,7 @@ def test_it_returns_error_if_remote_webfinger_does_not_return_links(
         input_webfinger: Dict,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value={},
         ), pytest.raises(
             RemoteActorException,
@@ -236,10 +236,10 @@ def test_it_returns_error_if_fetching_remote_user_returns_error(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             side_effect=ActorNotFoundException(),
         ), pytest.raises(
             RemoteActorException,
@@ -259,10 +259,10 @@ def test_it_returns_error_if_preferred_username_is_missing_in_remote_actor_objec
         remote_user_object = random_actor.get_remote_user_object()
         del remote_user_object['preferredUsername']
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=remote_user_object,
         ), pytest.raises(
             RemoteActorException,
@@ -280,10 +280,10 @@ def test_it_returns_error_if_keys_are_missing_in_remote_actor_object(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value={
                 'preferredUsername': random_actor.preferred_username,
             },
@@ -305,10 +305,10 @@ def test_it_creates_remote_actor_if_actor_does_not_exist(
         random_actor.domain = f'https://{remote_domain.name}'
         random_actor.manually_approves_followers = False
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
 
@@ -328,10 +328,10 @@ def test_it_creates_remote_actor_when_actor_and_domain_does_not_exist(
         random_actor: RandomActor,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = create_remote_user_from_username(
@@ -348,10 +348,10 @@ def test_it_uses_preferred_name_as_username_if_name_is_empty(
         remote_user_object = random_actor.get_remote_user_object()
         remote_user_object['name'] = ""
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=remote_user_object,
         ):
             user = create_remote_user_from_username(
@@ -367,13 +367,13 @@ def test_it_calls_store_or_delete_user_picture(
     ) -> None:
         remote_actor_object = random_actor.get_remote_user_object()
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=remote_actor_object,
         ), patch(
-            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
         ) as store_or_delete_mock:
             user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
@@ -388,15 +388,15 @@ def test_it_calls_update_remote_actor_stats(
     ) -> None:
         remote_actor_object = random_actor.get_remote_user_object()
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=remote_actor_object,
         ), patch(
-            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
         ), patch(
-            'fittrackee.federation.utils_user.update_remote_actor_stats'
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
         ) as update_remote_actor_stats_mock:
             user = create_remote_user_from_username(
                 random_actor.preferred_username, random_actor.domain
@@ -412,7 +412,7 @@ def test_it_raises_error_if_remote_actor_exists(
         remote_user_object['name'] = updated_name
         remote_user_object['manuallyApprovesFollowers'] = False
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value={
                 'subject': f'acct:{remote_user.actor.fullname}',
                 'links': [
@@ -424,7 +424,7 @@ def test_it_raises_error_if_remote_actor_exists(
                 ],
             },
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=remote_user_object,
         ), pytest.raises(
             RemoteActorException,
@@ -445,10 +445,10 @@ def test_it_creates_additional_remote_actor(
         check constrains on User model
         """
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = create_remote_user_from_username(
@@ -474,7 +474,7 @@ def test_it_raises_exception_if_can_not_fetch_user(
         remote_user: User,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             side_effect=ActorNotFoundException(),
         ), pytest.raises(
             RemoteActorException,
@@ -490,7 +490,7 @@ def test_it_updates_user_username(
     ) -> None:
         expected_name = random_string()[0:30]
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value={
                 'name': expected_name,
                 'manuallyApprovesFollowers': True,
@@ -507,7 +507,7 @@ def test_it_updates_manually_approves_followers(
         remote_user: User,
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value={
                 'name': random_string()[0:30],
                 'manuallyApprovesFollowers': False,
@@ -528,12 +528,12 @@ def test_it_calls_store_or_delete_user_picture(
             'manuallyApprovesFollowers': False,
         }
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=remote_actor_object,
         ), patch(
-            'fittrackee.federation.utils_user.update_remote_actor_stats'
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
         ), patch(
-            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
         ) as store_or_delete_user_picture_mock:
 
             update_remote_user(remote_user.actor)
@@ -549,15 +549,15 @@ def test_it_calls_update_remote_actor_stats(
     ) -> None:
 
         with patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value={
                 'name': random_string()[0:30],
                 'manuallyApprovesFollowers': False,
             },
         ), patch(
-            'fittrackee.federation.utils_user.store_or_delete_user_picture'
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
         ), patch(
-            'fittrackee.federation.utils_user.update_remote_actor_stats'
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
         ) as update_remote_actor_stats_mock:
 
             update_remote_user(remote_user.actor)
@@ -624,10 +624,10 @@ def test_it_creates_and_returns_remote_user_if_not_existing_and_with_creation(
         self, app_with_federation: Flask, random_actor: RandomActor
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = get_user_from_username(
@@ -644,10 +644,10 @@ def test_it_creates_remote_user_when_regsitreation_is_disabled(  # noqa
     ) -> None:
         app_with_federation.config['is_registration_enabled'] = False
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             user = get_user_from_username(
@@ -660,7 +660,7 @@ def test_it_calls_update_remote_user_if_remote_user_exists_and_with_refresh(  #
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user'
+            'fittrackee.federation.utils.user.update_remote_user'
         ) as update_remote_user_mock:
             get_user_from_username(
                 remote_user.actor.fullname, with_action='refresh'
@@ -672,7 +672,7 @@ def test_it_does_not_raise_error_if_refresh_fails(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user',
+            'fittrackee.federation.utils.user.update_remote_user',
             side_effect=RemoteActorException(),
         ):
             user = get_user_from_username(
diff --git a/fittrackee/tests/federation/federation/test_remote_actor.py b/fittrackee/tests/federation/federation/test_remote_actor.py
index 1de4a48f3..4acbc623e 100644
--- a/fittrackee/tests/federation/federation/test_remote_actor.py
+++ b/fittrackee/tests/federation/federation/test_remote_actor.py
@@ -4,7 +4,7 @@
 import requests
 
 from fittrackee.federation.exceptions import ActorNotFoundException
-from fittrackee.federation.remote_actor import get_remote_actor_url
+from fittrackee.federation.utils.remote_actor import get_remote_actor_url
 
 from ...utils import RandomActor, generate_response, random_actor_url
 
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index b32016e70..30055d810 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -114,7 +114,7 @@ def test_it_returns_remote_user_when_query_contains_account(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user',
+            'fittrackee.federation.utils.user.update_remote_user',
         ):
             response = client.get(
                 f'/api/users/remote?q=@{remote_user.actor.fullname}',
@@ -145,7 +145,7 @@ def test_it_calls_update_remote_user_when_remote_user_exists(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user',
+            'fittrackee.federation.utils.user.update_remote_user',
         ) as update_remote_user_mock:
             client.get(
                 f'/api/users/remote?q=@{remote_user.actor.fullname}',
@@ -163,7 +163,7 @@ def test_it_does_not_call_update_remote_user_for_local_user(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user',
+            'fittrackee.federation.utils.user.update_remote_user',
         ) as update_remote_user_mock:
             client.get(
                 f'/api/users/remote?q={user_2.username}',
@@ -184,10 +184,10 @@ def test_it_creates_and_returns_remote_user(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value=random_actor.get_webfinger(),
         ), patch(
-            'fittrackee.federation.utils_user.get_remote_actor_url',
+            'fittrackee.federation.utils.user.get_remote_actor_url',
             return_value=random_actor.get_remote_user_object(),
         ):
             response = client.get(
@@ -220,7 +220,7 @@ def test_it_empty_list_if_remote_user_does_not_exist(
         )
 
         with patch(
-            'fittrackee.federation.utils_user.fetch_account_from_webfinger',
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             side_effect={},
         ):
             response = client.get(
@@ -288,7 +288,7 @@ def test_it_returns_remote_user_if_exists(
             app_with_federation, user_1.email
         )
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user',
+            'fittrackee.federation.utils.user.update_remote_user',
         ):
 
             response = client.get(
@@ -310,7 +310,7 @@ def test_it_calls_update_remote_user(
             app_with_federation, user_1.email
         )
         with patch(
-            'fittrackee.federation.utils_user.update_remote_user',
+            'fittrackee.federation.utils.user.update_remote_user',
         ) as update_remote_user_mock:
 
             client.get(
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index caecffc2b..cde2263b6 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -7,7 +7,7 @@
     ActorNotFoundException,
     DomainNotFoundException,
 )
-from fittrackee.federation.utils_user import get_user_from_username
+from fittrackee.federation.utils.user import get_user_from_username
 from fittrackee.responses import (
     HttpResponse,
     InvalidPayloadErrorResponse,
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 4d4dbe91e..96bc2a7bb 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -14,7 +14,7 @@
 )
 from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.models import Domain
-from fittrackee.federation.utils_user import (
+from fittrackee.federation.utils.user import (
     FULL_NAME_REGEX,
     get_user_from_username,
 )
diff --git a/fittrackee/users/utils/admin.py b/fittrackee/users/utils/admin.py
index a471359d8..cb0148d3d 100644
--- a/fittrackee/users/utils/admin.py
+++ b/fittrackee/users/utils/admin.py
@@ -4,7 +4,7 @@
 from flask import current_app
 
 from fittrackee import bcrypt, db
-from fittrackee.federation.utils_user import get_user_from_username
+from fittrackee.federation.utils.user import get_user_from_username
 
 from ..exceptions import InvalidEmailException, InvalidUserException
 from ..models import User

From 2e3a182cb6703032121a494833c4e27f728c1cfd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 7 May 2022 18:35:06 +0200
Subject: [PATCH 126/238] API - federation activities refacto

---
 fittrackee/federation/activities/__init__.py  |   0
 .../{activities.py => activities/actions.py}  |   0
 .../federation/activities/base_object.py      |  16 +++
 .../federation/activities/follow_request.py   |  61 ++++++++
 fittrackee/federation/tasks/activity.py       |   2 +-
 ...st_federation_activities_follow_request.py | 132 ++++++++++++++++++
 fittrackee/users/models.py                    |  58 +++-----
 7 files changed, 226 insertions(+), 43 deletions(-)
 create mode 100644 fittrackee/federation/activities/__init__.py
 rename fittrackee/federation/{activities.py => activities/actions.py} (100%)
 create mode 100644 fittrackee/federation/activities/base_object.py
 create mode 100644 fittrackee/federation/activities/follow_request.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_activities_follow_request.py

diff --git a/fittrackee/federation/activities/__init__.py b/fittrackee/federation/activities/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/federation/activities.py b/fittrackee/federation/activities/actions.py
similarity index 100%
rename from fittrackee/federation/activities.py
rename to fittrackee/federation/activities/actions.py
diff --git a/fittrackee/federation/activities/base_object.py b/fittrackee/federation/activities/base_object.py
new file mode 100644
index 000000000..c97b9c9ab
--- /dev/null
+++ b/fittrackee/federation/activities/base_object.py
@@ -0,0 +1,16 @@
+from abc import ABC, abstractmethod
+from typing import TYPE_CHECKING, Dict
+
+if TYPE_CHECKING:
+    from ..enums import ActivityType
+    from ..models import Actor
+
+
+class ActivityObject(ABC):
+    id: str
+    type: 'ActivityType'
+    actor: 'Actor'
+
+    @abstractmethod
+    def serialize(self) -> Dict:
+        pass
diff --git a/fittrackee/federation/activities/follow_request.py b/fittrackee/federation/activities/follow_request.py
new file mode 100644
index 000000000..e66187f07
--- /dev/null
+++ b/fittrackee/federation/activities/follow_request.py
@@ -0,0 +1,61 @@
+from typing import TYPE_CHECKING, Dict, Tuple
+
+from ..constants import AP_CTX
+from ..enums import ActivityType
+from .base_object import ActivityObject
+
+if TYPE_CHECKING:
+    from ..models import Actor
+
+
+class FollowRequestObject(ActivityObject):
+    from_actor: 'Actor'
+    to_actor: 'Actor'
+
+    def __init__(
+        self,
+        from_actor: 'Actor',
+        to_actor: 'Actor',
+        activity_type: ActivityType,
+    ):
+        self.from_actor = from_actor
+        self.to_actor = to_actor
+        self.type = activity_type
+        self.actor, self.id = self._get_actor_and_id()
+
+    def _get_actor_and_id(self) -> Tuple['Actor', str]:
+        if self.type in [ActivityType.FOLLOW, ActivityType.UNDO]:
+            return self.from_actor, (
+                f'{self.from_actor.activitypub_id}#'
+                f'{"follow" if self.type ==ActivityType.FOLLOW else "undoe"}s/'
+                f'{self.to_actor.fullname}'
+            )
+        return self.to_actor, (
+            f'{self.to_actor.activitypub_id}#'
+            f'{"accept" if self.type == ActivityType.ACCEPT else "reject"}s/'
+            f'follow/{self.from_actor.fullname}'
+        )
+
+    def _get_follow_activity(self) -> Dict:
+        return {
+            'id': (
+                f'{self.from_actor.activitypub_id}#follows/'
+                f'{self.to_actor.fullname}'
+            ),
+            'type': ActivityType.FOLLOW.value,
+            'actor': self.from_actor.activitypub_id,
+            'object': self.to_actor.activitypub_id,
+        }
+
+    def serialize(self) -> Dict:
+        if self.type == ActivityType.FOLLOW:
+            activity = self._get_follow_activity()
+        else:
+            activity = {
+                'id': self.id,
+                'type': self.type.value,
+                'actor': self.actor.activitypub_id,
+                'object': self._get_follow_activity(),
+            }
+        activity['@context'] = AP_CTX
+        return activity
diff --git a/fittrackee/federation/tasks/activity.py b/fittrackee/federation/tasks/activity.py
index fab21b071..a8d55eba6 100644
--- a/fittrackee/federation/tasks/activity.py
+++ b/fittrackee/federation/tasks/activity.py
@@ -10,7 +10,7 @@ def get_activity_instance(activity_dict: Dict) -> Callable:
     activity_type = activity_dict['type']
     try:
         Activity = getattr(
-            import_module('fittrackee.federation.activities'),
+            import_module('fittrackee.federation.activities.actions'),
             f'{activity_type}Activity',
         )
     except AttributeError:
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_follow_request.py b/fittrackee/tests/federation/federation/test_federation_activities_follow_request.py
new file mode 100644
index 000000000..312bfa9d9
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_activities_follow_request.py
@@ -0,0 +1,132 @@
+from flask import Flask
+
+from fittrackee.federation.activities.follow_request import FollowRequestObject
+from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.enums import ActivityType
+from fittrackee.users.models import User
+
+
+class TestFollowRequestActivityObject:
+    def test_it_generates_follow_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        follow_request = FollowRequestObject(
+            from_actor=user_1.actor,
+            to_actor=user_2.actor,
+            activity_type=ActivityType.FOLLOW,
+        )
+
+        serialized_follow_request = follow_request.serialize()
+
+        assert serialized_follow_request == {
+            '@context': AP_CTX,
+            'id': (
+                f'{user_1.actor.activitypub_id}#follows/'
+                f'{user_2.actor.fullname}'
+            ),
+            'type': 'Follow',
+            'actor': user_1.actor.activitypub_id,
+            'object': user_2.actor.activitypub_id,
+        }
+
+    def test_it_generates_accept_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        follow_request = FollowRequestObject(
+            from_actor=user_1.actor,
+            to_actor=user_2.actor,
+            activity_type=ActivityType.ACCEPT,
+        )
+
+        serialized_follow_request = follow_request.serialize()
+
+        assert serialized_follow_request == {
+            '@context': AP_CTX,
+            'id': (
+                f'{user_2.actor.activitypub_id}#accepts/'
+                f'follow/{user_1.actor.fullname}'
+            ),
+            'type': 'Accept',
+            'actor': user_2.actor.activitypub_id,
+            'object': {
+                'id': (
+                    f'{user_1.actor.activitypub_id}#follows/'
+                    f'{user_2.actor.fullname}'
+                ),
+                'type': 'Follow',
+                'actor': user_1.actor.activitypub_id,
+                'object': user_2.actor.activitypub_id,
+            },
+        }
+
+    def test_it_generates_reject_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        follow_request = FollowRequestObject(
+            from_actor=user_1.actor,
+            to_actor=user_2.actor,
+            activity_type=ActivityType.REJECT,
+        )
+
+        serialized_follow_request = follow_request.serialize()
+
+        assert serialized_follow_request == {
+            '@context': AP_CTX,
+            'id': (
+                f'{user_2.actor.activitypub_id}#rejects/'
+                f'follow/{user_1.actor.fullname}'
+            ),
+            'type': 'Reject',
+            'actor': user_2.actor.activitypub_id,
+            'object': {
+                'id': (
+                    f'{user_1.actor.activitypub_id}#follows/'
+                    f'{user_2.actor.fullname}'
+                ),
+                'type': 'Follow',
+                'actor': user_1.actor.activitypub_id,
+                'object': user_2.actor.activitypub_id,
+            },
+        }
+
+    def test_it_generates_undo_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+    ) -> None:
+        follow_request = FollowRequestObject(
+            from_actor=user_1.actor,
+            to_actor=user_2.actor,
+            activity_type=ActivityType.UNDO,
+        )
+
+        serialized_follow_request = follow_request.serialize()
+
+        assert serialized_follow_request == {
+            '@context': AP_CTX,
+            'id': (
+                f'{user_1.actor.activitypub_id}#undoes/'
+                f'{user_2.actor.fullname}'
+            ),
+            'type': 'Undo',
+            'actor': user_1.actor.activitypub_id,
+            'object': {
+                'id': (
+                    f'{user_1.actor.activitypub_id}#follows/'
+                    f'{user_2.actor.fullname}'
+                ),
+                'type': 'Follow',
+                'actor': user_1.actor.activitypub_id,
+                'object': user_2.actor.activitypub_id,
+            },
+        }
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 72da4e2e6..af2f22c18 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -9,7 +9,7 @@
 from sqlalchemy.types import Enum
 
 from fittrackee import BaseModel, bcrypt, db
-from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.activities.follow_request import FollowRequestObject
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.federation.models import Actor, Domain
@@ -65,50 +65,24 @@ def serialize(self) -> Dict:
             'to_user': self.to_user.serialize(),
         }
 
+    def _get_activity_type(self, undo: bool) -> ActivityType:
+        if self.updated_at is None:
+            return ActivityType.FOLLOW
+        if undo:
+            return ActivityType.UNDO
+        if self.is_approved:
+            return ActivityType.ACCEPT
+        return ActivityType.REJECT
+
     def get_activity(self, undo: bool = False) -> Dict:
         if not current_app.config['federation_enabled']:
             raise FederationDisabledException()
-        follow_activity = {
-            'id': (
-                f'{self.from_user.actor.activitypub_id}#follows/'
-                f'{self.to_user.actor.fullname}'
-            ),
-            'type': ActivityType.FOLLOW.value,
-            'actor': self.from_user.actor.activitypub_id,
-            'object': self.to_user.actor.activitypub_id,
-        }
-        if self.updated_at is None:
-            activity = follow_activity.copy()
-        else:
-            if undo:
-                activity = {
-                    'id': (
-                        f'{self.from_user.actor.activitypub_id}#'
-                        f'undoes/'
-                        f'follow/{self.from_user.actor.fullname}'
-                    ),
-                    'type': ActivityType.UNDO.value,
-                    'actor': self.from_user.actor.activitypub_id,
-                    'object': follow_activity,
-                }
-            else:
-                activity_type = (
-                    ActivityType.ACCEPT.value
-                    if self.is_approved
-                    else ActivityType.REJECT.value
-                )
-                activity = {
-                    'id': (
-                        f'{self.to_user.actor.activitypub_id}#'
-                        f'{"accept" if self.is_approved else "reject"}s/'
-                        f'follow/{self.from_user.actor.fullname}'
-                    ),
-                    'type': activity_type,
-                    'actor': self.to_user.actor.activitypub_id,
-                    'object': follow_activity,
-                }
-        activity['@context'] = AP_CTX
-        return activity
+        follow_request_object = FollowRequestObject(
+            from_actor=self.from_user.actor,
+            to_actor=self.to_user.actor,
+            activity_type=self._get_activity_type(undo),
+        )
+        return follow_request_object.serialize()
 
 
 class User(BaseModel):

From 35a6dbaf5d6b0de98bed994ddbfdf332c8cca185 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 7 May 2022 20:36:07 +0200
Subject: [PATCH 127/238] API - init workouts activity objects

---
 fittrackee/federation/activities/actions.py   |   5 +
 fittrackee/federation/activities/workout.py   | 100 +++++++
 fittrackee/federation/constants.py            |   2 +
 fittrackee/federation/enums.py                |   1 +
 .../test_federation_activities_workout.py     | 243 ++++++++++++++++++
 .../workouts/test_workouts_models.py          |  45 ++++
 .../tests/workouts/test_workouts_model.py     |  13 +
 fittrackee/workouts/exceptions.py             |   4 +
 fittrackee/workouts/models.py                 |  18 +-
 9 files changed, 429 insertions(+), 2 deletions(-)
 create mode 100644 fittrackee/federation/activities/workout.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_activities_workout.py
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_models.py

diff --git a/fittrackee/federation/activities/actions.py b/fittrackee/federation/activities/actions.py
index 78dd9499b..bc3181727 100644
--- a/fittrackee/federation/activities/actions.py
+++ b/fittrackee/federation/activities/actions.py
@@ -137,3 +137,8 @@ def undoes_follow(self) -> None:
                 f'{self.activity_name()}: follow request does not exist.'
             )
             raise e
+
+
+class CreateActivity(AbstractActivity):
+    def process_activity(self) -> None:
+        pass
diff --git a/fittrackee/federation/activities/workout.py b/fittrackee/federation/activities/workout.py
new file mode 100644
index 000000000..4a9f5f3d7
--- /dev/null
+++ b/fittrackee/federation/activities/workout.py
@@ -0,0 +1,100 @@
+from typing import TYPE_CHECKING, Dict
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.workouts.exceptions import PrivateWorkoutException
+
+from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
+from ..enums import ActivityType
+from .base_object import ActivityObject
+
+if TYPE_CHECKING:
+    from fittrackee.workouts.models import Workout
+
+
+class WorkoutObject(ActivityObject):
+    workout: 'Workout'
+
+    def __init__(self, workout: 'Workout') -> None:
+        if workout.workout_visibility == PrivacyLevel.PRIVATE:
+            raise PrivateWorkoutException()
+        self.workout = workout
+        self.type = ActivityType.CREATE
+        self.actor = self.workout.user.actor
+        self.activity_id = (
+            f'https://{self.actor.activitypub_id}/'
+            f'workouts/{self.workout.short_id}'
+        )
+        self.published = self.workout.creation_date.strftime(DATE_FORMAT)
+        self.workout_url = (
+            f'https://{self.actor.domain.name}/'
+            f'workouts/{self.workout.short_id}'
+        )
+        self.activity_dict = self._init_activity_dict()
+
+    def _init_activity_dict(self) -> Dict:
+        return {
+            '@context': AP_CTX,
+            'type': self.type.value,
+            'actor': self.actor.activitypub_id,
+            'published': self.published,
+            'object': {
+                'id': self.activity_id,
+                'published': self.published,
+                'url': self.workout_url,
+                'attributedTo': self.actor.activitypub_id,
+            },
+        }
+
+    def _get_note_content(self) -> str:
+        # TODO: handle translation and imperial units depending on user
+        # preferences
+        return f"""New workout "{self.workout.title}"'
+
+Distance: {self.workout.distance}km
+Duration: {self.workout.duration}
+
+#fittrackee
+
+link: {self.workout_url}
+"""
+
+    def _update_activity_recipients(self, activity: Dict) -> Dict:
+        if self.workout.workout_visibility == PrivacyLevel.PUBLIC:
+            activity['to'] = [PUBLIC_STREAM]
+            activity['cc'] = [self.actor.followers_url]
+            activity['object']['to'] = [PUBLIC_STREAM]
+            activity['object']['cc'] = [self.actor.followers_url]
+        else:
+            activity['to'] = [self.actor.followers_url]
+            activity['cc'] = []
+            activity['object']['to'] = [self.actor.followers_url]
+            activity['object']['cc'] = []
+        return activity
+
+    def serialize(self, is_note: bool = False) -> Dict:
+        activity = self.activity_dict.copy()
+        if is_note:
+            activity['id'] = f'{self.activity_id}/note/activity'
+            activity['object']['type'] = 'Note'
+            activity['object']['content'] = self._get_note_content()
+        else:
+            activity['id'] = f'{self.activity_id}/activity'
+            activity['object'] = {
+                **activity['object'],
+                **{
+                    'type': 'Workout',
+                    'ascent': self.workout.ascent,
+                    'descent': self.workout.descent,
+                    'distance': self.workout.distance,
+                    'duration': self.workout.duration,
+                    'max_alt': self.workout.max_alt,
+                    'min_alt': self.workout.min_alt,
+                    'moving': self.workout.moving,
+                    'sport_id': self.workout.sport_id,
+                    'title': self.workout.title,
+                    'workout_date': self.workout.workout_date.strftime(
+                        DATE_FORMAT
+                    ),
+                },
+            }
+        return self._update_activity_recipients(activity)
diff --git a/fittrackee/federation/constants.py b/fittrackee/federation/constants.py
index 27770c073..ab1871f01 100644
--- a/fittrackee/federation/constants.py
+++ b/fittrackee/federation/constants.py
@@ -3,3 +3,5 @@
     'https://w3id.org/security/v1',
 ]
 CONTEXT = 'https://www.w3.org/ns/activitystreams'
+DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
+PUBLIC_STREAM = 'https://www.w3.org/ns/activitystreams#Public'
diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index fa8c3c581..a544b1cad 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -3,6 +3,7 @@
 
 class ActivityType(Enum):
     ACCEPT = 'Accept'
+    CREATE = 'Create'
     FOLLOW = 'Follow'
     REJECT = 'Reject'
     UNDO = 'Undo'
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_workout.py b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
new file mode 100644
index 000000000..e95686bf1
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
@@ -0,0 +1,243 @@
+import pytest
+from flask import Flask
+
+from fittrackee.federation.activities.workout import WorkoutObject
+from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import User
+from fittrackee.workouts.exceptions import PrivateWorkoutException
+from fittrackee.workouts.models import Sport, Workout
+
+
+class TestWorkoutObject:
+    def test_it_raises_error_when_visibility_is_private(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        with pytest.raises(PrivateWorkoutException):
+            WorkoutObject(workout_cycling_user_1)
+
+    def test_it_generates_create_activity_when_visibility_is_followers_only(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
+        workout = WorkoutObject(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize()
+
+        assert serialized_workout == {
+            '@context': AP_CTX,
+            'id': (
+                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/activity'
+            ),
+            'type': 'Create',
+            'actor': user_1.actor.activitypub_id,
+            'published': published,
+            'to': [user_1.actor.followers_url],
+            'cc': [],
+            'object': {
+                'id': (
+                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+                'type': 'Workout',
+                'published': published,
+                'url': (
+                    f'https://{user_1.actor.domain.name}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+                'attributedTo': user_1.actor.activitypub_id,
+                'to': [user_1.actor.followers_url],
+                'cc': [],
+                'ascent': workout_cycling_user_1.ascent,
+                'descent': workout_cycling_user_1.descent,
+                'distance': workout_cycling_user_1.distance,
+                'duration': workout_cycling_user_1.duration,
+                'max_alt': workout_cycling_user_1.max_alt,
+                'min_alt': workout_cycling_user_1.min_alt,
+                'moving': workout_cycling_user_1.moving,
+                'sport_id': workout_cycling_user_1.sport_id,
+                'title': workout_cycling_user_1.title,
+                'workout_date': workout_cycling_user_1.workout_date.strftime(
+                    DATE_FORMAT
+                ),
+            },
+        }
+
+    def test_it_generates_create_activity_when_visibility_is_public(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
+        workout = WorkoutObject(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize()
+
+        assert serialized_workout == {
+            '@context': AP_CTX,
+            'id': (
+                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/activity'
+            ),
+            'type': 'Create',
+            'actor': user_1.actor.activitypub_id,
+            'published': published,
+            'to': ['https://www.w3.org/ns/activitystreams#Public'],
+            'cc': [user_1.actor.followers_url],
+            'object': {
+                'id': (
+                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+                'type': 'Workout',
+                'published': published,
+                'url': (
+                    f'https://{user_1.actor.domain.name}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+                'attributedTo': user_1.actor.activitypub_id,
+                'to': ['https://www.w3.org/ns/activitystreams#Public'],
+                'cc': [user_1.actor.followers_url],
+                'ascent': workout_cycling_user_1.ascent,
+                'descent': workout_cycling_user_1.descent,
+                'distance': workout_cycling_user_1.distance,
+                'duration': workout_cycling_user_1.duration,
+                'max_alt': workout_cycling_user_1.max_alt,
+                'min_alt': workout_cycling_user_1.min_alt,
+                'moving': workout_cycling_user_1.moving,
+                'sport_id': workout_cycling_user_1.sport_id,
+                'title': workout_cycling_user_1.title,
+                'workout_date': workout_cycling_user_1.workout_date.strftime(
+                    DATE_FORMAT
+                ),
+            },
+        }
+
+
+class TestWorkoutNoteObject:
+    def test_it_raises_error_if_visibility_is_private(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        with pytest.raises(PrivateWorkoutException):
+            WorkoutObject(workout_cycling_user_1)
+
+    def test_it_returns_note_activity_when_visibility_is_followers_only(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
+        workout = WorkoutObject(workout_cycling_user_1)
+        expected_url = (
+            f'https://{user_1.actor.domain.name}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
+        expected_content = f"""New workout "{workout_cycling_user_1.title}"'
+
+Distance: {workout_cycling_user_1.distance}km
+Duration: {workout_cycling_user_1.duration}
+
+#fittrackee
+
+link: {expected_url}
+"""
+
+        serialized_workout_note = workout.serialize(is_note=True)
+
+        assert serialized_workout_note == {
+            '@context': AP_CTX,
+            'id': (
+                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/note/activity'
+            ),
+            'type': 'Create',
+            'actor': user_1.actor.activitypub_id,
+            'published': published,
+            'to': [user_1.actor.followers_url],
+            'cc': [],
+            'object': {
+                'id': (
+                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+                'type': 'Note',
+                'published': published,
+                'url': expected_url,
+                'attributedTo': user_1.actor.activitypub_id,
+                'content': expected_content,
+                'to': [user_1.actor.followers_url],
+                'cc': [],
+            },
+        }
+
+    def test_it_returns_note_activity_when_visibility_is_public(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
+        workout = WorkoutObject(workout_cycling_user_1)
+        expected_url = (
+            f'https://{user_1.actor.domain.name}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
+        expected_content = f"""New workout "{workout_cycling_user_1.title}"'
+
+Distance: {workout_cycling_user_1.distance}km
+Duration: {workout_cycling_user_1.duration}
+
+#fittrackee
+
+link: {expected_url}
+"""
+
+        serialized_workout_note = workout.serialize(is_note=True)
+
+        assert serialized_workout_note == {
+            '@context': AP_CTX,
+            'id': (
+                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/note/activity'
+            ),
+            'type': 'Create',
+            'actor': user_1.actor.activitypub_id,
+            'published': published,
+            'to': ['https://www.w3.org/ns/activitystreams#Public'],
+            'cc': [user_1.actor.followers_url],
+            'object': {
+                'id': (
+                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+                'type': 'Note',
+                'published': published,
+                'url': expected_url,
+                'attributedTo': user_1.actor.activitypub_id,
+                'content': expected_content,
+                'to': ['https://www.w3.org/ns/activitystreams#Public'],
+                'cc': [user_1.actor.followers_url],
+            },
+        }
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
new file mode 100644
index 000000000..79e22e365
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -0,0 +1,45 @@
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import User
+from fittrackee.workouts.exceptions import PrivateWorkoutException
+from fittrackee.workouts.models import Sport, Workout
+
+DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
+
+
+class TestWorkoutModelGetWorkoutActivity:
+    def test_it_raises_error_if_visibility_is_private(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        with pytest.raises(PrivateWorkoutException):
+            workout_cycling_user_1.get_activities()
+
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_it_returns_activities_when_visibility_is_not_private(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = workout_visibility.value
+
+        workout, note = workout_cycling_user_1.get_activities()
+
+        assert workout['type'] == 'Create'
+        assert workout['object']['type'] == 'Workout'
+        assert note['type'] == 'Create'
+        assert note['object']['type'] == 'Note'
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index f8be551fa..505eb1e08 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -5,6 +5,7 @@
 from flask import Flask
 
 from fittrackee import db
+from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
 from fittrackee.workouts.exceptions import WorkoutForbiddenException
@@ -546,3 +547,15 @@ def test_serializer_does_not_return_previous_workout(
         assert serialized_workout['previous_workout'] is None
         assert 'map_visibility' not in serialized_workout
         assert 'workout_visibility' not in serialized_workout
+
+
+class TestWorkoutModelGetActivity:
+    def test_it_raises_error_if_federation_is_disabled(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        with pytest.raises(FederationDisabledException):
+            workout_cycling_user_1.get_activities()
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index f6b1988ce..377179944 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -1,6 +1,10 @@
 from fittrackee.exceptions import GenericException
 
 
+class PrivateWorkoutException(Exception):
+    ...
+
+
 class WorkoutException(GenericException):
     ...
 
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 4e1be9b0d..87f8f4b90 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -1,8 +1,9 @@
 import datetime
 import os
-from typing import Any, Dict, Optional, Union
+from typing import Any, Dict, Optional, Tuple, Union
 from uuid import UUID, uuid4
 
+from flask import current_app
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
@@ -12,10 +13,12 @@
 from sqlalchemy.types import JSON, Enum
 
 from fittrackee import BaseModel, db
+from fittrackee.federation.activities.workout import WorkoutObject
+from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.files import get_absolute_file_path
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 
-from .exceptions import WorkoutForbiddenException
+from .exceptions import PrivateWorkoutException, WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
 from .utils.short_id import encode_uuid
 
@@ -388,6 +391,17 @@ def get_user_workout_records(
             )
         return records
 
+    def get_activities(self) -> Tuple[Dict, Dict]:
+        if not current_app.config['federation_enabled']:
+            raise FederationDisabledException()
+        if self.workout_visibility == PrivacyLevel.PRIVATE:
+            raise PrivateWorkoutException()
+
+        workout_object = WorkoutObject(self)
+        return workout_object.serialize(), workout_object.serialize(
+            is_note=True
+        )
+
 
 @listens_for(Workout, 'after_insert')
 def on_workout_insert(

From 9f0c063975176404d063f2c4cef71c0b52324225 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 12:30:22 +0200
Subject: [PATCH 128/238] API - update workout activities

---
 .flake8                                       |  2 +
 .../activities/templates/__init__.py          |  0
 .../activities/templates/workout_note.py      |  5 ++
 fittrackee/federation/activities/workout.py   | 26 +++---
 .../test_federation_activities_workout.py     | 87 +++++++++----------
 5 files changed, 61 insertions(+), 59 deletions(-)
 create mode 100644 fittrackee/federation/activities/templates/__init__.py
 create mode 100644 fittrackee/federation/activities/templates/workout_note.py

diff --git a/.flake8 b/.flake8
index 0ca5d8807..277684d8a 100644
--- a/.flake8
+++ b/.flake8
@@ -4,3 +4,5 @@ per-file-ignores =
     fittrackee/application/app_config.py:E501
     fittrackee/tests/test_email.py:E501
     fittrackee/tests/test_email_template_password_request.py:E501
+    fittrackee/federation/activities/templates/workout_note.py:E501
+    fittrackee/tests/federation/federation/test_federation_activities_workout.py:E501
diff --git a/fittrackee/federation/activities/templates/__init__.py b/fittrackee/federation/activities/templates/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/federation/activities/templates/workout_note.py b/fittrackee/federation/activities/templates/workout_note.py
new file mode 100644
index 000000000..8ed692f04
--- /dev/null
+++ b/fittrackee/federation/activities/templates/workout_note.py
@@ -0,0 +1,5 @@
+WORKOUT_NOTE = """<p>New workout: <a href="{workout_url}" target="_blank" rel="noopener noreferrer">{workout_title}</a> ({sport_label})
+
+Distance: {workout_distance:.2f}km
+Duration: {workout_duration}</p>
+"""
diff --git a/fittrackee/federation/activities/workout.py b/fittrackee/federation/activities/workout.py
index 4a9f5f3d7..ee53c95cf 100644
--- a/fittrackee/federation/activities/workout.py
+++ b/fittrackee/federation/activities/workout.py
@@ -6,6 +6,7 @@
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from ..enums import ActivityType
 from .base_object import ActivityObject
+from .templates.workout_note import WORKOUT_NOTE
 
 if TYPE_CHECKING:
     from fittrackee.workouts.models import Workout
@@ -21,8 +22,7 @@ def __init__(self, workout: 'Workout') -> None:
         self.type = ActivityType.CREATE
         self.actor = self.workout.user.actor
         self.activity_id = (
-            f'https://{self.actor.activitypub_id}/'
-            f'workouts/{self.workout.short_id}'
+            f'{self.actor.activitypub_id}/workouts/{self.workout.short_id}'
         )
         self.published = self.workout.creation_date.strftime(DATE_FORMAT)
         self.workout_url = (
@@ -46,17 +46,15 @@ def _init_activity_dict(self) -> Dict:
         }
 
     def _get_note_content(self) -> str:
-        # TODO: handle translation and imperial units depending on user
-        # preferences
-        return f"""New workout "{self.workout.title}"'
-
-Distance: {self.workout.distance}km
-Duration: {self.workout.duration}
-
-#fittrackee
-
-link: {self.workout_url}
-"""
+        # TODO:
+        # handle translation and imperial units depending on user preferences
+        return WORKOUT_NOTE.format(
+            sport_label=self.workout.sport.label,
+            workout_title=self.workout.title,
+            workout_distance=self.workout.distance,
+            workout_duration=self.workout.duration,
+            workout_url=self.workout_url,
+        )
 
     def _update_activity_recipients(self, activity: Dict) -> Dict:
         if self.workout.workout_visibility == PrivacyLevel.PUBLIC:
@@ -73,10 +71,12 @@ def _update_activity_recipients(self, activity: Dict) -> Dict:
 
     def serialize(self, is_note: bool = False) -> Dict:
         activity = self.activity_dict.copy()
+        # for non-FitTrackee instances (like Mastodon)
         if is_note:
             activity['id'] = f'{self.activity_id}/note/activity'
             activity['object']['type'] = 'Note'
             activity['object']['content'] = self._get_note_content()
+        # for FitTrackee instances
         else:
             activity['id'] = f'{self.activity_id}/activity'
             activity['object'] = {
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_workout.py b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
index e95686bf1..0c0c876ab 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
@@ -4,12 +4,21 @@
 from fittrackee.federation.activities.workout import WorkoutObject
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.mixins import RandomMixin
 from fittrackee.users.models import User
 from fittrackee.workouts.exceptions import PrivateWorkoutException
 from fittrackee.workouts.models import Sport, Workout
 
 
-class TestWorkoutObject:
+class WorkoutObjectTestCase(RandomMixin):
+    @staticmethod
+    def expected_url(user: User, workout: Workout) -> str:
+        return (
+            f'https://{user.actor.domain.name}/workouts/' f'{workout.short_id}'
+        )
+
+
+class TestWorkoutObject(WorkoutObjectTestCase):
     def test_it_raises_error_when_visibility_is_private(
         self,
         app_with_federation: Flask,
@@ -27,6 +36,7 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
@@ -36,7 +46,7 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
         assert serialized_workout == {
             '@context': AP_CTX,
             'id': (
-                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{user_1.actor.activitypub_id}/workouts/'
                 f'{workout_cycling_user_1.short_id}/activity'
             ),
             'type': 'Create',
@@ -46,15 +56,12 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
             'cc': [],
             'object': {
                 'id': (
-                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{user_1.actor.activitypub_id}/workouts/'
                     f'{workout_cycling_user_1.short_id}'
                 ),
                 'type': 'Workout',
                 'published': published,
-                'url': (
-                    f'https://{user_1.actor.domain.name}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
-                ),
+                'url': self.expected_url(user_1, workout_cycling_user_1),
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
                 'cc': [],
@@ -80,6 +87,7 @@ def test_it_generates_create_activity_when_visibility_is_public(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
@@ -89,7 +97,7 @@ def test_it_generates_create_activity_when_visibility_is_public(
         assert serialized_workout == {
             '@context': AP_CTX,
             'id': (
-                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{user_1.actor.activitypub_id}/workouts/'
                 f'{workout_cycling_user_1.short_id}/activity'
             ),
             'type': 'Create',
@@ -99,15 +107,12 @@ def test_it_generates_create_activity_when_visibility_is_public(
             'cc': [user_1.actor.followers_url],
             'object': {
                 'id': (
-                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{user_1.actor.activitypub_id}/workouts/'
                     f'{workout_cycling_user_1.short_id}'
                 ),
                 'type': 'Workout',
                 'published': published,
-                'url': (
-                    f'https://{user_1.actor.domain.name}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
-                ),
+                'url': self.expected_url(user_1, workout_cycling_user_1),
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
@@ -127,7 +132,15 @@ def test_it_generates_create_activity_when_visibility_is_public(
         }
 
 
-class TestWorkoutNoteObject:
+class TestWorkoutNoteObject(WorkoutObjectTestCase):
+    @staticmethod
+    def expected_workout_note(workout: Workout, expected_url: str) -> str:
+        return f"""<p>New workout: <a href="{expected_url}" target="_blank" rel="noopener noreferrer">{workout.title}</a> ({workout.sport.label})
+
+Distance: {workout.distance:.2f}km
+Duration: {workout.duration}</p>
+"""
+
     def test_it_raises_error_if_visibility_is_private(
         self,
         app_with_federation: Flask,
@@ -145,29 +158,18 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
-        expected_url = (
-            f'https://{user_1.actor.domain.name}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
-        expected_content = f"""New workout "{workout_cycling_user_1.title}"'
-
-Distance: {workout_cycling_user_1.distance}km
-Duration: {workout_cycling_user_1.duration}
-
-#fittrackee
-
-link: {expected_url}
-"""
+        expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
         serialized_workout_note = workout.serialize(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
             'id': (
-                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{user_1.actor.activitypub_id}/workouts/'
                 f'{workout_cycling_user_1.short_id}/note/activity'
             ),
             'type': 'Create',
@@ -177,14 +179,16 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
             'cc': [],
             'object': {
                 'id': (
-                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{user_1.actor.activitypub_id}/workouts/'
                     f'{workout_cycling_user_1.short_id}'
                 ),
                 'type': 'Note',
                 'published': published,
                 'url': expected_url,
                 'attributedTo': user_1.actor.activitypub_id,
-                'content': expected_content,
+                'content': self.expected_workout_note(
+                    workout_cycling_user_1, expected_url
+                ),
                 'to': [user_1.actor.followers_url],
                 'cc': [],
             },
@@ -197,29 +201,18 @@ def test_it_returns_note_activity_when_visibility_is_public(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
-        expected_url = (
-            f'https://{user_1.actor.domain.name}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
-        expected_content = f"""New workout "{workout_cycling_user_1.title}"'
-
-Distance: {workout_cycling_user_1.distance}km
-Duration: {workout_cycling_user_1.duration}
-
-#fittrackee
-
-link: {expected_url}
-"""
+        expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
         serialized_workout_note = workout.serialize(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
             'id': (
-                f'https://{user_1.actor.activitypub_id}/workouts/'
+                f'{user_1.actor.activitypub_id}/workouts/'
                 f'{workout_cycling_user_1.short_id}/note/activity'
             ),
             'type': 'Create',
@@ -229,14 +222,16 @@ def test_it_returns_note_activity_when_visibility_is_public(
             'cc': [user_1.actor.followers_url],
             'object': {
                 'id': (
-                    f'https://{user_1.actor.activitypub_id}/workouts/'
+                    f'{user_1.actor.activitypub_id}/workouts/'
                     f'{workout_cycling_user_1.short_id}'
                 ),
                 'type': 'Note',
                 'published': published,
                 'url': expected_url,
                 'attributedTo': user_1.actor.activitypub_id,
-                'content': expected_content,
+                'content': self.expected_workout_note(
+                    workout_cycling_user_1, expected_url
+                ),
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
             },

From 8afcee5d0212c9107c803ccfb1746b0c580141e1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 12:42:28 +0200
Subject: [PATCH 129/238] API - minor refacto

---
 fittrackee/federation/decorators.py        | 11 +++++++++++
 fittrackee/federation/exceptions.py        |  5 +----
 fittrackee/federation/federation.py        | 13 ++++++++-----
 fittrackee/federation/nodeinfo.py          |  6 +++---
 fittrackee/federation/webfinger.py         |  4 ++--
 fittrackee/tests/users/test_users_model.py |  2 +-
 fittrackee/users/models.py                 |  5 ++---
 fittrackee/users/users.py                  |  4 ++--
 fittrackee/workouts/models.py              |  6 ++----
 9 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/fittrackee/federation/decorators.py b/fittrackee/federation/decorators.py
index 673a5c634..0ca4e6106 100644
--- a/fittrackee/federation/decorators.py
+++ b/fittrackee/federation/decorators.py
@@ -4,6 +4,7 @@
 from flask import current_app
 
 from fittrackee import appLog
+from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.responses import (
     DisabledFederationErrorResponse,
     InternalServerErrorResponse,
@@ -14,6 +15,16 @@
 
 
 def federation_required(f: Callable) -> Callable:
+    @wraps(f)
+    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
+        if not current_app.config['federation_enabled']:
+            raise FederationDisabledException()
+        return f(*args, **kwargs)
+
+    return decorated_function
+
+
+def federation_required_for_route(f: Callable) -> Callable:
     @wraps(f)
     def decorated_function(*args: Any, **kwargs: Any) -> Callable:
         if not current_app.config['federation_enabled']:
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index 97a50f54a..ac9dc3f73 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -21,10 +21,7 @@ def __init__(self, domain: str) -> None:
 
 class FederationDisabledException(GenericException):
     def __init__(self) -> None:
-        super().__init__(
-            status='error',
-            message='Can not create activity, federation is disabled.',
-        )
+        super().__init__(status='error', message='Federation is disabled.')
 
 
 class InvalidSignatureException(GenericException):
diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index 46e944ecc..caf1e5bdc 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -6,7 +6,10 @@
 from fittrackee.users.models import FollowRequest
 
 from .collections import OrderedCollection, OrderedCollectionPage
-from .decorators import federation_required, get_local_actor_from_username
+from .decorators import (
+    federation_required_for_route,
+    get_local_actor_from_username,
+)
 from .inbox import inbox
 from .models import Actor, Domain
 
@@ -19,7 +22,7 @@
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>', methods=['GET']
 )
-@federation_required
+@federation_required_for_route
 @get_local_actor_from_username
 def get_actor(
     local_actor: Actor, app_domain: Domain, preferred_username: str
@@ -82,7 +85,7 @@ def get_actor(
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>/inbox', methods=['POST']
 )
-@federation_required
+@federation_required_for_route
 @get_local_actor_from_username
 def user_inbox(
     local_actor: Actor, app_domain: Domain, preferred_username: str
@@ -151,7 +154,7 @@ def get_relationships(
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>/followers', methods=['GET']
 )
-@federation_required
+@federation_required_for_route
 @get_local_actor_from_username
 def user_followers(
     local_actor: Actor, app_domain: Domain, preferred_username: str
@@ -226,7 +229,7 @@ def user_followers(
 @ap_federation_blueprint.route(
     '/user/<string:preferred_username>/following', methods=['GET']
 )
-@federation_required
+@federation_required_for_route
 @get_local_actor_from_username
 def user_following(
     local_actor: Actor, app_domain: Domain, preferred_username: str
diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
index 767d0bccf..24d446bcf 100644
--- a/fittrackee/federation/nodeinfo.py
+++ b/fittrackee/federation/nodeinfo.py
@@ -4,14 +4,14 @@
 from fittrackee.responses import HttpResponse
 from fittrackee.workouts.models import Workout
 
-from .decorators import federation_required
+from .decorators import federation_required_for_route
 from .models import Domain
 
 ap_nodeinfo_blueprint = Blueprint('ap_nodeinfo', __name__)
 
 
 @ap_nodeinfo_blueprint.route('/.well-known/nodeinfo', methods=['GET'])
-@federation_required
+@federation_required_for_route
 def get_nodeinfo_url(app_domain: Domain) -> HttpResponse:
     """
     Get node info links
@@ -58,7 +58,7 @@ def get_nodeinfo_url(app_domain: Domain) -> HttpResponse:
 
 
 @ap_nodeinfo_blueprint.route('/nodeinfo/2.0', methods=['GET'])
-@federation_required
+@federation_required_for_route
 def get_nodeinfo(app_domain: Domain) -> HttpResponse:
     """
     Get node infos
diff --git a/fittrackee/federation/webfinger.py b/fittrackee/federation/webfinger.py
index 1ac8108fa..a7692d62c 100644
--- a/fittrackee/federation/webfinger.py
+++ b/fittrackee/federation/webfinger.py
@@ -6,14 +6,14 @@
     UserNotFoundErrorResponse,
 )
 
-from .decorators import federation_required
+from .decorators import federation_required_for_route
 from .models import Actor, Domain
 
 ap_webfinger_blueprint = Blueprint('ap_webfinger', __name__)
 
 
 @ap_webfinger_blueprint.route('/webfinger', methods=['GET'])
-@federation_required
+@federation_required_for_route
 def webfinger(app_domain: Domain) -> HttpResponse:
     """
     Get account links
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 95f94d3d3..4bc8f825c 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -387,7 +387,7 @@ def test_it_raises_error_if_getting_activity_object_when_federation_is_disabled(
     ) -> None:
         with pytest.raises(
             FederationDisabledException,
-            match='Can not create activity, federation is disabled.',
+            match='Federation is disabled.',
         ):
             follow_request_from_user_1_to_user_2.get_activity()
 
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index af2f22c18..e9e51c966 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -10,8 +10,8 @@
 
 from fittrackee import BaseModel, bcrypt, db
 from fittrackee.federation.activities.follow_request import FollowRequestObject
+from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.enums import ActivityType
-from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.federation.models import Actor, Domain
 from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
 from fittrackee.privacy_levels import PrivacyLevel
@@ -74,9 +74,8 @@ def _get_activity_type(self, undo: bool) -> ActivityType:
             return ActivityType.ACCEPT
         return ActivityType.REJECT
 
+    @federation_required
     def get_activity(self, undo: bool = False) -> Dict:
-        if not current_app.config['federation_enabled']:
-            raise FederationDisabledException()
         follow_request_object = FollowRequestObject(
             from_actor=self.from_user.actor,
             to_actor=self.to_user.actor,
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 96bc2a7bb..b39a22257 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -12,7 +12,7 @@
     password_change_email,
     reset_password_email,
 )
-from fittrackee.federation.decorators import federation_required
+from fittrackee.federation.decorators import federation_required_for_route
 from fittrackee.federation.models import Domain
 from fittrackee.federation.utils.user import (
     FULL_NAME_REGEX,
@@ -294,7 +294,7 @@ def get_users(auth_user: User) -> Dict:
 
 
 @users_blueprint.route('/users/remote', methods=['GET'])
-@federation_required
+@federation_required_for_route
 @authenticate
 def get_remote_users(
     auth_user: User,
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 87f8f4b90..68ce81625 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -3,7 +3,6 @@
 from typing import Any, Dict, Optional, Tuple, Union
 from uuid import UUID, uuid4
 
-from flask import current_app
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
@@ -14,7 +13,7 @@
 
 from fittrackee import BaseModel, db
 from fittrackee.federation.activities.workout import WorkoutObject
-from fittrackee.federation.exceptions import FederationDisabledException
+from fittrackee.federation.decorators import federation_required
 from fittrackee.files import get_absolute_file_path
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 
@@ -391,9 +390,8 @@ def get_user_workout_records(
             )
         return records
 
+    @federation_required
     def get_activities(self) -> Tuple[Dict, Dict]:
-        if not current_app.config['federation_enabled']:
-            raise FederationDisabledException()
         if self.workout_visibility == PrivacyLevel.PRIVATE:
             raise PrivateWorkoutException()
 

From 29a64343c3329b5744ae2a7393ef85289a2f5ac6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 12:57:53 +0200
Subject: [PATCH 130/238] API - init shared inbox

+ update users inbox tests
---
 fittrackee/federation/federation.py           |  33 ++++
 .../test_federation_shared_inbox.py           | 172 ++++++++++++++++++
 ...nbox.py => test_federation_users_inbox.py} |  35 ++--
 3 files changed, 220 insertions(+), 20 deletions(-)
 create mode 100644 fittrackee/tests/federation/federation/test_federation_shared_inbox.py
 rename fittrackee/tests/federation/federation/{test_users_inbox.py => test_federation_users_inbox.py} (88%)

diff --git a/fittrackee/federation/federation.py b/fittrackee/federation/federation.py
index caf1e5bdc..55f861c06 100644
--- a/fittrackee/federation/federation.py
+++ b/fittrackee/federation/federation.py
@@ -124,6 +124,39 @@ def user_inbox(
     return inbox(request)
 
 
+@ap_federation_blueprint.route('/inbox', methods=['GET', 'POST'])
+@federation_required_for_route
+def shared_inbox(app_domain: Domain) -> Union[Dict, HttpResponse]:
+    """
+    Post an activity to shared inbox
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      POST /federation/inbox HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success"
+      }
+
+    :<json json activity: activity
+
+    :statuscode 200: success
+    :statuscode 400: invalid payload
+    :statuscode 403: error, federation is disabled for this instance
+    """
+    return inbox(request)
+
+
 def get_relationships(
     local_actor: Actor, relation: str
 ) -> Union[Dict, HttpResponse]:
diff --git a/fittrackee/tests/federation/federation/test_federation_shared_inbox.py b/fittrackee/tests/federation/federation/test_federation_shared_inbox.py
new file mode 100644
index 000000000..67c38f884
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_shared_inbox.py
@@ -0,0 +1,172 @@
+import json
+from typing import Dict, Tuple
+from unittest.mock import Mock, patch
+
+import pytest
+import requests
+from flask import Flask
+from werkzeug.test import TestResponse
+
+from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.enums import ActivityType
+from fittrackee.federation.models import Actor
+from fittrackee.federation.signature import (
+    generate_digest,
+    generate_signature_header,
+)
+from fittrackee.users.models import User
+
+from ...mixins import ApiTestCaseMixin
+from ...utils import generate_response, get_date_string, random_string
+
+
+class TestSharedInbox(ApiTestCaseMixin):
+    route = '/federation/inbox'
+
+    def post_to_shared_inbox(
+        self, app_with_federation: Flask, actor: Actor
+    ) -> Tuple[Dict, TestResponse]:
+        actor.generate_keys()
+        date_str = get_date_string()
+        client = app_with_federation.test_client()
+        note_activity: Dict = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.CREATE.value,
+            'actor': actor.activitypub_id,
+            'object': {
+                'type': 'Note',
+                'content': self.random_string(),
+            },
+        }
+        digest = generate_digest(note_activity)
+
+        with patch.object(requests, 'get') as requests_mock:
+            requests_mock.return_value = generate_response(
+                status_code=200,
+                content=actor.serialize(),
+            )
+            requests_mock.path = self.route
+            response = client.post(
+                self.route,
+                content_type='application/json',
+                headers={
+                    'Host': actor.domain.name,
+                    'Date': date_str,
+                    'Digest': digest,
+                    'Signature': generate_signature_header(
+                        host=actor.domain.name,
+                        path=self.route,
+                        date_str=date_str,
+                        actor=actor,
+                        digest=digest,
+                    ),
+                    'Content-Type': 'application/ld+json',
+                },
+                data=json.dumps(note_activity),
+            )
+
+        return note_activity, response
+
+    def test_it_returns_403_when_federation_is_disabled(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            self.route,
+            content_type='application/json',
+            data=json.dumps({}),
+        )
+
+        self.assert_403(
+            response, 'error, federation is disabled for this instance'
+        )
+
+    def test_it_returns_401_if_headers_are_missing(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        client = app_with_federation.test_client()
+        note_activity = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.CREATE.value,
+            'actor': random_string(),
+            'object': {
+                'type': 'Note',
+                'content': self.random_string(),
+            },
+        }
+
+        response = client.post(
+            self.route,
+            content_type='application/json',
+            data=json.dumps(note_activity),
+        )
+
+        assert response.status_code == 401
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Invalid signature.' in data['message']
+
+    @pytest.mark.disable_autouse_generate_keys
+    def test_it_returns_401_if_signature_is_invalid(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        client = app_with_federation.test_client()
+        note_activity = {
+            '@context': AP_CTX,
+            'id': random_string(),
+            'type': ActivityType.CREATE.value,
+            'actor': random_string(),
+            'object': {
+                'type': 'Note',
+                'content': self.random_string(),
+            },
+        }
+
+        response = client.post(
+            self.route,
+            content_type='application/json',
+            headers={
+                'Host': random_string(),
+                'Date': random_string(),
+                'Signature': random_string(),
+            },
+            data=json.dumps(note_activity),
+        )
+
+        assert response.status_code == 401
+        data = json.loads(response.data.decode())
+        assert 'error' in data['status']
+        assert 'Invalid signature.' in data['message']
+
+    @pytest.mark.disable_autouse_generate_keys
+    @patch('fittrackee.federation.inbox.handle_activity')
+    def test_it_returns_200_if_activity_and_signature_are_valid(
+        self,
+        handle_activity: Mock,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        _, response = self.post_to_shared_inbox(
+            app_with_federation, remote_user.actor
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+
+    @pytest.mark.disable_autouse_generate_keys
+    @patch('fittrackee.federation.inbox.handle_activity')
+    def test_it_calls_handle_activity_task(
+        self,
+        handle_activity: Mock,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        activity_dict, _ = self.post_to_shared_inbox(
+            app_with_federation, remote_user.actor
+        )
+
+        handle_activity.send.assert_called_with(activity=activity_dict)
diff --git a/fittrackee/tests/federation/federation/test_users_inbox.py b/fittrackee/tests/federation/federation/test_federation_users_inbox.py
similarity index 88%
rename from fittrackee/tests/federation/federation/test_users_inbox.py
rename to fittrackee/tests/federation/federation/test_federation_users_inbox.py
index 62241dc23..0ddf54db3 100644
--- a/fittrackee/tests/federation/federation/test_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_users_inbox.py
@@ -17,50 +17,45 @@
 from fittrackee.users.models import User
 
 from ...mixins import ApiTestCaseMixin
-from ...utils import (
-    generate_response,
-    get_date_string,
-    random_domain,
-    random_string,
-)
+from ...utils import generate_response, get_date_string, random_string
 
 
 class TestUserInbox(ApiTestCaseMixin):
     @staticmethod
     def post_to_user_inbox(
-        app_with_federation: Flask, actor_1: Actor, actor_2: Actor
+        app_with_federation: Flask, remote_actor: Actor, local_actor: Actor
     ) -> Tuple[Dict, TestResponse]:
-        host = random_domain()
+        remote_actor.generate_keys()
         date_str = get_date_string()
         client = app_with_federation.test_client()
-        inbox_path = f'/federation/user/{actor_1.preferred_username}/inbox'
+        inbox_path = f'/federation/user/{local_actor.preferred_username}/inbox'
         follow_activity: Dict = {
             '@context': AP_CTX,
             'id': random_string(),
             'type': ActivityType.FOLLOW.value,
-            'actor': actor_2.activitypub_id,
-            'object': actor_1.activitypub_id,
+            'actor': remote_actor.activitypub_id,
+            'object': local_actor.activitypub_id,
         }
         digest = generate_digest(follow_activity)
 
         with patch.object(requests, 'get') as requests_mock:
             requests_mock.return_value = generate_response(
                 status_code=200,
-                content=actor_2.serialize(),
+                content=remote_actor.serialize(),
             )
             requests_mock.path = inbox_path
             response = client.post(
                 inbox_path,
                 content_type='application/json',
                 headers={
-                    'Host': host,
+                    'Host': remote_actor.domain.name,
                     'Date': date_str,
                     'Digest': digest,
                     'Signature': generate_signature_header(
-                        host=host,
+                        host=remote_actor.domain.name,
                         path=inbox_path,
                         date_str=date_str,
-                        actor=actor_2,
+                        actor=remote_actor,
                         digest=digest,
                     ),
                     'Content-Type': 'application/ld+json',
@@ -179,11 +174,11 @@ def test_it_returns_200_if_activity_and_signature_are_valid(
         self,
         handle_activity: Mock,
         app_with_federation: Flask,
+        remote_user: User,
         user_1: User,
-        user_2: User,
     ) -> None:
         _, response = self.post_to_user_inbox(
-            app_with_federation, user_1.actor, user_2.actor
+            app_with_federation, remote_user.actor, user_1.actor
         )
 
         assert response.status_code == 200
@@ -196,11 +191,11 @@ def test_it_calls_handle_activity_task(
         self,
         handle_activity: Mock,
         app_with_federation: Flask,
+        remote_user: User,
         user_1: User,
-        user_2: User,
     ) -> None:
-        activity_dict, response = self.post_to_user_inbox(
-            app_with_federation, user_1.actor, user_2.actor
+        activity_dict, _ = self.post_to_user_inbox(
+            app_with_federation, remote_user.actor, user_1.actor
         )
 
         handle_activity.send.assert_called_with(activity=activity_dict)

From cfdac062ef382c771ce3e5ec8dd42f870ba785c6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 13:27:25 +0200
Subject: [PATCH 131/238] API - get followers shared inbox

---
 .../federation/users/test_users_model.py      | 80 +++++++++++++++++++
 .../tests/fixtures/fixtures_federation.py     | 10 ++-
 .../fixtures/fixtures_federation_users.py     |  5 ++
 fittrackee/tests/users/test_users_model.py    |  8 ++
 fittrackee/users/models.py                    | 17 ++++
 5 files changed, 119 insertions(+), 1 deletion(-)

diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index b5ec5df63..76af78d6b 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -4,6 +4,7 @@
 from flask import Flask
 
 from fittrackee.federation.constants import AP_CTX
+from fittrackee.tests.utils import generate_follow_request
 from fittrackee.users.models import FollowRequest, User
 
 
@@ -206,3 +207,82 @@ def test_local_actor_sends_undo_activity_to_remote_actor(
             activity=expected_activity,
             recipients=[remote_user.actor.inbox_url],
         )
+
+
+class TestUserGetRecipientsSharedInbox:
+    def test_it_returns_empty_set_if_not_followers(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        inboxes = user_1.get_followers_shared_inboxes()
+
+        assert inboxes == {
+            'fittrackee': set(),
+            'others': set(),
+        }
+
+    def test_it_returns_empty_set_if_only_local_followers(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+
+        inboxes = user_1.get_followers_shared_inboxes()
+
+        assert inboxes == {
+            'fittrackee': set(),
+            'others': set(),
+        }
+
+    def test_it_returns_shared_inbox_when_remote_followers_from_fittrackee_instance(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+
+        inboxes = user_1.get_followers_shared_inboxes()
+
+        assert inboxes == {
+            'fittrackee': {remote_user.actor.shared_inbox_url},
+            'others': set(),
+        }
+
+    def test_it_returns_shared_inbox_when_remote_followers_from_not_fittrackee_instance(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+
+        inboxes = user_1.get_followers_shared_inboxes()
+
+        assert inboxes == {
+            'fittrackee': set(),
+            'others': {remote_user_2.actor.shared_inbox_url},
+        }
+
+    def test_it_returns_shared_inbox_from_several_remote_users(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        remote_user_2: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+
+        inboxes = user_1.get_followers_shared_inboxes()
+
+        assert inboxes == {
+            'fittrackee': {remote_user.actor.shared_inbox_url},
+            'others': {remote_user_2.actor.shared_inbox_url},
+        }
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index d8176a2f7..210651929 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -18,7 +18,15 @@ def app_actor(app: Flask) -> Actor:
 
 @pytest.fixture()
 def remote_domain(app_with_federation: Flask) -> Domain:
-    remote_domain = Domain(name=random_domain())
+    remote_domain = Domain(name=random_domain(), software_name='fittrackee')
+    db.session.add(remote_domain)
+    db.session.commit()
+    return remote_domain
+
+
+@pytest.fixture()
+def another_remote_domain(app_with_federation: Flask) -> Domain:
+    remote_domain = Domain(name=random_domain(), software_name='mastodon')
     db.session.add(remote_domain)
     db.session.commit()
     return remote_domain
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index 4ded3497d..a6e239b12 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -48,6 +48,11 @@ def remote_user(remote_domain: Domain) -> User:
     return generate_remote_user(remote_domain)
 
 
+@pytest.fixture()
+def remote_user_2(another_remote_domain: Domain) -> User:
+    return generate_remote_user(another_remote_domain)
+
+
 @pytest.fixture()
 def remote_user_without_profile_page(remote_domain: Domain) -> User:
     return generate_remote_user(remote_domain, without_profile_page=True)
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 4bc8f825c..4f0e610cd 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -617,3 +617,11 @@ def test_it_returns_follower_if_follow_request_is_approved(
         follow_request_from_user_1_to_user_2.updated_at = datetime.now()
 
         assert user_1.following.all() == [user_2]
+
+
+class TestUserGetRecipientsSharedInbox:
+    def test_it_raises_exception_if_federation_disabled(
+        self, app: Flask, user_1: User
+    ) -> None:
+        with pytest.raises(FederationDisabledException):
+            user_1.get_followers_shared_inboxes()
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index e9e51c966..6c7835068 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -381,6 +381,23 @@ def follows(self, user: 'User') -> str:
         ).first()
         return self.follow_request_status(follow_request)
 
+    @federation_required
+    def get_followers_shared_inboxes(self) -> Dict:
+        fittrackee_shared_inboxes = set()
+        other_shared_inboxes = set()
+        for follower in self.followers.all():
+            if follower.actor.is_remote:
+                if follower.actor.domain.software_name == 'fittrackee':
+                    fittrackee_shared_inboxes.add(
+                        follower.actor.shared_inbox_url
+                    )
+                else:
+                    other_shared_inboxes.add(follower.actor.shared_inbox_url)
+        return {
+            'fittrackee': fittrackee_shared_inboxes,
+            'others': other_shared_inboxes,
+        }
+
     def get_user_url(self) -> str:
         """Return user url on user interface"""
         return f"{current_app.config['UI_URL']}/users/{self.username}"

From 40e82b11df6860d9ba4786c56be5f40ea1181f4d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 13:38:30 +0200
Subject: [PATCH 132/238] API - inbox minor refacto

---
 fittrackee/federation/inbox.py                | 10 +++---
 fittrackee/federation/tasks/inbox.py          | 18 ++++++++++
 fittrackee/federation/tasks/user_inbox.py     | 22 ------------
 .../test_federation_remote_inbox.py           | 16 ++++-----
 ...nbox.py => test_federation_tasks_inbox.py} | 26 +++++++-------
 .../federation/users/test_users_follow_api.py | 36 +++++++++----------
 .../users/test_users_follow_request_api.py    | 36 +++++++++----------
 .../federation/users/test_users_model.py      | 18 +++++-----
 fittrackee/tests/mixins.py                    | 10 +++---
 .../tests/users/test_users_follow_api.py      | 12 +++----
 fittrackee/tests/users/test_users_model.py    | 12 +++----
 fittrackee/users/models.py                    | 10 +++---
 12 files changed, 110 insertions(+), 116 deletions(-)
 create mode 100644 fittrackee/federation/tasks/inbox.py
 delete mode 100644 fittrackee/federation/tasks/user_inbox.py
 rename fittrackee/tests/federation/federation/{test_federation_tasks_user_inbox.py => test_federation_tasks_inbox.py} (66%)

diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index b5bad5350..a0bbfb343 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -41,11 +41,9 @@ def inbox(request: Request) -> Union[Dict, HttpResponse]:
     return {'status': 'success'}
 
 
-def send_to_remote_user_inbox(
-    sender: Actor, activity: Dict, recipient_inbox_url: str
-) -> None:
+def send_to_inbox(sender: Actor, activity: Dict, inbox_url: str) -> None:
     now_str = datetime.utcnow().strftime(VALID_DATE_FORMAT)
-    parsed_inbox_url = urlparse(recipient_inbox_url)
+    parsed_inbox_url = urlparse(inbox_url)
     digest = generate_digest(activity)
     signed_header = generate_signature_header(
         host=parsed_inbox_url.netloc,
@@ -55,7 +53,7 @@ def send_to_remote_user_inbox(
         digest=digest,
     )
     response = requests.post(
-        recipient_inbox_url,
+        inbox_url,
         data=dumps(activity),
         headers={
             'Host': parsed_inbox_url.netloc,
@@ -67,7 +65,7 @@ def send_to_remote_user_inbox(
     )
     if response.status_code >= 400:
         appLog.error(
-            f"Error when send to user inbox '{recipient_inbox_url}', "
+            f"Error when send to inbox '{inbox_url}', "
             f"status code: {response.status_code}, "
             f"content: {response.content.decode()}"
         )
diff --git a/fittrackee/federation/tasks/inbox.py b/fittrackee/federation/tasks/inbox.py
new file mode 100644
index 000000000..63d252ffc
--- /dev/null
+++ b/fittrackee/federation/tasks/inbox.py
@@ -0,0 +1,18 @@
+from typing import Dict, List
+
+from fittrackee import appLog, dramatiq
+from fittrackee.federation.exceptions import SenderNotFoundException
+from fittrackee.federation.inbox import send_to_inbox
+from fittrackee.federation.models import Actor
+
+
+@dramatiq.actor(queue_name='fittrackee_send_to_remote_inbox')
+def send_to_remote_inbox(
+    sender_id: int, activity: Dict, recipients: List
+) -> None:
+    sender = Actor.query.filter_by(id=sender_id).first()
+    if not sender:
+        appLog.error('Sender not found when sending to inbox.')
+        raise SenderNotFoundException()
+    for inbox_url in recipients:
+        send_to_inbox(sender=sender, activity=activity, inbox_url=inbox_url)
diff --git a/fittrackee/federation/tasks/user_inbox.py b/fittrackee/federation/tasks/user_inbox.py
deleted file mode 100644
index e53b36b07..000000000
--- a/fittrackee/federation/tasks/user_inbox.py
+++ /dev/null
@@ -1,22 +0,0 @@
-from typing import Dict, List
-
-from fittrackee import appLog, dramatiq
-from fittrackee.federation.exceptions import SenderNotFoundException
-from fittrackee.federation.inbox import send_to_remote_user_inbox
-from fittrackee.federation.models import Actor
-
-
-@dramatiq.actor(queue_name='fittrackee_users_inbox')
-def send_to_users_inbox(
-    sender_id: int, activity: Dict, recipients: List
-) -> None:
-    sender = Actor.query.filter_by(id=sender_id).first()
-    if not sender:
-        appLog.error('Sender not found when sending to users inbox.')
-        raise SenderNotFoundException()
-    for recipient_inbox_url in recipients:
-        send_to_remote_user_inbox(
-            sender=sender,
-            activity=activity,
-            recipient_inbox_url=recipient_inbox_url,
-        )
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
index 834e3fdda..6176dbdb2 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -7,7 +7,7 @@
 from flask import Flask
 from freezegun import freeze_time
 
-from fittrackee.federation.inbox import send_to_remote_user_inbox
+from fittrackee.federation.inbox import send_to_inbox
 from fittrackee.users.models import User
 
 from ...mixins import BaseTestMixin
@@ -36,10 +36,10 @@ def test_it_calls_generate_signature_header(
         generate_digest_mock.return_value = digest
 
         with freeze_time(now):
-            send_to_remote_user_inbox(
+            send_to_inbox(
                 sender=actor_1,
                 activity={'foo': 'bar'},
-                recipient_inbox_url=remote_actor.inbox_url,
+                inbox_url=remote_actor.inbox_url,
             )
 
         generate_signature_header_mock.assert_called_with(
@@ -74,10 +74,10 @@ def test_it_calls_requests_post(
         generate_digest_mock.return_value = digest
 
         with freeze_time(now):
-            send_to_remote_user_inbox(
+            send_to_inbox(
                 sender=actor_1,
                 activity=activity,
-                recipient_inbox_url=remote_actor.inbox_url,
+                inbox_url=remote_actor.inbox_url,
             )
 
         requests_mock.post.assert_called_with(
@@ -111,16 +111,16 @@ def test_it_logs_error_if_remote_inbox_returns_error(
             status_code=status_code, content=content
         )
 
-        send_to_remote_user_inbox(
+        send_to_inbox(
             sender=actor_1,
             activity={'foo': 'bar'},
-            recipient_inbox_url=remote_actor.inbox_url,
+            inbox_url=remote_actor.inbox_url,
         )
 
         assert len(caplog.records) == 1
         assert caplog.records[0].levelname == 'ERROR'
         assert caplog.records[0].message == (
-            f"Error when send to user inbox '{remote_actor.inbox_url}', "
+            f"Error when send to inbox '{remote_actor.inbox_url}', "
             f"status code: {status_code}, "
             f"content: {content}"
         )
diff --git a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py b/fittrackee/tests/federation/federation/test_federation_tasks_inbox.py
similarity index 66%
rename from fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
rename to fittrackee/tests/federation/federation/test_federation_tasks_inbox.py
index 988131a0c..2b25eeaaa 100644
--- a/fittrackee/tests/federation/federation/test_federation_tasks_user_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_tasks_inbox.py
@@ -4,7 +4,7 @@
 from flask import Flask
 
 from fittrackee.federation.exceptions import SenderNotFoundException
-from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
+from fittrackee.federation.tasks.inbox import send_to_remote_inbox
 from fittrackee.users.models import FollowRequest, User
 
 from ...utils import random_domain_with_scheme, random_string
@@ -18,37 +18,37 @@ def test_it_raises_error_if_sender_does_not_exist(
         remote_user: User,
     ) -> None:
         with pytest.raises(SenderNotFoundException):
-            send_to_users_inbox(
+            send_to_remote_inbox(
                 sender_id=0,
                 activity=follow_request_from_user_1_to_user_2.get_activity(),
                 recipients=[remote_user.actor.inbox_url],
             )
 
-    @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
-    def test_it_calls_send_to_remote_user_inbox(
+    @patch('fittrackee.federation.tasks.inbox.send_to_inbox')
+    def test_it_calls_send_to_inbox(
         self,
-        send_to_remote_user_inbox_mock: Mock,
+        send_to_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
     ) -> None:
         activity = {'foo': 'bar'}
-        send_to_users_inbox(
+        send_to_remote_inbox(
             sender_id=user_1.actor.id,
             activity=activity,
             recipients=[remote_user.actor.inbox_url],
         )
 
-        send_to_remote_user_inbox_mock.assert_called_with(
+        send_to_inbox_mock.assert_called_with(
             sender=user_1.actor,
             activity=activity,
-            recipient_inbox_url=remote_user.actor.inbox_url,
+            inbox_url=remote_user.actor.inbox_url,
         )
 
-    @patch('fittrackee.federation.tasks.user_inbox.send_to_remote_user_inbox')
-    def test_it_calls_send_to_remote_user_inbox_for_each_recipient(
+    @patch('fittrackee.federation.tasks.inbox.send_to_inbox')
+    def test_it_calls_send_to_inbox_for_each_recipient(
         self,
-        send_to_remote_user_inbox_mock: Mock,
+        send_to_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
     ) -> None:
@@ -58,10 +58,10 @@ def test_it_calls_send_to_remote_user_inbox_for_each_recipient(
             for _ in range(nb_recipients)
         ]
 
-        send_to_users_inbox(
+        send_to_remote_inbox(
             sender_id=user_1.actor.id,
             activity={},
             recipients=recipients,
         )
 
-        assert send_to_remote_user_inbox_mock.call_count == nb_recipients
+        assert send_to_inbox_mock.call_count == nb_recipients
diff --git a/fittrackee/tests/federation/users/test_users_follow_api.py b/fittrackee/tests/federation/users/test_users_follow_api.py
index b53f8cef6..40b29ab3a 100644
--- a/fittrackee/tests/federation/users/test_users_follow_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_api.py
@@ -145,10 +145,10 @@ def test_it_returns_success_if_follow_request_already_exists(
             f"is sent."
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -163,7 +163,7 @@ def test_it_does_not_call_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
 
 class TestRemoteFollowWithFederation(ApiTestCaseMixin, UserInboxTestMixin):
@@ -206,10 +206,10 @@ def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domai
 
         self.assert_404_with_entity(response, 'user')
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_creates_follow_request(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -259,10 +259,10 @@ def test_it_returns_success_if_follow_request_already_exists(
             == f"Follow request to user '{remote_actor.fullname}' is sent."
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_calls_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -282,8 +282,8 @@ def test_it_calls_send_to_user_inbox(
             follower_user_id=user_1.id,
             followed_user_id=remote_actor.user.id,
         ).first()
-        self.assert_send_to_users_inbox_called_once(
-            send_to_users_inbox_mock,
+        self.assert_send_to_remote_inbox_called_once(
+            send_to_remote_inbox_mock,
             local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
@@ -351,10 +351,10 @@ def test_it_removes_follow_request(
         )
         assert user_1.following.count() == 0
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -370,7 +370,7 @@ def test_it_does_not_call_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
 
 class TestRemoteUnfollowWithFederation(ApiTestCaseMixin, UserInboxTestMixin):
@@ -413,10 +413,10 @@ def test_it_raise_error_if_remote_actor_does_not_exist_for_existing_remote_domai
 
         self.assert_404_with_entity(response, 'user')
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_removes_follow_request(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -442,10 +442,10 @@ def test_it_removes_follow_request(
         )
         assert user_1.following.count() == 0
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_calls_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -466,8 +466,8 @@ def test_it_calls_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        self.assert_send_to_users_inbox_called_once(
-            send_to_users_inbox_mock,
+        self.assert_send_to_remote_inbox_called_once(
+            send_to_remote_inbox_mock,
             local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index eeb1848b0..3ff006a33 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -118,10 +118,10 @@ def test_it_accepts_follow_request(
             client, auth_token, user_2.username, 'accept'
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -137,16 +137,16 @@ def test_it_does_not_call_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
 
 class TestAcceptRemoteFollowRequestWithFederation(
     FollowRequestTestCase, UserInboxTestMixin
 ):
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_accepts_follow_request(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -163,10 +163,10 @@ def test_it_accepts_follow_request(
             'accept',
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_calls_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -187,8 +187,8 @@ def test_it_calls_send_to_user_inbox(
             follower_user_id=remote_actor.user.id,
             followed_user_id=user_1.id,
         ).first()
-        self.assert_send_to_users_inbox_called_once(
-            send_to_users_inbox_mock,
+        self.assert_send_to_remote_inbox_called_once(
+            send_to_remote_inbox_mock,
             local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
@@ -253,10 +253,10 @@ def test_it_rejects_follow_request(
             client, auth_token, user_2.username, 'reject'
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -272,16 +272,16 @@ def test_it_does_not_call_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
 
 class TestRejectRemoteFollowRequestWithFederation(
     FollowRequestTestCase, UserInboxTestMixin
 ):
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_accepts_follow_request(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -298,10 +298,10 @@ def test_it_accepts_follow_request(
             'reject',
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_calls_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -322,8 +322,8 @@ def test_it_calls_send_to_user_inbox(
             follower_user_id=remote_actor.user.id,
             followed_user_id=user_1.id,
         ).first()
-        self.assert_send_to_users_inbox_called_once(
-            send_to_users_inbox_mock,
+        self.assert_send_to_remote_inbox_called_once(
+            send_to_remote_inbox_mock,
             local_actor=user_1.actor,
             remote_actor=remote_actor,
             base_object=follow_request,
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 76af78d6b..6d0e6f189 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -138,10 +138,10 @@ def test_it_returns_reject_activity_object_when_follow_request_is_rejected(
 
 
 class TestUserFollowingModelWithFederation:
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_local_actor_sends_follow_requests_to_remote_actor(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -153,16 +153,16 @@ def test_local_actor_sends_follow_requests_to_remote_actor(
         assert follow_request in actor_1.user.sent_follow_requests.all()
         assert follow_request.is_approved is False
         assert follow_request.updated_at is None
-        send_to_users_inbox_mock.send.assert_called_with(
+        send_to_remote_inbox_mock.send.assert_called_with(
             sender_id=actor_1.id,
             activity=follow_request.get_activity(),
             recipients=[remote_actor.inbox_url],
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(  # noqa
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -175,7 +175,7 @@ def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(
         assert follow_request in remote_actor.user.sent_follow_requests.all()
         assert follow_request.is_approved is True
         assert follow_request.updated_at is not None
-        send_to_users_inbox_mock.send.assert_called_with(
+        send_to_remote_inbox_mock.send.assert_called_with(
             sender_id=actor_1.id,
             activity=follow_request.get_activity(),
             recipients=[remote_actor.inbox_url],
@@ -183,10 +183,10 @@ def test_follow_request_is_automatically_accepted_if_manually_approved_if_false(
 
 
 class TestUserUnfollowModelWithFederation:
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_local_actor_sends_undo_activity_to_remote_actor(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -202,7 +202,7 @@ def test_local_actor_sends_undo_activity_to_remote_actor(
 
         user_1.unfollows(remote_user)
 
-        send_to_users_inbox_mock.send.assert_called_with(
+        send_to_remote_inbox_mock.send.assert_called_with(
             sender_id=user_1.actor.id,
             activity=expected_activity,
             recipients=[remote_user.actor.inbox_url],
diff --git a/fittrackee/tests/mixins.py b/fittrackee/tests/mixins.py
index 42d852f38..445fe7346 100644
--- a/fittrackee/tests/mixins.py
+++ b/fittrackee/tests/mixins.py
@@ -169,20 +169,20 @@ def assert_return_user_not_found(
 
 
 class UserInboxTestMixin(BaseTestMixin):
-    def assert_send_to_users_inbox_called_once(
+    def assert_send_to_remote_inbox_called_once(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         local_actor: Actor,
         remote_actor: Actor,
         base_object: Any,
         activity_args: Optional[Dict] = None,
     ) -> None:
-        send_to_users_inbox_mock.send.assert_called_once()
+        send_to_remote_inbox_mock.send.assert_called_once()
         self.assert_call_args_keys_equal(
-            send_to_users_inbox_mock.send,
+            send_to_remote_inbox_mock.send,
             ['sender_id', 'activity', 'recipients'],
         )
-        call_args = self.get_call_kwargs(send_to_users_inbox_mock.send)
+        call_args = self.get_call_kwargs(send_to_remote_inbox_mock.send)
         assert call_args['sender_id'] == local_actor.id
         assert call_args['recipients'] == [remote_actor.inbox_url]
         activity = base_object.get_activity(
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index 123d96623..4a51abb2e 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -99,10 +99,10 @@ def test_it_returns_success_if_follow_request_already_exists(
             == f"Follow request to user '{user_2.username}' is sent."
         )
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app: Flask,
         user_1: User,
         user_2: User,
@@ -117,7 +117,7 @@ def test_it_does_not_call_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
 
 class TestUnfollowWithoutFederation(ApiTestCaseMixin):
@@ -183,10 +183,10 @@ def test_it_removes_follow_request(
         )
         assert user_1.following.count() == 0
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app: Flask,
         user_1: User,
         user_2: User,
@@ -202,4 +202,4 @@ def test_it_does_not_call_send_to_user_inbox(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 4f0e610cd..d8aa2b997 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -403,17 +403,17 @@ def test_user_2_sends_follow_requests_to_user_1(
 
         assert follow_request in user_2.sent_follow_requests.all()
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox_when_federation_is_disabled(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app: Flask,
         user_1: User,
         user_2: User,
     ) -> None:
         user_2.send_follow_request_to(user_1)
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
     def test_user_1_receives_follow_requests_from_user_2(
         self,
@@ -544,10 +544,10 @@ def test_it_removes_pending_follow_request(
 
         assert user_1.sent_follow_requests.all() == []
 
-    @patch('fittrackee.users.models.send_to_users_inbox')
+    @patch('fittrackee.users.models.send_to_remote_inbox')
     def test_it_does_not_call_send_to_user_inbox_when_federation_is_disabled(
         self,
-        send_to_users_inbox_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
         app: Flask,
         user_1: User,
         user_2: User,
@@ -558,7 +558,7 @@ def test_it_does_not_call_send_to_user_inbox_when_federation_is_disabled(
 
         user_1.unfollows(user_2)
 
-        send_to_users_inbox_mock.send.assert_not_called()
+        send_to_remote_inbox_mock.send.assert_not_called()
 
 
 class TestUserFollowers:
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 6c7835068..658abdb69 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -13,7 +13,7 @@
 from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.models import Actor, Domain
-from fittrackee.federation.tasks.user_inbox import send_to_users_inbox
+from fittrackee.federation.tasks.inbox import send_to_remote_inbox
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Workout
 
@@ -275,7 +275,7 @@ def send_follow_request_to(self, target: 'User') -> FollowRequest:
         if current_app.config['federation_enabled']:
             # send Follow activity to remote followed user
             if target.actor.is_remote:
-                send_to_users_inbox.send(
+                send_to_remote_inbox.send(
                     sender_id=self.actor.id,
                     activity=follow_request.get_activity(),
                     recipients=[target.actor.inbox_url],
@@ -284,7 +284,7 @@ def send_follow_request_to(self, target: 'User') -> FollowRequest:
             # send Accept activity to remote follower user if local followed
             # user accepts follow requests automatically
             if self.actor.is_remote and not target.manually_approves_followers:
-                send_to_users_inbox.send(
+                send_to_remote_inbox.send(
                     sender_id=target.actor.id,
                     activity=follow_request.get_activity(),
                     recipients=[self.actor.inbox_url],
@@ -304,7 +304,7 @@ def unfollows(self, target: 'User') -> None:
 
             # send Undo activity to remote followed user
             if target.actor.is_remote:
-                send_to_users_inbox.send(
+                send_to_remote_inbox.send(
                     sender_id=self.actor.id,
                     activity=undo_activity,
                     recipients=[target.actor.inbox_url],
@@ -339,7 +339,7 @@ def _processes_follow_request_from(
         db.session.commit()
 
         if current_app.config['federation_enabled'] and user.actor.is_remote:
-            send_to_users_inbox.send(
+            send_to_remote_inbox.send(
                 sender_id=self.actor.id,
                 activity=follow_request.get_activity(),
                 recipients=[user.actor.inbox_url],

From 5769540d7a4fb085424a3fb9060b031ef5a9242b Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 16:19:30 +0200
Subject: [PATCH 133/238] API - minor tests refacto

---
 fittrackee/federation/inbox.py                |  4 +-
 fittrackee/federation/signature.py            |  4 +-
 ... => test_federation_activities_actions.py} |  0
 .../test_federation_activities_workout.py     |  4 +-
 .../test_federation_remote_inbox.py           | 21 +++++---
 .../test_federation_shared_inbox.py           | 25 ++++-----
 .../federation/test_federation_signature.py   | 24 +++++----
 .../federation/test_federation_users_inbox.py |  3 +-
 fittrackee/tests/mixins.py                    | 19 ++++++-
 fittrackee/tests/utils.py                     | 14 +++--
 .../test_workouts_api_0_get_workout.py        | 51 ++++++++++---------
 .../workouts/test_workouts_api_2_patch.py     |  4 +-
 .../workouts/test_workouts_api_3_delete.py    |  4 +-
 fittrackee/tests/workouts/utils.py            |  6 ---
 14 files changed, 107 insertions(+), 76 deletions(-)
 rename fittrackee/tests/federation/federation/{test_federation_activities.py => test_federation_activities_actions.py} (100%)

diff --git a/fittrackee/federation/inbox.py b/fittrackee/federation/inbox.py
index a0bbfb343..ec0cb9439 100644
--- a/fittrackee/federation/inbox.py
+++ b/fittrackee/federation/inbox.py
@@ -16,7 +16,7 @@
 from .exceptions import InvalidSignatureException
 from .models import Actor
 from .signature import (
-    VALID_DATE_FORMAT,
+    VALID_SIG_DATE_FORMAT,
     SignatureVerification,
     generate_digest,
     generate_signature_header,
@@ -42,7 +42,7 @@ def inbox(request: Request) -> Union[Dict, HttpResponse]:
 
 
 def send_to_inbox(sender: Actor, activity: Dict, inbox_url: str) -> None:
-    now_str = datetime.utcnow().strftime(VALID_DATE_FORMAT)
+    now_str = datetime.utcnow().strftime(VALID_SIG_DATE_FORMAT)
     parsed_inbox_url = urlparse(inbox_url)
     digest = generate_digest(activity)
     signed_header = generate_signature_header(
diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index bcddb79f4..dbab24b3c 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -20,7 +20,7 @@
 from .models import Actor
 
 VALID_DATE_DELTA = 30  # in seconds
-VALID_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
+VALID_SIG_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
 VALID_SIG_KEYS = ['keyId', 'headers', 'signature']
 SUPPORTED_ALGORITHMS = {
     'rsa-sha256': {'algorithm': 'SHA-256', 'hash_function': hashlib.sha256},
@@ -117,7 +117,7 @@ def is_date_invalid(self) -> bool:
         if not self.date_str:
             return True
         try:
-            date = datetime.strptime(self.date_str, VALID_DATE_FORMAT)
+            date = datetime.strptime(self.date_str, VALID_SIG_DATE_FORMAT)
         except ValueError:
             return True
         delta = datetime.utcnow() - date
diff --git a/fittrackee/tests/federation/federation/test_federation_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
similarity index 100%
rename from fittrackee/tests/federation/federation/test_federation_activities.py
rename to fittrackee/tests/federation/federation/test_federation_activities_actions.py
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_workout.py b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
index 0c0c876ab..137d881ba 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
@@ -13,9 +13,7 @@
 class WorkoutObjectTestCase(RandomMixin):
     @staticmethod
     def expected_url(user: User, workout: Workout) -> str:
-        return (
-            f'https://{user.actor.domain.name}/workouts/' f'{workout.short_id}'
-        )
+        return f'https://{user.actor.domain.name}/workouts/{workout.short_id}'
 
 
 class TestWorkoutObject(WorkoutObjectTestCase):
diff --git a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
index 6176dbdb2..a78fe889e 100644
--- a/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_remote_inbox.py
@@ -8,13 +8,14 @@
 from freezegun import freeze_time
 
 from fittrackee.federation.inbox import send_to_inbox
+from fittrackee.federation.signature import VALID_SIG_DATE_FORMAT
 from fittrackee.users.models import User
 
-from ...mixins import BaseTestMixin
-from ...utils import generate_response, get_date_string, random_string
+from ...mixins import BaseTestMixin, RandomMixin
+from ...utils import generate_response
 
 
-class TestSendToRemoteInbox(BaseTestMixin):
+class TestSendToRemoteInbox(BaseTestMixin, RandomMixin):
     @patch('fittrackee.federation.inbox.generate_digest')
     @patch('fittrackee.federation.inbox.generate_signature_header')
     @patch('fittrackee.federation.inbox.requests')
@@ -32,7 +33,7 @@ def test_it_calls_generate_signature_header(
         now = datetime.utcnow()
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
-        digest = random_string()
+        digest = self.random_string()
         generate_digest_mock.return_value = digest
 
         with freeze_time(now):
@@ -45,7 +46,9 @@ def test_it_calls_generate_signature_header(
         generate_signature_header_mock.assert_called_with(
             host=parsed_inbox_url.netloc,
             path=parsed_inbox_url.path,
-            date_str=get_date_string(now),
+            date_str=self.get_date_string(
+                date_format=VALID_SIG_DATE_FORMAT, date=now
+            ),
             actor=actor_1,
             digest=digest,
         )
@@ -68,9 +71,9 @@ def test_it_calls_requests_post(
         now = datetime.utcnow()
         parsed_inbox_url = urlparse(remote_actor.inbox_url)
         requests_mock.post.return_value = generate_response(status_code=200)
-        signed_header = random_string()
+        signed_header = self.random_string()
         generate_signature_header_mock.return_value = signed_header
-        digest = random_string()
+        digest = self.random_string()
         generate_digest_mock.return_value = digest
 
         with freeze_time(now):
@@ -85,7 +88,9 @@ def test_it_calls_requests_post(
             data=dumps(activity),
             headers={
                 'Host': parsed_inbox_url.netloc,
-                'Date': get_date_string(now),
+                'Date': self.get_date_string(
+                    date_format=VALID_SIG_DATE_FORMAT, date=now
+                ),
                 'Digest': digest,
                 'Signature': signed_header,
                 'Content-Type': 'application/ld+json',
diff --git a/fittrackee/tests/federation/federation/test_federation_shared_inbox.py b/fittrackee/tests/federation/federation/test_federation_shared_inbox.py
index 67c38f884..c891ce407 100644
--- a/fittrackee/tests/federation/federation/test_federation_shared_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_shared_inbox.py
@@ -11,27 +11,28 @@
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.models import Actor
 from fittrackee.federation.signature import (
+    VALID_SIG_DATE_FORMAT,
     generate_digest,
     generate_signature_header,
 )
 from fittrackee.users.models import User
 
-from ...mixins import ApiTestCaseMixin
-from ...utils import generate_response, get_date_string, random_string
+from ...mixins import ApiTestCaseMixin, RandomMixin
+from ...utils import generate_response
 
 
-class TestSharedInbox(ApiTestCaseMixin):
+class TestSharedInbox(ApiTestCaseMixin, RandomMixin):
     route = '/federation/inbox'
 
     def post_to_shared_inbox(
         self, app_with_federation: Flask, actor: Actor
     ) -> Tuple[Dict, TestResponse]:
         actor.generate_keys()
-        date_str = get_date_string()
+        date_str = self.get_date_string(date_format=VALID_SIG_DATE_FORMAT)
         client = app_with_federation.test_client()
         note_activity: Dict = {
             '@context': AP_CTX,
-            'id': random_string(),
+            'id': self.random_string(),
             'type': ActivityType.CREATE.value,
             'actor': actor.activitypub_id,
             'object': {
@@ -89,9 +90,9 @@ def test_it_returns_401_if_headers_are_missing(
         client = app_with_federation.test_client()
         note_activity = {
             '@context': AP_CTX,
-            'id': random_string(),
+            'id': self.random_string(),
             'type': ActivityType.CREATE.value,
-            'actor': random_string(),
+            'actor': self.random_string(),
             'object': {
                 'type': 'Note',
                 'content': self.random_string(),
@@ -116,9 +117,9 @@ def test_it_returns_401_if_signature_is_invalid(
         client = app_with_federation.test_client()
         note_activity = {
             '@context': AP_CTX,
-            'id': random_string(),
+            'id': self.random_string(),
             'type': ActivityType.CREATE.value,
-            'actor': random_string(),
+            'actor': self.random_string(),
             'object': {
                 'type': 'Note',
                 'content': self.random_string(),
@@ -129,9 +130,9 @@ def test_it_returns_401_if_signature_is_invalid(
             self.route,
             content_type='application/json',
             headers={
-                'Host': random_string(),
-                'Date': random_string(),
-                'Signature': random_string(),
+                'Host': self.random_string(),
+                'Date': self.random_string(),
+                'Signature': self.random_string(),
             },
             data=json.dumps(note_activity),
         )
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index 546ceff64..33522fb8e 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -13,7 +13,7 @@
 from fittrackee.federation.models import Actor
 from fittrackee.federation.signature import (
     VALID_DATE_DELTA,
-    VALID_DATE_FORMAT,
+    VALID_SIG_DATE_FORMAT,
     SignatureVerification,
     generate_digest,
     generate_signature,
@@ -73,7 +73,9 @@ def generate_headers(
             f' host date digest",signature="' + signature + '"'
         )
         if date_str is None:
-            date_str = get_date_string(date)
+            date_str = get_date_string(
+                date_format=VALID_SIG_DATE_FORMAT, date=date
+            )
         headers = {
             'Host': host if host else random_string(),
             'Date': date_str,
@@ -93,7 +95,7 @@ def generate_valid_headers(
     ) -> Dict:
         if date_str is None:
             now = datetime.utcnow()
-            date_str = now.strftime(VALID_DATE_FORMAT)
+            date_str = now.strftime(VALID_SIG_DATE_FORMAT)
         digest = generate_digest(activity)
         signed_header = generate_signature_header(
             host, '/inbox', date_str, actor, digest
@@ -129,7 +131,7 @@ def generate_valid_headers_without_digest(
     ) -> Dict:
         if date_str is None:
             now = datetime.utcnow()
-            date_str = now.strftime(VALID_DATE_FORMAT)
+            date_str = now.strftime(VALID_SIG_DATE_FORMAT)
         signed_header = self._generate_signature_header_without_digest(
             host, '/inbox', date_str, actor
         )
@@ -195,7 +197,7 @@ def test_it_raises_error_if_a_signature_key_is_missing(
         request_with_empty_headers = self.get_request_mock(
             headers={
                 'Host': random_string(),
-                'Date': get_date_string(),
+                'Date': get_date_string(date_format=VALID_SIG_DATE_FORMAT),
                 'Signature': input_signature_headers,
             }
         )
@@ -212,7 +214,7 @@ def test_it_instantiates_signature_verification(self) -> None:
             'headers="(request-target) host date digest",'
             f'signature="' + signature + '"'
         )
-        date_str = get_date_string()
+        date_str = get_date_string(date_format=VALID_SIG_DATE_FORMAT)
         activity = {'foo': 'bar'}
         digest = generate_digest(activity)
         valid_request_mock = self.get_request_mock(
@@ -366,7 +368,7 @@ def test_verify_raises_error_if_http_digest_is_invalid(
             self.get_request_mock(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
-                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    date_str=datetime.utcnow().strftime(VALID_SIG_DATE_FORMAT),
                     algorithm='rsa-sha256',
                     digest=input_digest,
                 ),
@@ -395,7 +397,7 @@ def test_verify_do_not_raise_error_if_http_digest_is_valid(
             self.get_request_mock(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
-                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    date_str=datetime.utcnow().strftime(VALID_SIG_DATE_FORMAT),
                     algorithm=input_algorithm,
                     digest=generate_digest(activity, input_algorithm),
                 ),
@@ -416,7 +418,7 @@ def test_it_raises_error_if_header_actor_is_different_from_activity_actor(
                 self.generate_valid_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     actor=user_1.actor,
-                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    date_str=datetime.utcnow().strftime(VALID_SIG_DATE_FORMAT),
                     activity=self.get_activity(actor=user_2.actor),
                 )
             )
@@ -496,7 +498,7 @@ def test_verify_raises_error_if_algorithm_is_not_supported(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     key_id=actor_1.activitypub_id,
-                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    date_str=datetime.utcnow().strftime(VALID_SIG_DATE_FORMAT),
                     algorithm=algorithm,
                     digest=generate_digest(activity),
                 ),
@@ -524,7 +526,7 @@ def test_verify_raises_error_if_http_digest_is_invalid(
                 self.generate_headers(
                     host=app_with_federation.config['AP_DOMAIN'],
                     key_id=actor_1.activitypub_id,
-                    date_str=datetime.utcnow().strftime(VALID_DATE_FORMAT),
+                    date_str=datetime.utcnow().strftime(VALID_SIG_DATE_FORMAT),
                     algorithm='rsa-sha256',
                     digest=random_string(),
                 ),
diff --git a/fittrackee/tests/federation/federation/test_federation_users_inbox.py b/fittrackee/tests/federation/federation/test_federation_users_inbox.py
index 0ddf54db3..d152bc073 100644
--- a/fittrackee/tests/federation/federation/test_federation_users_inbox.py
+++ b/fittrackee/tests/federation/federation/test_federation_users_inbox.py
@@ -11,6 +11,7 @@
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.models import Actor
 from fittrackee.federation.signature import (
+    VALID_SIG_DATE_FORMAT,
     generate_digest,
     generate_signature_header,
 )
@@ -26,7 +27,7 @@ def post_to_user_inbox(
         app_with_federation: Flask, remote_actor: Actor, local_actor: Actor
     ) -> Tuple[Dict, TestResponse]:
         remote_actor.generate_keys()
-        date_str = get_date_string()
+        date_str = get_date_string(date_format=VALID_SIG_DATE_FORMAT)
         client = app_with_federation.test_client()
         inbox_path = f'/federation/user/{local_actor.preferred_username}/inbox'
         follow_activity: Dict = {
diff --git a/fittrackee/tests/mixins.py b/fittrackee/tests/mixins.py
index 445fe7346..9bd8e7c3d 100644
--- a/fittrackee/tests/mixins.py
+++ b/fittrackee/tests/mixins.py
@@ -1,5 +1,6 @@
 import json
 import sys
+from datetime import datetime
 from typing import Any, Dict, List, Optional, Tuple
 from unittest.mock import Mock
 
@@ -10,7 +11,12 @@
 from fittrackee.federation.models import Actor
 
 from .custom_asserts import assert_errored_response
-from .utils import random_email, random_string
+from .utils import (
+    get_date_string,
+    random_email,
+    random_short_id,
+    random_string,
+)
 
 
 class BaseTestMixin:
@@ -54,6 +60,17 @@ def random_string(
     def random_email() -> str:
         return random_email()
 
+    @staticmethod
+    def random_short_id() -> str:
+        return random_short_id()
+
+    @staticmethod
+    def get_date_string(
+        date_format: str,
+        date: Optional[datetime] = None,
+    ) -> str:
+        return get_date_string(date_format, date)
+
 
 class ApiTestCaseMixin(RandomMixin):
     @staticmethod
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 37308d357..e0cdab447 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -4,13 +4,14 @@
 from datetime import datetime
 from json import dumps, loads
 from typing import Dict, Optional, Union
+from uuid import uuid4
 
 from flask import json as flask_json
 from requests import Response
 
 from fittrackee import db
-from fittrackee.federation.signature import VALID_DATE_FORMAT
 from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.utils.short_id import encode_uuid
 
 
 def random_string(
@@ -39,15 +40,22 @@ def random_domain() -> str:
     return random_string(suffix='.social')
 
 
-def get_date_string(date: Optional[datetime] = None) -> str:
+def get_date_string(
+    date_format: str,
+    date: Optional[datetime] = None,
+) -> str:
     date = date if date else datetime.utcnow()
-    return date.strftime(VALID_DATE_FORMAT)
+    return date.strftime(date_format)
 
 
 def random_email() -> str:
     return random_string(suffix='@example.com')
 
 
+def random_short_id() -> str:
+    return encode_uuid(uuid4())
+
+
 def get_remote_user_object(
     username: str,
     preferred_username: str,
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index e0307e161..0d141a1af 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -10,8 +10,7 @@
 from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
 
 from ..mixins import ApiTestCaseMixin
-from ..utils import jsonify_dict, random_string
-from .utils import get_random_short_id
+from ..utils import jsonify_dict
 
 
 class GetWorkoutGpxAsFollowerMixin:
@@ -133,7 +132,7 @@ class TestGetWorkoutAsUser(GetWorkoutTestCase):
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        short_id = get_random_short_id()
+        short_id = self.random_short_id()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -209,7 +208,7 @@ class TestGetWorkoutAsUnauthenticatedUser(GetWorkoutTestCase):
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask
     ) -> None:
-        short_id = get_random_short_id()
+        short_id = self.random_short_id()
         client = app.test_client()
 
         response = client.get(
@@ -306,7 +305,7 @@ def test_it_returns_owner_workout_gpx(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        gpx_content = random_string()
+        gpx_content = self.random_string()
         workout_cycling_user_1.gpx = 'file.gpx'
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
@@ -347,7 +346,9 @@ def test_it_returns_404_when_map_visibility_is_private(
             app, user_1.email
         )
         with patch(
-            'builtins.open', new_callable=mock_open, read_data=random_string()
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=self.random_string(),
         ):
 
             response = client.get(
@@ -383,7 +384,7 @@ def test_it_returns_followed_user_workout_gpx(
         self.init_test_data(
             workout_cycling_user_2, input_map_visibility, user_1, user_2
         )
-        gpx_content = random_string()
+        gpx_content = self.random_string()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -409,7 +410,7 @@ class TestGetWorkoutGpxAsUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -447,7 +448,9 @@ def test_it_returns_404_when_map_visibility_is_not_public(
             app, user_1.email
         )
         with patch(
-            'builtins.open', new_callable=mock_open, read_data=random_string()
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=self.random_string(),
         ):
 
             response = client.get(
@@ -471,7 +474,7 @@ def test_it_returns_gpx_when_map_visibility_is_public(
         workout_cycling_user_2: Workout,
     ) -> None:
         self.init_test_data(workout_cycling_user_2, PrivacyLevel.PUBLIC)
-        gpx_content = random_string()
+        gpx_content = self.random_string()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -497,7 +500,7 @@ class TestGetWorkoutGpxAsUnauthenticatedUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client = app.test_client()
 
         response = client.get(
@@ -528,7 +531,9 @@ def test_it_returns_404_when_map_visibility_is_not_public(
         self.init_test_data(workout_cycling_user_1, input_map_visibility)
         client = app.test_client()
         with patch(
-            'builtins.open', new_callable=mock_open, read_data=random_string()
+            'builtins.open',
+            new_callable=mock_open,
+            read_data=self.random_string(),
         ):
             response = client.get(
                 self.route.format(
@@ -548,7 +553,7 @@ def test_it_returns_gpx_when_map_visibility_is_public(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        gpx_content = random_string()
+        gpx_content = self.random_string()
         self.init_test_data(workout_cycling_user_1, PrivacyLevel.PUBLIC)
         client = app.test_client()
         with patch(
@@ -722,7 +727,7 @@ class TestGetWorkoutChartDataAsUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -807,7 +812,7 @@ class TestGetWorkoutChartDataAsUnauthenticatedUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client = app.test_client()
 
         response = client.get(
@@ -1052,7 +1057,7 @@ class TestGetWorkoutSegmentGpxAsUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -1147,7 +1152,7 @@ class TestGetWorkoutSegmentGpxAsUnauthenticatedUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client = app.test_client()
 
         response = client.get(
@@ -1387,7 +1392,7 @@ class TestGetWorkoutSegmentChartDataAsUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask, user_1: User
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -1475,7 +1480,7 @@ class TestGetWorkoutSegmentChartDataAsUnauthenticatedUser(
     def test_it_returns_404_if_workout_does_not_exist(
         self, app: Flask
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client = app.test_client()
 
         response = client.get(
@@ -1550,7 +1555,7 @@ class TestGetWorkoutMap(ApiTestCaseMixin):
     def test_it_returns_404_if_workout_has_no_map(self, app: Flask) -> None:
         client = app.test_client()
         response = client.get(
-            f'/api/workouts/map/{random_string()}',
+            f'/api/workouts/map/{self.random_string()}',
         )
 
         self.assert_404_with_message(response, 'Map does not exist')
@@ -1562,8 +1567,8 @@ def test_it_calls_send_from_directory_if_workout_has_map(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        map_id = random_string()
-        map_file_path = random_string()
+        map_id = self.random_string()
+        map_file_path = self.random_string()
         workout_cycling_user_1.map_id = map_id
         workout_cycling_user_1.map = map_file_path
         client = app.test_client()
@@ -1674,7 +1679,7 @@ def test_it_returns_404_if_workout_does_not_exist(
         app: Flask,
         user_1: User,
     ) -> None:
-        random_short_id = get_random_short_id()
+        random_short_id = self.random_short_id()
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 8900f968a..3302aa1d8 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -11,7 +11,7 @@
 
 from ..mixins import ApiTestCaseMixin
 from ..utils import jsonify_dict
-from .utils import get_random_short_id, post_a_workout
+from .utils import post_a_workout
 
 
 def assert_workout_data_with_gpx(
@@ -791,7 +791,7 @@ def test_it_returns_404_if_edited_workout_does_not_exists(
             app, user_1.email
         )
         response = client.patch(
-            f'/api/workouts/{get_random_short_id()}',
+            f'/api/workouts/{self.random_short_id()}',
             content_type='application/json',
             data=json.dumps(
                 dict(
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index 291d4a5b5..701febfbb 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -9,7 +9,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..mixins import ApiTestCaseMixin
-from .utils import get_random_short_id, post_a_workout
+from .utils import post_a_workout
 
 
 def get_gpx_filepath(workout_id: int) -> str:
@@ -146,7 +146,7 @@ def test_it_returns_404_if_workout_does_not_exist(
         )
 
         response = client.delete(
-            f'/api/workouts/{get_random_short_id()}',
+            f'/api/workouts/{self.random_short_id()}',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index af165189e..50bca1e6b 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -1,16 +1,10 @@
 import json
 from io import BytesIO
 from typing import Optional, Tuple
-from uuid import uuid4
 
 from flask import Flask
 
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.workouts.utils.short_id import encode_uuid
-
-
-def get_random_short_id() -> str:
-    return encode_uuid(uuid4())
 
 
 def post_a_workout(

From 1a53958a1ac0af6430d2630d90a548b63c89f90a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 18:18:16 +0200
Subject: [PATCH 134/238] API - init remote workout creation (WIP)

---
 fittrackee/federation/activities/actions.py   |  36 ++++-
 fittrackee/federation/activities/workout.py   |  10 +-
 .../test_federation_activities_actions.py     | 123 +++++++++++++++++-
 .../test_federation_activities_workout.py     |  23 ++--
 fittrackee/tests/mixins.py                    |   5 +
 fittrackee/tests/utils.py                     |   8 ++
 fittrackee/workouts/constants.py              |   1 +
 fittrackee/workouts/exceptions.py             |   4 +
 fittrackee/workouts/utils/workouts.py         |   7 +-
 9 files changed, 190 insertions(+), 27 deletions(-)
 create mode 100644 fittrackee/workouts/constants.py

diff --git a/fittrackee/federation/activities/actions.py b/fittrackee/federation/activities/actions.py
index bc3181727..d560e309e 100644
--- a/fittrackee/federation/activities/actions.py
+++ b/fittrackee/federation/activities/actions.py
@@ -1,7 +1,7 @@
 from abc import ABC, abstractmethod
 from typing import Dict, Tuple
 
-from fittrackee import appLog
+from fittrackee import appLog, db
 from fittrackee.federation.exceptions import ActorNotFoundException
 from fittrackee.federation.models import Actor
 from fittrackee.federation.utils.user import (
@@ -13,6 +13,9 @@
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
+from fittrackee.workouts.exceptions import SportNotFoundException
+from fittrackee.workouts.models import Sport
+from fittrackee.workouts.utils.workouts import create_workout
 
 
 class AbstractActivity(ABC):
@@ -26,11 +29,9 @@ def activity_name(self) -> str:
     def process_activity(self) -> None:
         pass
 
-    def get_actors(
-        self, create_remote_actor: bool = False
-    ) -> Tuple[Actor, Actor]:
+    def get_actor(self, create_remote_actor: bool = False) -> Actor:
         """
-        return actors from activity 'actor' and 'object'
+        return actor from activity
         """
         actor = Actor.query.filter_by(
             activitypub_id=self.activity['actor']
@@ -48,6 +49,15 @@ def get_actors(
                 raise ActorNotFoundException(
                     f'actor not found for {self.activity_name()}'
                 )
+        return actor
+
+    def get_actors(
+        self, create_remote_actor: bool = False
+    ) -> Tuple[Actor, Actor]:
+        """
+        return actors from activity 'actor' and 'object'
+        """
+        actor = self.get_actor(create_remote_actor)
 
         if isinstance(self.activity['object'], str):
             object_actor_activitypub_id = self.activity['object']
@@ -140,5 +150,19 @@ def undoes_follow(self) -> None:
 
 
 class CreateActivity(AbstractActivity):
+    def create_remote_workout(self, actor: Actor) -> None:
+        workout_data = self.activity['object']
+        sport_id = workout_data['sport_id']
+        if not sport_id:
+            raise SportNotFoundException()
+        sport = Sport.query.filter_by(id=sport_id).first()
+        if not sport:
+            raise SportNotFoundException()
+        new_workout = create_workout(actor.user, workout_data)
+        db.session.add(new_workout)
+        db.session.commit()
+
     def process_activity(self) -> None:
-        pass
+        actor = self.get_actor()
+        if self.activity['object']['type'] == 'Workout':
+            self.create_remote_workout(actor=actor)
diff --git a/fittrackee/federation/activities/workout.py b/fittrackee/federation/activities/workout.py
index ee53c95cf..e2d64f87c 100644
--- a/fittrackee/federation/activities/workout.py
+++ b/fittrackee/federation/activities/workout.py
@@ -1,6 +1,7 @@
 from typing import TYPE_CHECKING, Dict
 
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import PrivateWorkoutException
 
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
@@ -83,18 +84,17 @@ def serialize(self, is_note: bool = False) -> Dict:
                 **activity['object'],
                 **{
                     'type': 'Workout',
-                    'ascent': self.workout.ascent,
-                    'descent': self.workout.descent,
+                    'ave_speed': self.workout.ave_speed,
                     'distance': self.workout.distance,
                     'duration': self.workout.duration,
-                    'max_alt': self.workout.max_alt,
-                    'min_alt': self.workout.min_alt,
+                    'max_speed': self.workout.max_speed,
                     'moving': self.workout.moving,
                     'sport_id': self.workout.sport_id,
                     'title': self.workout.title,
                     'workout_date': self.workout.workout_date.strftime(
-                        DATE_FORMAT
+                        WORKOUT_DATE_FORMAT
                     ),
+                    'workout_visibility': self.workout.workout_visibility,
                 },
             }
         return self._update_activity_recipients(activity)
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_actions.py b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
index 0357b89ef..5a7c3114e 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_actions.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
@@ -1,10 +1,11 @@
+from datetime import datetime
 from typing import Dict, Optional, Union
 from unittest.mock import patch
 
 import pytest
 from flask import Flask
 
-from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
     ActorNotFoundException,
@@ -12,19 +13,24 @@
 )
 from fittrackee.federation.models import Actor
 from fittrackee.federation.tasks.activity import get_activity_instance
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
 from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
+from fittrackee.workouts.exceptions import SportNotFoundException
+from fittrackee.workouts.models import Sport, Workout
 
-from ...utils import RandomActor, random_string
+from ...mixins import RandomMixin
+from ...utils import RandomActor
 
 SUPPORTED_ACTIVITIES = [(f'{a.value} activity', a.value) for a in ActivityType]
 
 
-class TestActivityInstantiation:
+class TestActivityInstantiation(RandomMixin):
     @pytest.mark.parametrize(
         'input_description,input_type', SUPPORTED_ACTIVITIES
     )
@@ -37,7 +43,7 @@ def test_it_instantiates_activity_from_activity_dict(
 
     def test_it_raises_exception_if_activity_type_is_invalid(self) -> None:
         with pytest.raises(UnsupportedActivityException):
-            get_activity_instance({'type': random_string()})
+            get_activity_instance({'type': self.random_string()})
 
 
 class FollowRequestActivitiesTestCase:
@@ -489,3 +495,112 @@ def test_it_undoes_follow_request_regardless_its_status(
         ).first()
 
         assert follow_request is None
+
+
+class WorkoutActivitiesTestCase(RandomMixin):
+    def generate_workout_create_activity(
+        self, remote_actor: RandomActor, sport_id: int
+    ) -> Dict:
+        workout_date = datetime.utcnow().strftime(WORKOUT_DATE_FORMAT)
+        workout_distance = self.random_int(max_value=999)
+        workout_short_id = self.random_short_id()
+        workout_url = (
+            f'https://{remote_actor.domain}/workouts/{workout_short_id}'
+        )
+        published = datetime.utcnow().strftime(DATE_FORMAT)
+        return {
+            '@context': AP_CTX,
+            'id': (
+                f'{remote_actor.activitypub_id}/workouts/'
+                f'{workout_short_id}/activity'
+            ),
+            'type': 'Create',
+            'actor': remote_actor.activitypub_id,
+            'published': published,
+            'to': [remote_actor.followers_url],
+            'cc': [],
+            'object': {
+                'id': (
+                    f'{remote_actor.activitypub_id}/workouts/'
+                    f'{workout_short_id}'
+                ),
+                'type': 'Workout',
+                'published': published,
+                'url': workout_url,
+                'attributedTo': remote_actor.activitypub_id,
+                'to': [remote_actor.followers_url],
+                'cc': [],
+                'ave_speed': workout_distance,
+                'distance': workout_distance,
+                'duration': 3600,
+                'max_speed': workout_distance,
+                'moving': workout_distance,
+                'sport_id': sport_id,
+                'title': self.random_string(),
+                'workout_date': workout_date,
+                'workout_visibility': PrivacyLevel.FOLLOWERS.value,
+            },
+        }
+
+
+class TestCreateActivityForWorkout(WorkoutActivitiesTestCase):
+    def test_it_raises_error_if_workout_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        random_actor: RandomActor,
+        sport_1_cycling: Sport,
+    ) -> None:
+
+        workout_activity = self.generate_workout_create_activity(
+            remote_actor=random_actor, sport_id=sport_1_cycling.id
+        )
+        activity = get_activity_instance({'type': workout_activity['type']})(
+            activity_dict=workout_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for CreateActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_sport_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        workout_activity = self.generate_workout_create_activity(
+            remote_actor=remote_user.actor, sport_id=self.random_int()
+        )
+        activity = get_activity_instance({'type': workout_activity['type']})(
+            activity_dict=workout_activity
+        )
+
+        with pytest.raises(SportNotFoundException):
+            activity.process_activity()
+
+    def test_it_creates_remote_workout_without_gpx(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_activity = self.generate_workout_create_activity(
+            remote_actor=remote_user.actor, sport_id=sport_1_cycling.id
+        )
+        activity = get_activity_instance({'type': workout_activity['type']})(
+            activity_dict=workout_activity
+        )
+
+        activity.process_activity()
+
+        remote_workout = Workout.query.filter_by(
+            user_id=remote_user.id, sport_id=sport_1_cycling.id
+        ).first()
+        assert (
+            remote_workout.distance == workout_activity['object']['distance']
+        )
+        assert (
+            remote_workout.workout_visibility
+            == workout_activity['object']['workout_visibility']
+        )
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_workout.py b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
index 137d881ba..946aa8feb 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
@@ -6,6 +6,7 @@
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.mixins import RandomMixin
 from fittrackee.users.models import User
+from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import PrivateWorkoutException
 from fittrackee.workouts.models import Sport, Workout
 
@@ -63,17 +64,18 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
                 'cc': [],
-                'ascent': workout_cycling_user_1.ascent,
-                'descent': workout_cycling_user_1.descent,
+                'ave_speed': workout_cycling_user_1.ave_speed,
                 'distance': workout_cycling_user_1.distance,
                 'duration': workout_cycling_user_1.duration,
-                'max_alt': workout_cycling_user_1.max_alt,
-                'min_alt': workout_cycling_user_1.min_alt,
+                'max_speed': workout_cycling_user_1.max_speed,
                 'moving': workout_cycling_user_1.moving,
                 'sport_id': workout_cycling_user_1.sport_id,
                 'title': workout_cycling_user_1.title,
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
-                    DATE_FORMAT
+                    WORKOUT_DATE_FORMAT
+                ),
+                'workout_visibility': (
+                    workout_cycling_user_1.workout_visibility
                 ),
             },
         }
@@ -114,17 +116,18 @@ def test_it_generates_create_activity_when_visibility_is_public(
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
-                'ascent': workout_cycling_user_1.ascent,
-                'descent': workout_cycling_user_1.descent,
+                'ave_speed': float(workout_cycling_user_1.ave_speed),
                 'distance': workout_cycling_user_1.distance,
                 'duration': workout_cycling_user_1.duration,
-                'max_alt': workout_cycling_user_1.max_alt,
-                'min_alt': workout_cycling_user_1.min_alt,
+                'max_speed': float(workout_cycling_user_1.max_speed),
                 'moving': workout_cycling_user_1.moving,
                 'sport_id': workout_cycling_user_1.sport_id,
                 'title': workout_cycling_user_1.title,
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
-                    DATE_FORMAT
+                    WORKOUT_DATE_FORMAT
+                ),
+                'workout_visibility': (
+                    workout_cycling_user_1.workout_visibility
                 ),
             },
         }
diff --git a/fittrackee/tests/mixins.py b/fittrackee/tests/mixins.py
index 9bd8e7c3d..b1d77bce0 100644
--- a/fittrackee/tests/mixins.py
+++ b/fittrackee/tests/mixins.py
@@ -14,6 +14,7 @@
 from .utils import (
     get_date_string,
     random_email,
+    random_int,
     random_short_id,
     random_string,
 )
@@ -60,6 +61,10 @@ def random_string(
     def random_email() -> str:
         return random_email()
 
+    @staticmethod
+    def random_int(min_value: int = 0, max_value: int = 999999) -> int:
+        return random_int(min_value, max_value)
+
     @staticmethod
     def random_short_id() -> str:
         return random_short_id()
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index e0cdab447..5794ee357 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -52,6 +52,10 @@ def random_email() -> str:
     return random_string(suffix='@example.com')
 
 
+def random_int(min_value: int = 0, max_value: int = 999999) -> int:
+    return random.randint(min_value, max_value)
+
+
 def random_short_id() -> str:
     return encode_uuid(uuid4())
 
@@ -118,6 +122,10 @@ def activitypub_id(self) -> str:
     def profile_url(self) -> str:
         return f'{self.domain}/{self.preferred_username}'
 
+    @property
+    def followers_url(self) -> str:
+        return f'{self.domain}/users/{self.preferred_username}/followers'
+
     def get_remote_user_object(self, with_icon: bool = False) -> Dict:
         return get_remote_user_object(
             self.name,
diff --git a/fittrackee/workouts/constants.py b/fittrackee/workouts/constants.py
new file mode 100644
index 000000000..0faa32746
--- /dev/null
+++ b/fittrackee/workouts/constants.py
@@ -0,0 +1 @@
+WORKOUT_DATE_FORMAT = '%Y-%m-%d %H:%M'
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index 377179944..c9255eaea 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -5,6 +5,10 @@ class PrivateWorkoutException(Exception):
     ...
 
 
+class SportNotFoundException(Exception):
+    ...
+
+
 class WorkoutException(GenericException):
     ...
 
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index 1c778836d..ba7205477 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -17,6 +17,7 @@
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 from fittrackee.users.models import User, UserSportPreference
 
+from ..constants import WORKOUT_DATE_FORMAT
 from ..exceptions import WorkoutException
 from ..models import Sport, Workout, WorkoutSegment
 from .gpx import get_gpx_info
@@ -96,7 +97,9 @@ def create_workout(
     workout_date = (
         gpx_data['start']
         if gpx_data
-        else datetime.strptime(workout_data['workout_date'], '%Y-%m-%d %H:%M')
+        else datetime.strptime(
+            workout_data['workout_date'], WORKOUT_DATE_FORMAT
+        )
     )
     workout_date_tz, workout_date = get_datetime_with_tz(
         user.timezone, workout_date, gpx_data
@@ -217,7 +220,7 @@ def edit_workout(
     if not workout.gpx:
         if workout_data.get('workout_date'):
             workout_date = datetime.strptime(
-                workout_data['workout_date'], '%Y-%m-%d %H:%M'
+                workout_data['workout_date'], WORKOUT_DATE_FORMAT
             )
             _, workout.workout_date = get_datetime_with_tz(
                 auth_user.timezone, workout_date

From d9870811e803c1d9213f8f85d469cb0530e95b5f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 May 2022 18:42:34 +0200
Subject: [PATCH 135/238] API - send activities for workouts w/o gpx to remote
 instance inboxes

---
 .../workouts/test_workouts_api_post.py        | 172 ++++++++++++++++++
 fittrackee/workouts/workouts.py               |  23 +++
 2 files changed, 195 insertions(+)
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_api_post.py

diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
new file mode 100644
index 000000000..89abd019b
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -0,0 +1,172 @@
+import json
+from unittest.mock import Mock, patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.utils import generate_follow_request
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
+from fittrackee.workouts.models import Sport
+
+from ...mixins import ApiTestCaseMixin
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestFederationPostWorkoutWithoutGpx(ApiTestCaseMixin):
+    def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                    workout_visibility=PrivacyLevel.FOLLOWERS.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_does_not_call_sent_to_inbox_if_workout_is_private(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date=self.get_date_string(
+                        date_format=WORKOUT_DATE_FORMAT
+                    ),
+                    distance=10,
+                    workout_visibility=PrivacyLevel.PRIVATE.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date=self.get_date_string(
+                        date_format=WORKOUT_DATE_FORMAT
+                    ),
+                    distance=10,
+                    workout_visibility=workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        workout_activity, _ = user_1.workouts[0].get_activities()
+        send_to_remote_inbox_mock.send.assert_called_once()
+        send_to_remote_inbox_mock.send.assert_called_with(
+            sender_id=user_1.actor.id,
+            activity=workout_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                    workout_visibility=workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        _, note_activity = user_1.workouts[0].get_activities()
+        send_to_remote_inbox_mock.send.assert_called_once()
+        send_to_remote_inbox_mock.send.assert_called_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user_2.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index cdf1cb04f..d62fd590b 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -17,6 +17,8 @@
 from werkzeug.utils import secure_filename
 
 from fittrackee import appLog, db
+from fittrackee.federation.tasks.inbox import send_to_remote_inbox
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.responses import (
     DataInvalidPayloadErrorResponse,
     DataNotFoundErrorResponse,
@@ -1157,6 +1159,27 @@ def post_workout_no_gpx(
         db.session.add(new_workout)
         db.session.commit()
 
+        if (
+            current_app.config['federation_enabled']
+            and new_workout.workout_visibility != PrivacyLevel.PRIVATE
+        ):
+            sender_id = new_workout.user.actor.id
+            workout_activity, note_activity = new_workout.get_activities()
+            recipients = new_workout.user.get_followers_shared_inboxes()
+
+            if recipients['fittrackee']:
+                send_to_remote_inbox.send(
+                    sender_id=sender_id,
+                    activity=workout_activity,
+                    recipients=list(recipients['fittrackee']),
+                )
+            if recipients['others']:
+                send_to_remote_inbox.send(
+                    sender_id=sender_id,
+                    activity=note_activity,
+                    recipients=list(recipients['others']),
+                )
+
         return (
             {
                 'status': 'created',

From efb7791a6797c2c8dfaece2aa09887d93e13b5ee Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Jun 2022 19:19:10 +0200
Subject: [PATCH 136/238] API - fix workout creation on remote fittrackee
 instances (WIP)

---
 fittrackee/federation/activities/actions.py   |  6 +-
 fittrackee/federation/activities/workout.py   | 32 +++++-
 fittrackee/federation/exceptions.py           | 10 ++
 .../test_federation_activities_actions.py     |  4 +-
 .../test_federation_activities_workout.py     | 97 +++++++++++++++++--
 5 files changed, 132 insertions(+), 17 deletions(-)

diff --git a/fittrackee/federation/activities/actions.py b/fittrackee/federation/activities/actions.py
index d560e309e..b56a8ec60 100644
--- a/fittrackee/federation/activities/actions.py
+++ b/fittrackee/federation/activities/actions.py
@@ -17,6 +17,8 @@
 from fittrackee.workouts.models import Sport
 from fittrackee.workouts.utils.workouts import create_workout
 
+from .workout import convert_workout_activity
+
 
 class AbstractActivity(ABC):
     def __init__(self, activity_dict: Dict) -> None:
@@ -158,7 +160,9 @@ def create_remote_workout(self, actor: Actor) -> None:
         sport = Sport.query.filter_by(id=sport_id).first()
         if not sport:
             raise SportNotFoundException()
-        new_workout = create_workout(actor.user, workout_data)
+        new_workout = create_workout(
+            actor.user, convert_workout_activity(workout_data)
+        )
         db.session.add(new_workout)
         db.session.commit()
 
diff --git a/fittrackee/federation/activities/workout.py b/fittrackee/federation/activities/workout.py
index e2d64f87c..357ca69cc 100644
--- a/fittrackee/federation/activities/workout.py
+++ b/fittrackee/federation/activities/workout.py
@@ -6,6 +6,7 @@
 
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from ..enums import ActivityType
+from ..exceptions import InvalidWorkoutException
 from .base_object import ActivityObject
 from .templates.workout_note import WORKOUT_NOTE
 
@@ -84,11 +85,11 @@ def serialize(self, is_note: bool = False) -> Dict:
                 **activity['object'],
                 **{
                     'type': 'Workout',
-                    'ave_speed': self.workout.ave_speed,
-                    'distance': self.workout.distance,
-                    'duration': self.workout.duration,
-                    'max_speed': self.workout.max_speed,
-                    'moving': self.workout.moving,
+                    'ave_speed': float(self.workout.ave_speed),
+                    'distance': float(self.workout.distance),
+                    'duration': str(self.workout.duration),
+                    'max_speed': float(self.workout.max_speed),
+                    'moving': str(self.workout.moving),
                     'sport_id': self.workout.sport_id,
                     'title': self.workout.title,
                     'workout_date': self.workout.workout_date.strftime(
@@ -98,3 +99,24 @@ def serialize(self, is_note: bool = False) -> Dict:
                 },
             }
         return self._update_activity_recipients(activity)
+
+
+def convert_duration_string_to_seconds(duration_str: str) -> int:
+    try:
+        hour, minutes, seconds = duration_str.split(':')
+        duration = int(hour) * 3600 + int(minutes) * 60 + int(seconds)
+    except Exception as e:
+        raise InvalidWorkoutException(
+            f'duration or moving format is invalid ({e})'
+        )
+    return duration
+
+
+def convert_workout_activity(workout_data: Dict) -> Dict:
+    return {
+        **workout_data,
+        'duration': convert_duration_string_to_seconds(
+            workout_data['duration']
+        ),
+        'moving': convert_duration_string_to_seconds(workout_data['moving']),
+    }
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index ac9dc3f73..52f8b2d13 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -32,6 +32,16 @@ def __init__(self, message: Optional[str] = None) -> None:
         )
 
 
+class InvalidWorkoutException(GenericException):
+    def __init__(self, message: Optional[str] = None) -> None:
+        super().__init__(
+            status='error',
+            message=(
+                f'Invalid workout data{f": {message}" if message else ""}.'
+            ),
+        )
+
+
 class SenderNotFoundException(GenericException):
     def __init__(self) -> None:
         super().__init__(
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_actions.py b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
index 5a7c3114e..0a52cded4 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_actions.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
@@ -532,9 +532,9 @@ def generate_workout_create_activity(
                 'cc': [],
                 'ave_speed': workout_distance,
                 'distance': workout_distance,
-                'duration': 3600,
+                'duration': '01:00:00',
                 'max_speed': workout_distance,
-                'moving': workout_distance,
+                'moving': '01:00:00',
                 'sport_id': sport_id,
                 'title': self.random_string(),
                 'workout_date': workout_date,
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_workout.py b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
index 946aa8feb..c9ec070eb 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_workout.py
@@ -1,8 +1,15 @@
+from typing import Any
+
 import pytest
 from flask import Flask
 
-from fittrackee.federation.activities.workout import WorkoutObject
+from fittrackee.federation.activities.workout import (
+    WorkoutObject,
+    convert_duration_string_to_seconds,
+    convert_workout_activity,
+)
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
+from fittrackee.federation.exceptions import InvalidWorkoutException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.mixins import RandomMixin
 from fittrackee.users.models import User
@@ -64,11 +71,11 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
                 'cc': [],
-                'ave_speed': workout_cycling_user_1.ave_speed,
-                'distance': workout_cycling_user_1.distance,
-                'duration': workout_cycling_user_1.duration,
-                'max_speed': workout_cycling_user_1.max_speed,
-                'moving': workout_cycling_user_1.moving,
+                'ave_speed': float(workout_cycling_user_1.ave_speed),
+                'distance': float(workout_cycling_user_1.distance),
+                'duration': str(workout_cycling_user_1.duration),
+                'max_speed': float(workout_cycling_user_1.max_speed),
+                'moving': str(workout_cycling_user_1.moving),
                 'sport_id': workout_cycling_user_1.sport_id,
                 'title': workout_cycling_user_1.title,
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
@@ -117,10 +124,10 @@ def test_it_generates_create_activity_when_visibility_is_public(
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
                 'ave_speed': float(workout_cycling_user_1.ave_speed),
-                'distance': workout_cycling_user_1.distance,
-                'duration': workout_cycling_user_1.duration,
+                'distance': float(workout_cycling_user_1.distance),
+                'duration': str(workout_cycling_user_1.duration),
                 'max_speed': float(workout_cycling_user_1.max_speed),
-                'moving': workout_cycling_user_1.moving,
+                'moving': str(workout_cycling_user_1.moving),
                 'sport_id': workout_cycling_user_1.sport_id,
                 'title': workout_cycling_user_1.title,
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
@@ -237,3 +244,75 @@ def test_it_returns_note_activity_when_visibility_is_public(
                 'cc': [user_1.actor.followers_url],
             },
         }
+
+
+class TestWorkoutConvertDurationStringToSeconds:
+    @pytest.mark.parametrize(
+        'input_duration,expected_seconds',
+        [
+            ('0:00:00', 0),
+            ('1:00:00', 3600),
+            ('01:00:00', 3600),
+            ('00:30:00', 1800),
+            ('00:00:10', 10),
+            ('01:20:30', 4830),
+        ],
+    )
+    def test_it_converts_duration_string_into_seconds(
+        self, input_duration: str, expected_seconds: int
+    ) -> None:
+        assert (
+            convert_duration_string_to_seconds(duration_str=input_duration)
+            == expected_seconds
+        )
+
+    @pytest.mark.parametrize(
+        'input_duration',
+        ['', '1:00', 3600, None],
+    )
+    def test_it_raises_exception_if_duration_is_invalid(
+        self, input_duration: Any
+    ) -> None:
+        with pytest.raises(
+            InvalidWorkoutException,
+            match='Invalid workout data: duration or moving format is invalid',
+        ):
+            convert_duration_string_to_seconds(duration_str=input_duration)
+
+
+class TestWorkoutConvertWorkoutActivity(RandomMixin):
+    def test_it_convert_workout_data_from_activity(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_activity_object = {
+            'id': self.random_string(),
+            'type': 'Workout',
+            'published': workout_cycling_user_1.creation_date.strftime(
+                DATE_FORMAT
+            ),
+            'url': self.random_string(),
+            'attributedTo': user_1.actor.activitypub_id,
+            'to': [user_1.actor.followers_url],
+            'cc': [],
+            'ave_speed': float(workout_cycling_user_1.ave_speed),
+            'distance': float(workout_cycling_user_1.distance),
+            'duration': str(workout_cycling_user_1.duration),
+            'max_speed': float(workout_cycling_user_1.max_speed),
+            'moving': str(workout_cycling_user_1.moving),
+            'sport_id': workout_cycling_user_1.sport_id,
+            'title': workout_cycling_user_1.title,
+            'workout_date': workout_cycling_user_1.workout_date.strftime(
+                WORKOUT_DATE_FORMAT
+            ),
+            'workout_visibility': workout_cycling_user_1.workout_visibility,
+        }
+
+        assert convert_workout_activity(workout_activity_object) == {
+            **workout_activity_object,
+            'duration': workout_cycling_user_1.duration.seconds,
+            'moving': workout_cycling_user_1.moving.seconds,
+        }

From 716618d6ec68b2e33ce8be0c83d48bcb050efff4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Jun 2022 20:53:19 +0200
Subject: [PATCH 137/238] API - store remote url if workout from remote
 fittrackee instances

---
 .../24_8842c351a2d8_init_federation.py        |  5 +++
 .../test_federation_activities_actions.py     | 35 ++++++++++++++++---
 fittrackee/tests/users/test_users_model.py    | 16 ++++-----
 .../tests/workouts/test_workouts_model.py     |  2 ++
 fittrackee/workouts/models.py                 |  3 ++
 fittrackee/workouts/utils/workouts.py         |  1 +
 6 files changed, 50 insertions(+), 12 deletions(-)

diff --git a/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
index 19f64a5b6..46cb4b6a1 100644
--- a/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/24_8842c351a2d8_init_federation.py
@@ -227,6 +227,10 @@ def upgrade():
         sa.PrimaryKeyConstraint('follower_user_id', 'followed_user_id'),
     )
 
+    op.add_column(
+        'workouts',
+        sa.Column('remote_url', sa.String(length=255), nullable=True)
+    )
     op.add_column(
         'workouts',
         sa.Column(
@@ -257,6 +261,7 @@ def upgrade():
 def downgrade():
     op.drop_column('workouts', 'map_visibility')
     op.drop_column('workouts', 'workout_visibility')
+    op.drop_column('workouts', 'remote_url')
 
     op.drop_table('follow_requests')
 
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_actions.py b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
index 0a52cded4..e68dd6be5 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_actions.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
@@ -499,14 +499,17 @@ def test_it_undoes_follow_request_regardless_its_status(
 
 class WorkoutActivitiesTestCase(RandomMixin):
     def generate_workout_create_activity(
-        self, remote_actor: RandomActor, sport_id: int
+        self, remote_actor: Union[RandomActor, Actor], sport_id: int
     ) -> Dict:
+        remote_domain = (
+            remote_actor.domain
+            if isinstance(remote_actor, RandomActor)
+            else f'https://{remote_actor.domain.name}'
+        )
         workout_date = datetime.utcnow().strftime(WORKOUT_DATE_FORMAT)
         workout_distance = self.random_int(max_value=999)
         workout_short_id = self.random_short_id()
-        workout_url = (
-            f'https://{remote_actor.domain}/workouts/{workout_short_id}'
-        )
+        workout_url = f'{remote_domain}/workouts/{workout_short_id}'
         published = datetime.utcnow().strftime(DATE_FORMAT)
         return {
             '@context': AP_CTX,
@@ -597,6 +600,7 @@ def test_it_creates_remote_workout_without_gpx(
         remote_workout = Workout.query.filter_by(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
         ).first()
+        assert remote_workout.remote_url == workout_activity['object']['url']
         assert (
             remote_workout.distance == workout_activity['object']['distance']
         )
@@ -604,3 +608,26 @@ def test_it_creates_remote_workout_without_gpx(
             remote_workout.workout_visibility
             == workout_activity['object']['workout_visibility']
         )
+
+    def test_serializer_returns_remote_url(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_activity = self.generate_workout_create_activity(
+            remote_actor=remote_user.actor, sport_id=sport_1_cycling.id
+        )
+        activity = get_activity_instance({'type': workout_activity['type']})(
+            activity_dict=workout_activity
+        )
+        activity.process_activity()
+
+        remote_workout = Workout.query.filter_by(
+            user_id=remote_user.id, sport_id=sport_1_cycling.id
+        ).first()
+        assert (
+            remote_workout.serialize(user_1)['remote_url']
+            == remote_workout.remote_url
+        )
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index d8aa2b997..38802a694 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -249,15 +249,15 @@ def test_it_returns_user_records(
     ) -> None:
         serialized_user = user_1.serialize(user_1)
         assert len(serialized_user['records']) == 4
-        assert serialized_user['records'][0]['record_type'] == 'AS'
-        assert serialized_user['records'][0]['sport_id'] == sport_1_cycling.id
-        assert serialized_user['records'][0]['user'] == user_1.username
-        assert serialized_user['records'][0]['value'] > 0
-        assert (
-            serialized_user['records'][0]['workout_id']
-            == workout_cycling_user_1.short_id
+        records = sorted(
+            serialized_user['records'], key=lambda r: r['record_type']
         )
-        assert serialized_user['records'][0]['workout_date']
+        assert records[0]['record_type'] == 'AS'
+        assert records[0]['sport_id'] == sport_1_cycling.id
+        assert records[0]['user'] == user_1.username
+        assert records[0]['value'] > 0
+        assert records[0]['workout_id'] == workout_cycling_user_1.short_id
+        assert records[0]['workout_date']
 
     def test_it_returns_user_1_and_user_2_dont_not_follow_each_other(
         self,
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 505eb1e08..1e5efc1f8 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -97,6 +97,7 @@ def test_serialize_for_workout_without_gpx(
         assert serialized_workout['weather_start'] is None
         assert serialized_workout['with_gpx'] is False
         assert str(serialized_workout['workout_date']) == '2018-01-01 00:00:00'
+        assert 'remote_url' not in serialized_workout
 
     def test_serialize_for_workout_with_gpx(
         self,
@@ -142,6 +143,7 @@ def test_serialize_for_workout_with_gpx(
         assert serialized_workout['weather_start'] is None
         assert serialized_workout['with_gpx'] is True
         assert str(serialized_workout['workout_date']) == '2018-01-01 00:00:00'
+        assert 'remote_url' not in serialized_workout
 
     def test_serializer_returns_map_related_data(
         self,
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 68ce81625..891c8cf98 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -159,6 +159,7 @@ class Workout(BaseModel):
     weather_start = db.Column(JSON, nullable=True)
     weather_end = db.Column(JSON, nullable=True)
     notes = db.Column(db.String(500), nullable=True)
+    remote_url = db.Column(db.String(255), nullable=True)
     workout_visibility = db.Column(
         Enum(PrivacyLevel, name='privacy_levels'),
         server_default='PRIVATE',
@@ -362,6 +363,8 @@ def serialize(
         if user_status == 'owner':
             workout['workout_visibility'] = self.workout_visibility.value
             workout['map_visibility'] = self.calculated_map_visibility.value
+        if self.user.is_remote:
+            workout['remote_url'] = self.remote_url
         return workout
 
     @classmethod
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index ba7205477..fb34acc32 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -121,6 +121,7 @@ def create_workout(
         duration=duration,
     )
     new_workout.notes = workout_data.get('notes')
+    new_workout.remote_url = workout_data.get('url')
     new_workout.workout_visibility = PrivacyLevel(
         workout_data.get('workout_visibility', user.workouts_visibility.value)
     )

From 0d1c811931fe33d4f209755d3ab36fc6ba66c4b7 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 6 Jun 2022 08:46:37 +0200
Subject: [PATCH 138/238] API - return workout visibility

---
 .../test_workouts_api_0_get_workout.py        | 30 +++++++++++++++----
 .../tests/workouts/test_workouts_model.py     | 27 ++++++++++-------
 fittrackee/workouts/models.py                 |  5 ++--
 3 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index 0d141a1af..c289068b1 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -124,8 +124,14 @@ def test_it_returns_followed_user_workout(
         assert data['data']['workouts'][0]['user'] == jsonify_dict(
             user_2.serialize()
         )
-        assert 'map_visibility' not in data['data']['workouts'][0]
-        assert 'workout_visibility' not in data['data']['workouts'][0]
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == PrivacyLevel.PRIVATE.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == input_workout_level
+        )
 
 
 class TestGetWorkoutAsUser(GetWorkoutTestCase):
@@ -200,8 +206,14 @@ def test_it_returns_another_user_workout_when_visibility_is_public(
         assert data['data']['workouts'][0]['user'] == jsonify_dict(
             user_2.serialize()
         )
-        assert 'map_visibility' not in data['data']['workouts'][0]
-        assert 'workout_visibility' not in data['data']['workouts'][0]
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == PrivacyLevel.PRIVATE.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == PrivacyLevel.PUBLIC.value
+        )
 
 
 class TestGetWorkoutAsUnauthenticatedUser(GetWorkoutTestCase):
@@ -265,8 +277,14 @@ def test_it_returns_a_user_workout_when_visibility_is_public(
         assert data['data']['workouts'][0]['user'] == jsonify_dict(
             user_1.serialize()
         )
-        assert 'map_visibility' not in data['data']['workouts'][0]
-        assert 'workout_visibility' not in data['data']['workouts'][0]
+        assert (
+            data['data']['workouts'][0]['map_visibility']
+            == PrivacyLevel.PRIVATE.value
+        )
+        assert (
+            data['data']['workouts'][0]['workout_visibility']
+            == PrivacyLevel.PUBLIC.value
+        )
 
 
 class GetWorkoutGpxTestCase(ApiTestCaseMixin):
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 1e5efc1f8..36287467d 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -352,8 +352,11 @@ def test_serializer_returns_map_related_data(
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
         assert serialized_workout['with_gpx'] is True
-        assert 'map_visibility' not in serialized_workout
-        assert 'workout_visibility' not in serialized_workout
+        assert serialized_workout['map_visibility'] == input_map_visibility
+        assert (
+            serialized_workout['workout_visibility']
+            == input_workout_visibility
+        )
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -386,8 +389,11 @@ def test_serializer_does_not_return_map_related_data(
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
         assert serialized_workout['with_gpx'] is False
-        assert 'map_visibility' not in serialized_workout
-        assert 'workout_visibility' not in serialized_workout
+        assert serialized_workout['map_visibility'] == input_map_visibility
+        assert (
+            serialized_workout['workout_visibility']
+            == input_workout_visibility
+        )
 
     def test_serializer_does_not_return_next_workout(
         self,
@@ -479,8 +485,8 @@ def test_serializer_returns_map_related_data_when_visibility_is_public(
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
         assert serialized_workout['with_gpx'] is True
-        assert 'map_visibility' not in serialized_workout
-        assert 'workout_visibility' not in serialized_workout
+        assert serialized_workout['map_visibility'] == PrivacyLevel.PUBLIC
+        assert serialized_workout['workout_visibility'] == PrivacyLevel.PUBLIC
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -513,8 +519,11 @@ def test_serializer_does_not_return_map_related_data(
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
         assert serialized_workout['with_gpx'] is False
-        assert 'map_visibility' not in serialized_workout
-        assert 'workout_visibility' not in serialized_workout
+        assert serialized_workout['map_visibility'] == input_map_visibility
+        assert (
+            serialized_workout['workout_visibility']
+            == input_workout_visibility
+        )
 
     def test_serializer_does_not_return_next_workout(
         self,
@@ -547,8 +556,6 @@ def test_serializer_does_not_return_previous_workout(
         )
 
         assert serialized_workout['previous_workout'] is None
-        assert 'map_visibility' not in serialized_workout
-        assert 'workout_visibility' not in serialized_workout
 
 
 class TestWorkoutModelGetActivity:
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 891c8cf98..c323bc405 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -356,13 +356,12 @@ def serialize(
             'segments': [segment.serialize() for segment in self.segments],
             'records': [record.serialize() for record in self.records],
             'map': self.map_id if self.map and can_see_map_data else None,
+            'map_visibility': self.calculated_map_visibility.value,
             'weather_start': self.weather_start,
             'weather_end': self.weather_end,
             'notes': self.notes if user_status == 'owner' else None,
+            'workout_visibility': self.workout_visibility.value,
         }
-        if user_status == 'owner':
-            workout['workout_visibility'] = self.workout_visibility.value
-            workout['map_visibility'] = self.calculated_map_visibility.value
         if self.user.is_remote:
             workout['remote_url'] = self.remote_url
         return workout

From 9d3d97039f38733ec809e946fac9b09b7cd4db31 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 6 Jun 2022 09:06:31 +0200
Subject: [PATCH 139/238] API - only create records for local workouts for now

---
 .../test_federation_activities_actions.py     | 20 +++++++++++++++++++
 fittrackee/workouts/models.py                 |  8 +++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/fittrackee/tests/federation/federation/test_federation_activities_actions.py b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
index e68dd6be5..e251a950b 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_actions.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_actions.py
@@ -631,3 +631,23 @@ def test_serializer_returns_remote_url(
             remote_workout.serialize(user_1)['remote_url']
             == remote_workout.remote_url
         )
+
+    def test_it_does_not_create_records_for_remote_workout(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_activity = self.generate_workout_create_activity(
+            remote_actor=remote_user.actor, sport_id=sport_1_cycling.id
+        )
+        activity = get_activity_instance({'type': workout_activity['type']})(
+            activity_dict=workout_activity
+        )
+        activity.process_activity()
+
+        remote_workout = Workout.query.filter_by(
+            user_id=remote_user.id, sport_id=sport_1_cycling.id
+        ).first()
+        assert remote_workout.records == []
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index c323bc405..75187486b 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -409,9 +409,11 @@ def on_workout_insert(
 ) -> None:
     @listens_for(db.Session, 'after_flush', once=True)
     def receive_after_flush(session: Session, context: Any) -> None:
-        update_records(
-            workout.user_id, workout.sport_id, connection, session
-        )  # noqa
+        # For now only create records for local workouts
+        if not workout.remote_url:
+            update_records(
+                workout.user_id, workout.sport_id, connection, session
+            )
 
 
 @listens_for(Workout, 'after_update')

From bb9274843bb0ebb7940f9758ce5d97d82b25fc84 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 6 Jun 2022 09:37:17 +0200
Subject: [PATCH 140/238] Client - update workout display (WIP)

---
 .../src/components/Workout/WorkoutCard.vue    | 83 +++++++++++--------
 .../WorkoutDetail/WorkoutCardTitle.vue        | 30 +++++++
 .../Workout/WorkoutDetail/WorkoutUser.vue     | 10 +++
 .../Workout/WorkoutDetail/index.vue           |  1 +
 .../src/locales/en/workouts.json              |  1 +
 .../src/locales/fr/workouts.json              |  1 +
 fittrackee_client/src/types/workouts.ts       |  1 +
 7 files changed, 92 insertions(+), 35 deletions(-)

diff --git a/fittrackee_client/src/components/Workout/WorkoutCard.vue b/fittrackee_client/src/components/Workout/WorkoutCard.vue
index b0e779cb1..6b27848ae 100644
--- a/fittrackee_client/src/components/Workout/WorkoutCard.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutCard.vue
@@ -1,47 +1,52 @@
 <template>
   <div class="timeline-workout">
     <div class="box">
-      <div class="workout-user-date">
-        <div class="workout-user">
-          <UserPicture :user="user" />
+      <div class="workout-card-title">
+        <div class="workout-user-date">
+          <div class="workout-user">
+            <UserPicture :user="user" />
+            <router-link
+              v-if="user.username"
+              class="workout-user-name"
+              :to="{
+                name: 'User',
+                params: { username: getUserName(user) },
+              }"
+              :title="user.username"
+            >
+              {{ user.username }}
+            </router-link>
+          </div>
           <router-link
-            v-if="user.username"
-            class="workout-user-name"
+            class="workout-title"
+            v-if="workout.id"
             :to="{
-              name: 'User',
-              params: { username: user.username },
+              name: 'Workout',
+              params: { workoutId: workout.id },
             }"
-            :title="user.username"
           >
-            {{ user.username }}
+            {{ workout.title }}
           </router-link>
+          <div
+            class="workout-date"
+            v-if="workout.workout_date && user"
+            :title="
+              format(
+                getDateWithTZ(workout.workout_date, user.timezone),
+                'dd/MM/yyyy HH:mm'
+              )
+            "
+          >
+            {{
+              formatDistance(new Date(workout.workout_date), new Date(), {
+                addSuffix: true,
+                locale,
+              })
+            }}
+          </div>
         </div>
-        <router-link
-          class="workout-title"
-          v-if="workout.id"
-          :to="{
-            name: 'Workout',
-            params: { workoutId: workout.id },
-          }"
-        >
-          {{ workout.title }}
-        </router-link>
-        <div
-          class="workout-date"
-          v-if="workout.workout_date && user"
-          :title="
-            format(
-              getDateWithTZ(workout.workout_date, user.timezone),
-              'dd/MM/yyyy HH:mm'
-            )
-          "
-        >
-          {{
-            formatDistance(new Date(workout.workout_date), new Date(), {
-              addSuffix: true,
-              locale,
-            })
-          }}
+        <div v-if="user.is_remote" class="user-remote-fullname">
+          {{ user.fullname }}
         </div>
       </div>
       <div
@@ -153,6 +158,7 @@
   import { IWorkout } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
   import { getDateWithTZ } from '@/utils/dates'
+  import { getUserName } from '@/utils/user'
 
   interface Props {
     user: IUserProfile
@@ -232,6 +238,13 @@
         }
       }
 
+      .user-remote-fullname {
+        font-size: 0.8em;
+        font-style: italic;
+        margin-top: -0.5 * $default-padding;
+        padding-left: $default-padding;
+      }
+
       .workout-map {
         background-color: var(--workout-no-map-bg-color);
         height: 150px;
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
index 692d760f1..e9e485f7a 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
@@ -1,6 +1,7 @@
 <template>
   <div id="workout-card-title">
     <div
+      v-if="isWorkoutOwner"
       class="workout-previous workout-arrow"
       :class="{ inactive: !workoutObject.previousUrl }"
       :title="
@@ -21,6 +22,16 @@
       <div class="workout-title-date">
         <div class="workout-title" v-if="workoutObject.type === 'WORKOUT'">
           <span>{{ workoutObject.title }}</span>
+          <a
+            class="remote-link"
+            v-if="workoutObject.remoteUrl"
+            :href="workoutObject.remoteUrl"
+            target="_blank"
+            rel="noopener noreferrer"
+          >
+            {{ $t('workouts.VIEW_ON_REMOTE_INSTANCE') }}
+            <i class="fa fa-external-link-square" aria-hidden="true"></i>
+          </a>
           <i
             class="fa fa-edit"
             aria-hidden="true"
@@ -72,6 +83,7 @@
       </div>
     </div>
     <div
+      v-if="isWorkoutOwner"
       class="workout-next workout-arrow"
       :class="{ inactive: !workoutObject.nextUrl }"
       :title="
@@ -152,9 +164,22 @@
         }
       }
       .workout-title {
+        display: flex;
+        flex-direction: row;
+        align-items: baseline;
         span {
           margin-right: $default-margin * 0.5;
         }
+        .remote-link {
+          font-size: 0.85em;
+          font-style: italic;
+          font-weight: normal;
+
+          .fa-external-link-square {
+            font-size: 0.85em;
+            padding: 0;
+          }
+        }
       }
       .workout-date {
         font-size: 0.8em;
@@ -178,6 +203,11 @@
         .fa-edit {
           padding: 0 $default-padding * 0.7;
         }
+
+        .workout-title {
+          display: flex;
+          flex-direction: column;
+        }
       }
     }
   }
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue
index 4e51458e4..1ced8cd39 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutUser.vue
@@ -7,6 +7,9 @@
         :to="`/users/${getUserName(user)}?from=users`"
       >
         {{ user.username }}
+        <div v-if="user.is_remote" class="user-remote-fullname">
+          {{ user.fullname }}
+        </div>
       </router-link>
     </div>
     <UserStats :user="user" />
@@ -57,6 +60,10 @@
 
       .user-name {
         font-size: 1.3em;
+        .user-remote-fullname {
+          font-size: 0.65em;
+          font-style: italic;
+        }
       }
     }
 
@@ -83,6 +90,9 @@
         .user-name {
           font-size: 1em;
           padding-left: $default-padding * 0.5;
+          .user-remote-fullname {
+            font-size: 0.8em;
+          }
         }
       }
       ::v-deep(.user-stats) {
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index 369c425f8..4361ba2ed 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -157,6 +157,7 @@
       pauses: segment ? segment.pauses : workout.pauses,
       previousUrl: urls.previousUrl,
       records: segment ? [] : workout.records,
+      remoteUrl: workout.remote_url,
       segmentId: segment ? segment.segment_id : null,
       title: workout.title,
       type: props.displaySegment ? 'SEGMENT' : 'WORKOUT',
diff --git a/fittrackee_client/src/locales/en/workouts.json b/fittrackee_client/src/locales/en/workouts.json
index bf31af594..958ba2117 100644
--- a/fittrackee_client/src/locales/en/workouts.json
+++ b/fittrackee_client/src/locales/en/workouts.json
@@ -58,6 +58,7 @@
   "TO": "to",
   "TOTAL_DURATION": "total duration",
   "UPLOAD_FIRST_WORKOUT": "Upload one!",
+  "VIEW_ON_REMOTE_INSTANCE": "view on remote instance",
   "WEATHER": {
     "HUMIDITY": "humidity",
     "TEMPERATURE": "temperature",
diff --git a/fittrackee_client/src/locales/fr/workouts.json b/fittrackee_client/src/locales/fr/workouts.json
index 6715e93b4..548bea30c 100644
--- a/fittrackee_client/src/locales/fr/workouts.json
+++ b/fittrackee_client/src/locales/fr/workouts.json
@@ -58,6 +58,7 @@
   "TO": "jusqu'au",
   "TOTAL_DURATION": "durée totale",
   "UPLOAD_FIRST_WORKOUT": "Ajoutez votre première séance !",
+  "VIEW_ON_REMOTE_INSTANCE": "voir sur l'instance distante",
   "WEATHER": {
     "HUMIDITY": "humidité",
     "TEMPERATURE": "température",
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 3b22514aa..3f92f7ac1 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -68,6 +68,7 @@ export interface IWorkout {
   pauses: string | null
   previous_workout: string | null
   records: IRecord[]
+  remote_url?: string
   segments: IWorkoutSegment[]
   sport_id: number
   title: string

From 283c25c51c80e85939e961481c8e5233ad1c34dc Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Tue, 20 Sep 2022 18:36:14 +0200
Subject: [PATCH 141/238] API - refacto

---
 .flake8                                           |  4 ++--
 fittrackee/federation/activities/__init__.py      | 15 +++++++++++++++
 .../activities/{actions.py => activities.py}      |  2 +-
 .../{activities/templates => objects}/__init__.py |  0
 .../{activities => objects}/base_object.py        |  2 +-
 .../{activities => objects}/follow_request.py     |  6 +++---
 .../federation/objects/templates/__init__.py      |  0
 .../templates/workout_note.py                     |  0
 .../federation/{activities => objects}/workout.py |  4 ++--
 fittrackee/federation/tasks/activity.py           |  2 +-
 ...y => test_federation_activities_activities.py} |  0
 ... => test_federation_objects_follow_request.py} |  4 ++--
 ...kout.py => test_federation_objects_workout.py} |  6 +++---
 fittrackee/users/models.py                        |  2 +-
 fittrackee/workouts/models.py                     |  2 +-
 15 files changed, 32 insertions(+), 17 deletions(-)
 rename fittrackee/federation/activities/{actions.py => activities.py} (99%)
 rename fittrackee/federation/{activities/templates => objects}/__init__.py (100%)
 rename fittrackee/federation/{activities => objects}/base_object.py (91%)
 rename fittrackee/federation/{activities => objects}/follow_request.py (93%)
 create mode 100644 fittrackee/federation/objects/templates/__init__.py
 rename fittrackee/federation/{activities => objects}/templates/workout_note.py (100%)
 rename fittrackee/federation/{activities => objects}/workout.py (98%)
 rename fittrackee/tests/federation/federation/{test_federation_activities_actions.py => test_federation_activities_activities.py} (100%)
 rename fittrackee/tests/federation/federation/{test_federation_activities_follow_request.py => test_federation_objects_follow_request.py} (97%)
 rename fittrackee/tests/federation/federation/{test_federation_activities_workout.py => test_federation_objects_workout.py} (99%)

diff --git a/.flake8 b/.flake8
index 277684d8a..bfa64d1e5 100644
--- a/.flake8
+++ b/.flake8
@@ -4,5 +4,5 @@ per-file-ignores =
     fittrackee/application/app_config.py:E501
     fittrackee/tests/test_email.py:E501
     fittrackee/tests/test_email_template_password_request.py:E501
-    fittrackee/federation/activities/templates/workout_note.py:E501
-    fittrackee/tests/federation/federation/test_federation_activities_workout.py:E501
+    fittrackee/federation/objects/templates/workout_note.py:E501
+    fittrackee/tests/federation/federation/test_federation_objects_workout.py:E501
diff --git a/fittrackee/federation/activities/__init__.py b/fittrackee/federation/activities/__init__.py
index e69de29bb..1f464b326 100644
--- a/fittrackee/federation/activities/__init__.py
+++ b/fittrackee/federation/activities/__init__.py
@@ -0,0 +1,15 @@
+from .activities import (
+    AcceptActivity,
+    CreateActivity,
+    FollowActivity,
+    RejectActivity,
+    UndoActivity,
+)
+
+__all__ = [
+    'AcceptActivity',
+    'CreateActivity',
+    'FollowActivity',
+    'RejectActivity',
+    'UndoActivity',
+]
diff --git a/fittrackee/federation/activities/actions.py b/fittrackee/federation/activities/activities.py
similarity index 99%
rename from fittrackee/federation/activities/actions.py
rename to fittrackee/federation/activities/activities.py
index b56a8ec60..ca44ab9a8 100644
--- a/fittrackee/federation/activities/actions.py
+++ b/fittrackee/federation/activities/activities.py
@@ -17,7 +17,7 @@
 from fittrackee.workouts.models import Sport
 from fittrackee.workouts.utils.workouts import create_workout
 
-from .workout import convert_workout_activity
+from ..objects.workout import convert_workout_activity
 
 
 class AbstractActivity(ABC):
diff --git a/fittrackee/federation/activities/templates/__init__.py b/fittrackee/federation/objects/__init__.py
similarity index 100%
rename from fittrackee/federation/activities/templates/__init__.py
rename to fittrackee/federation/objects/__init__.py
diff --git a/fittrackee/federation/activities/base_object.py b/fittrackee/federation/objects/base_object.py
similarity index 91%
rename from fittrackee/federation/activities/base_object.py
rename to fittrackee/federation/objects/base_object.py
index c97b9c9ab..0ad9c82bd 100644
--- a/fittrackee/federation/activities/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -6,7 +6,7 @@
     from ..models import Actor
 
 
-class ActivityObject(ABC):
+class BaseObject(ABC):
     id: str
     type: 'ActivityType'
     actor: 'Actor'
diff --git a/fittrackee/federation/activities/follow_request.py b/fittrackee/federation/objects/follow_request.py
similarity index 93%
rename from fittrackee/federation/activities/follow_request.py
rename to fittrackee/federation/objects/follow_request.py
index e66187f07..2f153c9f3 100644
--- a/fittrackee/federation/activities/follow_request.py
+++ b/fittrackee/federation/objects/follow_request.py
@@ -2,13 +2,13 @@
 
 from ..constants import AP_CTX
 from ..enums import ActivityType
-from .base_object import ActivityObject
+from .base_object import BaseObject
 
 if TYPE_CHECKING:
-    from ..models import Actor
+    from fittrackee.federation.models import Actor
 
 
-class FollowRequestObject(ActivityObject):
+class FollowRequestObject(BaseObject):
     from_actor: 'Actor'
     to_actor: 'Actor'
 
diff --git a/fittrackee/federation/objects/templates/__init__.py b/fittrackee/federation/objects/templates/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/federation/activities/templates/workout_note.py b/fittrackee/federation/objects/templates/workout_note.py
similarity index 100%
rename from fittrackee/federation/activities/templates/workout_note.py
rename to fittrackee/federation/objects/templates/workout_note.py
diff --git a/fittrackee/federation/activities/workout.py b/fittrackee/federation/objects/workout.py
similarity index 98%
rename from fittrackee/federation/activities/workout.py
rename to fittrackee/federation/objects/workout.py
index 357ca69cc..e5c1c59a1 100644
--- a/fittrackee/federation/activities/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -7,14 +7,14 @@
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from ..enums import ActivityType
 from ..exceptions import InvalidWorkoutException
-from .base_object import ActivityObject
+from .base_object import BaseObject
 from .templates.workout_note import WORKOUT_NOTE
 
 if TYPE_CHECKING:
     from fittrackee.workouts.models import Workout
 
 
-class WorkoutObject(ActivityObject):
+class WorkoutObject(BaseObject):
     workout: 'Workout'
 
     def __init__(self, workout: 'Workout') -> None:
diff --git a/fittrackee/federation/tasks/activity.py b/fittrackee/federation/tasks/activity.py
index a8d55eba6..fab21b071 100644
--- a/fittrackee/federation/tasks/activity.py
+++ b/fittrackee/federation/tasks/activity.py
@@ -10,7 +10,7 @@ def get_activity_instance(activity_dict: Dict) -> Callable:
     activity_type = activity_dict['type']
     try:
         Activity = getattr(
-            import_module('fittrackee.federation.activities.actions'),
+            import_module('fittrackee.federation.activities'),
             f'{activity_type}Activity',
         )
     except AttributeError:
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_actions.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
similarity index 100%
rename from fittrackee/tests/federation/federation/test_federation_activities_actions.py
rename to fittrackee/tests/federation/federation/test_federation_activities_activities.py
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_follow_request.py b/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
similarity index 97%
rename from fittrackee/tests/federation/federation/test_federation_activities_follow_request.py
rename to fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
index 312bfa9d9..1b38cbd85 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_follow_request.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
@@ -1,12 +1,12 @@
 from flask import Flask
 
-from fittrackee.federation.activities.follow_request import FollowRequestObject
 from fittrackee.federation.constants import AP_CTX
 from fittrackee.federation.enums import ActivityType
+from fittrackee.federation.objects.follow_request import FollowRequestObject
 from fittrackee.users.models import User
 
 
-class TestFollowRequestActivityObject:
+class TestFollowRequestObject:
     def test_it_generates_follow_activity(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
similarity index 99%
rename from fittrackee/tests/federation/federation/test_federation_activities_workout.py
rename to fittrackee/tests/federation/federation/test_federation_objects_workout.py
index c9ec070eb..6d4fca384 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -3,13 +3,13 @@
 import pytest
 from flask import Flask
 
-from fittrackee.federation.activities.workout import (
+from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
+from fittrackee.federation.exceptions import InvalidWorkoutException
+from fittrackee.federation.objects.workout import (
     WorkoutObject,
     convert_duration_string_to_seconds,
     convert_workout_activity,
 )
-from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
-from fittrackee.federation.exceptions import InvalidWorkoutException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.mixins import RandomMixin
 from fittrackee.users.models import User
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index b63573428..c6b84884b 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -9,10 +9,10 @@
 from sqlalchemy.types import Enum
 
 from fittrackee import BaseModel, bcrypt, db
-from fittrackee.federation.activities.follow_request import FollowRequestObject
 from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.models import Actor, Domain
+from fittrackee.federation.objects.follow_request import FollowRequestObject
 from fittrackee.federation.tasks.inbox import send_to_remote_inbox
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.models import Workout
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 867d6b15d..164805cd8 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -12,8 +12,8 @@
 from sqlalchemy.types import JSON, Enum
 
 from fittrackee import BaseModel, appLog, db
-from fittrackee.federation.activities.workout import WorkoutObject
 from fittrackee.federation.decorators import federation_required
+from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 

From 7b6868b7b7a48a64391086c87fa9c07c73808d7a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Tue, 20 Sep 2022 19:25:46 +0200
Subject: [PATCH 142/238] API - add `follow` scope for relationship-related
 endpoints

---
 fittrackee/oauth2/client.py                   |   2 +
 .../tests/application/test_app_config_api.py  |   2 +
 fittrackee/tests/users/test_auth_api.py       |  14 +++
 fittrackee/tests/users/test_users_api.py      |   8 ++
 .../tests/users/test_users_follow_api.py      |  81 ++++++++++++
 .../users/test_users_follow_request_api.py    | 118 ++++++++++++++++++
 .../tests/users/test_users_followers_api.py   |  71 +++++++++++
 fittrackee/tests/workouts/test_records_api.py |   2 +
 fittrackee/tests/workouts/test_sports_api.py  |   6 +
 fittrackee/tests/workouts/test_stats_api.py   |   6 +
 .../tests/workouts/test_timeline_api.py       |  35 ++++++
 .../test_workouts_api_0_get_workout.py        |   4 +
 .../test_workouts_api_0_get_workouts.py       |   2 +
 .../workouts/test_workouts_api_1_post.py      |   4 +
 .../workouts/test_workouts_api_2_patch.py     |   2 +
 .../workouts/test_workouts_api_3_delete.py    |   2 +
 fittrackee/users/follow_requests.py           |  12 +-
 fittrackee/users/users.py                     |  18 +--
 fittrackee/workouts/timeline.py               |   2 +-
 19 files changed, 379 insertions(+), 12 deletions(-)

diff --git a/fittrackee/oauth2/client.py b/fittrackee/oauth2/client.py
index 15611c8a3..0817723f3 100644
--- a/fittrackee/oauth2/client.py
+++ b/fittrackee/oauth2/client.py
@@ -10,6 +10,8 @@
 
 VALID_SCOPES = [
     'application:write',
+    'follow:read',
+    'follow:write',
     'profile:read',
     'profile:write',
     'users:read',
diff --git a/fittrackee/tests/application/test_app_config_api.py b/fittrackee/tests/application/test_app_config_api.py
index b595efeaf..a8f7c598b 100644
--- a/fittrackee/tests/application/test_app_config_api.py
+++ b/fittrackee/tests/application/test_app_config_api.py
@@ -333,6 +333,8 @@ def test_it_empties_error_if_admin_contact_is_an_empty(
         'client_scope, can_access',
         [
             ('application:write', True),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 2a671d143..f45dee052 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -543,6 +543,8 @@ def test_it_returns_user(self, app: Flask, user_1: User) -> None:
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', True),
             ('profile:write', False),
             ('users:read', False),
@@ -640,6 +642,8 @@ def test_it_updates_user_profile(self, app: Flask, user_1: User) -> None:
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', True),
             ('users:read', False),
@@ -1310,6 +1314,8 @@ def test_it_does_not_calls_all_email_send_when_email_sending_is_disabled(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', True),
             ('users:read', False),
@@ -1465,6 +1471,8 @@ def test_it_updates_user_preferences_with_valid_map_visibility(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', True),
             ('users:read', False),
@@ -1683,6 +1691,8 @@ def test_it_updates_stopped_speed_threshold_for_auth_user(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', True),
             ('users:read', False),
@@ -1774,6 +1784,8 @@ def test_it_does_not_raise_error_if_sport_preferences_do_not_exist(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', True),
             ('users:read', False),
@@ -1941,6 +1953,8 @@ def test_it_updates_user_picture(self, app: Flask, user_1: User) -> None:
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', True),
             ('users:read', False),
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 72f91563e..dfee46539 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -129,6 +129,8 @@ def test_it_gets_inactive_user(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', True),
@@ -1085,6 +1087,8 @@ def test_it_users_list_with_complex_query(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', True),
@@ -1709,6 +1713,8 @@ def test_it_can_only_activate_user_account(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -1975,6 +1981,8 @@ def test_it_deletes_actor_when_deleting_user(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/users/test_users_follow_api.py b/fittrackee/tests/users/test_users_follow_api.py
index 4a51abb2e..4141386bb 100644
--- a/fittrackee/tests/users/test_users_follow_api.py
+++ b/fittrackee/tests/users/test_users_follow_api.py
@@ -2,6 +2,7 @@
 from datetime import datetime
 from unittest.mock import Mock, patch
 
+import pytest
 from flask import Flask
 
 from fittrackee.users.models import FollowRequest, User
@@ -119,6 +120,46 @@ def test_it_does_not_call_send_to_user_inbox(
 
         send_to_remote_inbox_mock.send.assert_not_called()
 
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', True),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.username}/follow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
 
 class TestUnfollowWithoutFederation(ApiTestCaseMixin):
     def test_it_raises_error_if_target_user_does_not_exist(
@@ -203,3 +244,43 @@ def test_it_does_not_call_send_to_user_inbox(
         )
 
         send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', True),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            f'/api/users/{user_2.username}/unfollow',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/users/test_users_follow_request_api.py b/fittrackee/tests/users/test_users_follow_request_api.py
index 8aab2ef52..b85d6209f 100644
--- a/fittrackee/tests/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/users/test_users_follow_request_api.py
@@ -2,6 +2,7 @@
 from datetime import datetime
 from unittest.mock import patch
 
+import pytest
 from flask import Flask
 from flask.testing import FlaskClient
 
@@ -56,6 +57,41 @@ def test_it_returns_current_user_pending_follow_requests(
         assert data['data']['follow_requests'][0]['username'] == 'sam'
         assert '@context' not in data['data']['follow_requests'][0]
 
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', True),
+            ('follow:write', False),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self, app: Flask, user_1: User, client_scope: str, can_access: bool
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.get(
+            '/api/follow-requests',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
 
 class TestGetFollowRequestPagination(ApiTestCaseMixin):
     def test_it_returns_pagination(
@@ -348,6 +384,47 @@ def test_it_accepts_follow_request(
             client, auth_token, user_2.username, 'accept'
         )
 
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', True),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            f'/api/follow-requests/{user_2.username}/accept',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
 
 class TestRejectFollowRequestWithoutFederation(FollowRequestTestCase):
     def test_it_raises_error_if_target_user_does_not_exist(
@@ -406,3 +483,44 @@ def test_it_rejects_follow_request(
         self.assert_it_returns_follow_request_processed(
             client, auth_token, user_2.username, 'reject'
         )
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', True),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            f'/api/follow-requests/{user_2.username}/reject',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/users/test_users_followers_api.py b/fittrackee/tests/users/test_users_followers_api.py
index 1aa7c4f68..82e31770f 100644
--- a/fittrackee/tests/users/test_users_followers_api.py
+++ b/fittrackee/tests/users/test_users_followers_api.py
@@ -3,6 +3,7 @@
 from typing import List
 from unittest.mock import patch
 
+import pytest
 from flask import Flask
 
 from fittrackee.users.models import FollowRequest, User
@@ -92,6 +93,41 @@ def test_it_returns_followers(
         assert 'email' not in data['data']['followers'][0]
         assert 'email' not in data['data']['followers'][1]
 
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', True),
+            ('follow:write', False),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self, app: Flask, user_1: User, client_scope: str, can_access: bool
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}/followers',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
 
 class TestFollowersAsAdmin(FollowersAsUserTestCase):
     def test_it_returns_404_if_user_does_not_exist(
@@ -330,6 +366,41 @@ def test_it_returns_following_users(
         assert 'email' in data['data']['following'][0]
         assert 'email' not in data['data']['following'][1]
 
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', True),
+            ('follow:write', False),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self, app: Flask, user_1: User, client_scope: str, can_access: bool
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.get(
+            f'/api/users/{user_1.username}/following',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
 
 class TestFollowingAsAdmin(FollowersAsUserTestCase):
     def test_it_returns_404_if_user_does_not_exist(
diff --git a/fittrackee/tests/workouts/test_records_api.py b/fittrackee/tests/workouts/test_records_api.py
index 352ffbf15..dc663baa9 100644
--- a/fittrackee/tests/workouts/test_records_api.py
+++ b/fittrackee/tests/workouts/test_records_api.py
@@ -903,6 +903,8 @@ def test_it_returns_error_if_user_is_not_authenticated(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_sports_api.py b/fittrackee/tests/workouts/test_sports_api.py
index 3d167c3b8..40c034343 100644
--- a/fittrackee/tests/workouts/test_sports_api.py
+++ b/fittrackee/tests/workouts/test_sports_api.py
@@ -143,6 +143,8 @@ def test_it_gets_sports_with_auth_user_preferences(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -283,6 +285,8 @@ def test_it_get_an_inactive_sport_with_admin_rights(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -522,6 +526,8 @@ def test_it_returns_error_if_sport_does_not_exist(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_stats_api.py b/fittrackee/tests/workouts/test_stats_api.py
index 3d2f6642d..63c41e8d8 100644
--- a/fittrackee/tests/workouts/test_stats_api.py
+++ b/fittrackee/tests/workouts/test_stats_api.py
@@ -867,6 +867,8 @@ def test_it_gets_stats_by_week_starting_with_monday_for_week_13(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -1048,6 +1050,8 @@ def test_it_returns_error_if_sport_id_is_invalid(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -1167,6 +1171,8 @@ def test_it_returns_error_if_user_has_no_admin_rights(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_timeline_api.py b/fittrackee/tests/workouts/test_timeline_api.py
index dd37ca631..eb79b22fb 100644
--- a/fittrackee/tests/workouts/test_timeline_api.py
+++ b/fittrackee/tests/workouts/test_timeline_api.py
@@ -269,6 +269,41 @@ def test_it_returns_followed_user_workout_map_when_visibility_allows_it(
         data = json.loads(response.data.decode())
         assert data['data']['workouts'][0]['map'] == map_id
 
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', True),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self, app: Flask, user_1: User, client_scope: str, can_access: bool
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.get(
+            '/api/timeline',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
 
 class TestGetUserTimelinePagination(ApiTestCaseMixin):
     def test_it_returns_pagination_when_no_workouts(
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index ad7921cd7..e22c36744 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -1631,6 +1631,8 @@ class TestWorkoutScope(ApiTestCaseMixin):
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -1735,6 +1737,8 @@ def test_it_calls_send_from_directory_if_workout_has_gpx(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
index 50d250a5a..77b877a00 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workouts.py
@@ -114,6 +114,8 @@ def test_it_returns_401_if_user_is_not_authenticated(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 64ca1bf76..acf018813 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -936,6 +936,8 @@ def test_it_returns_error_when_file_size_exceeds_limit(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
@@ -1271,6 +1273,8 @@ def test_workout_is_created_with_valid_privacy_parameters_when_provided(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_workouts_api_2_patch.py b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
index 927d92530..ef81d4474 100644
--- a/fittrackee/tests/workouts/test_workouts_api_2_patch.py
+++ b/fittrackee/tests/workouts/test_workouts_api_2_patch.py
@@ -325,6 +325,8 @@ def test_it_raises_500_if_sport_does_not_exist(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index 136426584..d9fd99a6a 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -194,6 +194,8 @@ def test_a_workout_with_gpx_can_be_deleted_if_map_file_is_invalid(
         'client_scope, can_access',
         [
             ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
             ('profile:read', False),
             ('profile:write', False),
             ('users:read', False),
diff --git a/fittrackee/users/follow_requests.py b/fittrackee/users/follow_requests.py
index cf7db4329..79fc8c46c 100644
--- a/fittrackee/users/follow_requests.py
+++ b/fittrackee/users/follow_requests.py
@@ -30,11 +30,13 @@
 
 
 @follow_requests_blueprint.route('/follow-requests', methods=['GET'])
-@require_auth(scopes=['users:read'])
+@require_auth(scopes=['follow:read'])
 def get_follow_requests(auth_user: User) -> Dict:
     """
     Get follow requests to process, received by authenticated user.
 
+    **Scope**: ``follow:read``
+
     **Example requests**:
 
     - without parameters
@@ -180,13 +182,15 @@ def process_follow_request(
 @follow_requests_blueprint.route(
     '/follow-requests/<user_name>/accept', methods=['POST']
 )
-@require_auth(scopes=['users:write'])
+@require_auth(scopes=['follow:write'])
 def accept_follow_request(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
     """
     Accept a follow request.
 
+    **Scope**: ``follow:write``
+
     **Example requests**:
 
     - from local instance
@@ -235,13 +239,15 @@ def accept_follow_request(
 @follow_requests_blueprint.route(
     '/follow-requests/<user_name>/reject', methods=['POST']
 )
-@require_auth(scopes=['users:write'])
+@require_auth(scopes=['follow:write'])
 def reject_follow_request(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
     """
     Reject a follow request.
 
+    **Scope**: ``follow:write``
+
     **Example requests**:
 
     - from local instance
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 7120bdbd4..90740f7b7 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -406,6 +406,8 @@ def get_single_user(
 
     It returns user preferences only for authenticated user.
 
+    **Scope**: ``users:read`` for Oauth 2.0 client
+
     **Example request**:
 
     .. sourcecode:: http
@@ -917,14 +919,14 @@ def delete_user(
 
 
 @users_blueprint.route('/users/<user_name>/follow', methods=['POST'])
-@require_auth(scopes=['users:write'])
+@require_auth(scopes=['follow:write'])
 def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
     """
     Send a follow request to a user.
     If federation is enabled, it sends a follow request to remote instance
     if the targeted user is a remote user.
 
-    **Scope**: ``users:write``
+    **Scope**: ``follow:write``
 
     **Example request**:
 
@@ -990,7 +992,7 @@ def follow_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
 
 
 @users_blueprint.route('/users/<user_name>/unfollow', methods=['POST'])
-@require_auth(scopes=['users:write'])
+@require_auth(scopes=['follow:write'])
 def unfollow_user(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
@@ -999,7 +1001,7 @@ def unfollow_user(
     If federation is enabled, it sends a Undo activity to the remote instance
     if the targeted user is a remote user.
 
-    **Scope**: ``users:write``
+    **Scope**: ``follow:write``
 
     **Example request**:
 
@@ -1104,7 +1106,7 @@ def get_user_relationships(
 
 
 @users_blueprint.route('/users/<user_name>/followers', methods=['GET'])
-@require_auth(scopes=['users:read'])
+@require_auth(scopes=['follow:read'])
 def get_followers(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
@@ -1113,7 +1115,7 @@ def get_followers(
     If the authenticated user has admin rights, it returns following users with
     additional field 'email'
 
-    **Scope**: ``users:read``
+    **Scope**: ``follow:read``
 
     **Example request**:
 
@@ -1198,7 +1200,7 @@ def get_followers(
 
 
 @users_blueprint.route('/users/<user_name>/following', methods=['GET'])
-@require_auth(scopes=['users:read'])
+@require_auth(scopes=['follow:read'])
 def get_following(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
@@ -1207,7 +1209,7 @@ def get_following(
     If the authenticate user has admin rights, it returns following users with
     additional field 'email'
 
-    **Scope**: ``users:read``
+    **Scope**: ``follow:read``
 
     **Example request**:
 
diff --git a/fittrackee/workouts/timeline.py b/fittrackee/workouts/timeline.py
index 9fc0aff0b..748dc4b88 100644
--- a/fittrackee/workouts/timeline.py
+++ b/fittrackee/workouts/timeline.py
@@ -17,7 +17,7 @@
 
 
 @timeline_blueprint.route('/timeline', methods=['GET'])
-@require_auth(scopes=['users:read'])
+@require_auth(scopes=['workouts:read'])
 def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
     try:
         params = request.args.copy()

From 74c5d9de01034ddca7c211c234b71b6b5271b409 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 2 Nov 2022 10:04:05 +0100
Subject: [PATCH 143/238] Client - fix after merging dev

---
 .../src/components/Dashboard/Timeline.vue     | 34 +++++++++++++------
 .../src/components/Workout/WorkoutCard.vue    | 33 ++----------------
 .../Workout/WorkoutDetail/index.vue           |  1 +
 fittrackee_client/src/types/workouts.ts       |  3 +-
 fittrackee_client/src/views/Dashboard.vue     |  2 +-
 5 files changed, 31 insertions(+), 42 deletions(-)

diff --git a/fittrackee_client/src/components/Dashboard/Timeline.vue b/fittrackee_client/src/components/Dashboard/Timeline.vue
index 93e881d31..dcd144715 100644
--- a/fittrackee_client/src/components/Dashboard/Timeline.vue
+++ b/fittrackee_client/src/components/Dashboard/Timeline.vue
@@ -1,11 +1,13 @@
 <template>
   <div id="timeline">
     <div class="section-title">{{ $t('workouts.LATEST_WORKOUTS') }}</div>
-    <div v-if="user.nb_workouts > 0 && workouts.length === 0">
+    <div v-if="authUser.nb_workouts > 0 && workouts.length === 0">
       <WorkoutCard
         v-for="index in [...Array(initWorkoutsCount).keys()]"
-        :user="user"
-        :useImperialUnits="user.imperial_units"
+        :user="authUser"
+        :useImperialUnits="authUser.imperial_units"
+        :dateFormat="dateFormat"
+        :timezone="authUser.timezone"
         :key="index"
       />
     </div>
@@ -19,7 +21,9 @@
             : null
         "
         :user="workout.user"
-        :useImperialUnits="user.imperial_units"
+        :useImperialUnits="authUser.imperial_units"
+        :dateFormat="dateFormat"
+        :timezone="authUser.timezone"
         :key="workout.id"
       />
       <NoWorkouts v-if="workouts.length === 0" />
@@ -37,27 +41,29 @@
 
   import WorkoutCard from '@/components/Workout/WorkoutCard.vue'
   import NoWorkouts from '@/components/Workouts/NoWorkouts.vue'
-  import { WORKOUTS_STORE } from '@/store/constants'
+  import { ROOT_STORE, WORKOUTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
-  import { IUserProfile } from '@/types/user'
+  import { IAuthUserProfile } from '@/types/user'
   import { IWorkout } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
+  import { getDateFormat } from '@/utils/dates'
   import { defaultOrder } from '@/utils/workouts'
 
   interface Props {
     sports: ISport[]
-    user: IUserProfile
+    authUser: IAuthUserProfile
   }
   const props = defineProps<Props>()
+  const { sports, authUser } = toRefs(props)
 
   const store = useStore()
 
-  const { sports, user } = toRefs(props)
   const page = ref(1)
   const per_page = 5
   const initWorkoutsCount =
-    props.user.nb_workouts >= per_page ? per_page : props.user.nb_workouts
-  onBeforeMount(() => loadWorkouts())
+    authUser.value.nb_workouts >= per_page
+      ? per_page
+      : authUser.value.nb_workouts
   const workouts: ComputedRef<IWorkout[]> = computed(
     () => store.getters[WORKOUTS_STORE.GETTERS.TIMELINE_WORKOUTS]
   )
@@ -66,6 +72,14 @@
       ? workouts.value[workouts.value.length - 1].previous_workout !== null
       : false
   )
+  const appLanguage: ComputedRef<string> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.LANGUAGE]
+  )
+  const dateFormat: ComputedRef<string> = computed(() =>
+    getDateFormat(authUser.value.date_format, appLanguage.value)
+  )
+
+  onBeforeMount(() => loadWorkouts())
 
   function loadWorkouts() {
     store.dispatch(WORKOUTS_STORE.ACTIONS.GET_TIMELINE_WORKOUTS, {
diff --git a/fittrackee_client/src/components/Workout/WorkoutCard.vue b/fittrackee_client/src/components/Workout/WorkoutCard.vue
index 815084a4a..747356777 100644
--- a/fittrackee_client/src/components/Workout/WorkoutCard.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutCard.vue
@@ -30,12 +30,7 @@
           <div
             class="workout-date"
             v-if="workout.workout_date && user"
-            :title="
-              format(
-                getDateWithTZ(workout.workout_date, user.timezone),
-                'dd/MM/yyyy HH:mm'
-              )
-            "
+            :title="formatDate(workout.workout_date, timezone, dateFormat)"
           >
             {{
               formatDistance(new Date(workout.workout_date), new Date(), {
@@ -45,30 +40,6 @@
             }}
           </div>
         </div>
-        <router-link
-          class="workout-title"
-          v-if="workout.id"
-          :to="{
-            name: 'Workout',
-            params: { workoutId: workout.id },
-          }"
-        >
-          {{ workout.title }}
-        </router-link>
-        <div
-          class="workout-date"
-          v-if="workout.workout_date && user"
-          :title="
-            formatDate(workout.workout_date, user.timezone, user.date_format)
-          "
-        >
-          {{
-            formatDistance(new Date(workout.workout_date), new Date(), {
-              addSuffix: true,
-              locale,
-            })
-          }}
-        </div>
         <div v-if="user.is_remote" class="user-remote-fullname">
           {{ user.fullname }}
         </div>
@@ -187,6 +158,8 @@
   interface Props {
     user: IUserProfile
     useImperialUnits: boolean
+    dateFormat: string
+    timezone: string
     workout?: IWorkout
     sport?: ISport
   }
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index 1f2bd9680..cd4b902a1 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -25,6 +25,7 @@
           <WorkoutData
             :workoutObject="workoutObject"
             :useImperialUnits="authUser.imperial_units"
+            :displayHARecord="authUser.display_ascent"
           />
         </div>
         <WorkoutVisibility
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index ee551f08b..12f4f107e 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -95,13 +95,14 @@ export interface IWorkoutObject {
   duration: string
   maxAlt: number | null
   maxSpeed: number
-  mapVisibility: TPrivacyLevels | null
+  mapVisibility: TPrivacyLevels | null | undefined
   minAlt: number | null
   moving: string
   nextUrl: string | null
   pauses: string | null
   previousUrl: string | null
   records: IRecord[]
+  remoteUrl: string | undefined
   segmentId: number | null
   title: string
   type: string
diff --git a/fittrackee_client/src/views/Dashboard.vue b/fittrackee_client/src/views/Dashboard.vue
index 7660c7358..9ea6c94d0 100644
--- a/fittrackee_client/src/views/Dashboard.vue
+++ b/fittrackee_client/src/views/Dashboard.vue
@@ -60,7 +60,7 @@
         />
         <Timeline
           :sports="sports"
-          :user="authUser"
+          :authUser="authUser"
           :class="{ 'is-hidden': !(isSelected === 'timeline') }"
         />
       </div>

From 73ccc3061e3f6d347320e56cd4fd125fcb8cb0e3 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 2 Nov 2022 15:20:46 +0100
Subject: [PATCH 144/238] API - fix remote user creation

---
 .../migrations/versions/28_8842c351a2d8_init_federation.py     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py
index b3e2b69eb..67b2bd5b6 100644
--- a/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py
@@ -126,7 +126,7 @@ def upgrade():
         'users_actor_id_fkey', 'users', 'actors', ['actor_id'], ['id']
     )
     op.drop_constraint('users_username_key', 'users', type_='unique')
-    # user email and password are empty for remote actors
+    # user email, password and date format are empty for remote actors
     op.alter_column(
         'users', 'email', existing_type=sa.VARCHAR(length=255),
         nullable=True
@@ -135,6 +135,7 @@ def upgrade():
         'users', 'password', existing_type=sa.VARCHAR(length=255),
         nullable=True
     )
+    op.alter_column('users', 'date_format', nullable=True)
     # privacy levels
     privacy_levels.create(op.get_bind())
     op.add_column(

From 4720f330b78afe766b48319a0f887c2befbded82 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Nov 2022 12:00:30 +0100
Subject: [PATCH 145/238] API - update privacy level in order to share to local
 followers only

  on federated instances
---
 .../28_8842c351a2d8_init_federation.py        |  3 +-
 fittrackee/privacy_levels.py                  | 17 +++-
 .../tests/federation/users/test_auth_api.py   | 49 +++++++++++
 .../workouts/test_workouts_api_post.py        | 35 +++++++-
 fittrackee/tests/test_privacy_levels.py       | 87 +++++++++++++++++++
 fittrackee/tests/users/test_auth_api.py       | 38 ++++++++
 .../workouts/test_workouts_api_1_post.py      | 86 ++++++++++--------
 fittrackee/users/auth.py                      |  6 ++
 fittrackee/workouts/workouts.py               | 23 ++++-
 9 files changed, 297 insertions(+), 47 deletions(-)
 create mode 100644 fittrackee/tests/test_privacy_levels.py

diff --git a/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py
index 67b2bd5b6..89654d1cf 100644
--- a/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/28_8842c351a2d8_init_federation.py
@@ -24,7 +24,8 @@
 depends_on = None
 
 privacy_levels = ENUM(
-    'PUBLIC', 'FOLLOWERS', 'PRIVATE', name='privacy_levels'
+    'PUBLIC', 'FOLLOWERS_AND_REMOTE', 'FOLLOWERS', 'PRIVATE',
+    name='privacy_levels'
 )
 
 
diff --git a/fittrackee/privacy_levels.py b/fittrackee/privacy_levels.py
index f02527b39..a40fa76ec 100644
--- a/fittrackee/privacy_levels.py
+++ b/fittrackee/privacy_levels.py
@@ -3,7 +3,8 @@
 
 class PrivacyLevel(str, Enum):  # to make enum serializable
     PUBLIC = 'public'
-    FOLLOWERS = 'followers_only'
+    FOLLOWERS_AND_REMOTE = 'followers_and_remote_only'
+    FOLLOWERS = 'followers_only'  # only local followers in federated instances
     PRIVATE = 'private'
 
 
@@ -11,9 +12,17 @@ def get_map_visibility(
     map_visibility: PrivacyLevel, workout_visibility: PrivacyLevel
 ) -> PrivacyLevel:
     # workout privacy overrides map privacy, when stricter
-    if workout_visibility == PrivacyLevel.PRIVATE or (
-        workout_visibility == PrivacyLevel.FOLLOWERS
-        and map_visibility == PrivacyLevel.PUBLIC
+    if (
+        workout_visibility == PrivacyLevel.PRIVATE
+        or (
+            workout_visibility == PrivacyLevel.FOLLOWERS
+            and map_visibility
+            in [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC]
+        )
+        or (
+            workout_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+            and map_visibility == PrivacyLevel.PUBLIC
+        )
     ):
         return workout_visibility
     return map_visibility
diff --git a/fittrackee/tests/federation/users/test_auth_api.py b/fittrackee/tests/federation/users/test_auth_api.py
index 77ceb6115..4ffe5b174 100644
--- a/fittrackee/tests/federation/users/test_auth_api.py
+++ b/fittrackee/tests/federation/users/test_auth_api.py
@@ -1,7 +1,10 @@
 import json
 
+import pytest
 from flask import Flask
 
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.mixins import ApiTestCaseMixin
 from fittrackee.users.models import User
 
 
@@ -58,3 +61,49 @@ def test_local_user_can_register_if_remote_user_exists_with_same_username(
             User.is_remote == False,  # noqa
         ).first()
         assert created_user.id != remote_user.id
+
+
+class TestUserPreferencesUpdate(ApiTestCaseMixin):
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_updates_user_preferences_with_remote_level(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            '/api/auth/profile/edit/preferences',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    timezone='America/New_York',
+                    weekm=True,
+                    language='fr',
+                    imperial_units=True,
+                    display_ascent=True,
+                    date_format='MM/dd/yyyy',
+                    map_visibility=input_map_visibility.value,
+                    workouts_visibility=input_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['data']['map_visibility'] == input_map_visibility.value
+        assert (
+            data['data']['workouts_visibility']
+            == input_workout_visibility.value
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
index 89abd019b..1553cf405 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -29,6 +29,37 @@ def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
             app_with_federation, user_1.email
         )
 
+        client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                    workout_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
         client.post(
             '/api/workouts/no_gpx',
             content_type='application/json',
@@ -82,7 +113,7 @@ def test_it_does_not_call_sent_to_inbox_if_workout_is_private(
     @pytest.mark.parametrize(
         'workout_visibility',
         [
-            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
             PrivacyLevel.PUBLIC,
         ],
     )
@@ -129,7 +160,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
     @pytest.mark.parametrize(
         'workout_visibility',
         [
-            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
             PrivacyLevel.PUBLIC,
         ],
     )
diff --git a/fittrackee/tests/test_privacy_levels.py b/fittrackee/tests/test_privacy_levels.py
new file mode 100644
index 000000000..da6702877
--- /dev/null
+++ b/fittrackee/tests/test_privacy_levels.py
@@ -0,0 +1,87 @@
+import pytest
+
+from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
+
+
+class TestMapVisibility:
+    @pytest.mark.parametrize(
+        'input_map_visibility',
+        [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_returns_map_visibility_when_workout_visibility_is_public(
+        self,
+        input_map_visibility: PrivacyLevel,
+    ) -> None:
+        assert (
+            get_map_visibility(input_map_visibility, PrivacyLevel.PUBLIC)
+            == input_map_visibility
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility, expected_map_visibility',
+        [
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+            (
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_returns_map_visibility_when_workout_visibility_is_followers_only(  # noqa
+        self,
+        input_map_visibility: PrivacyLevel,
+        expected_map_visibility: PrivacyLevel,
+    ) -> None:
+        assert (
+            get_map_visibility(
+                input_map_visibility, PrivacyLevel.FOLLOWERS_AND_REMOTE
+            )
+            == expected_map_visibility
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility, expected_map_visibility',
+        [
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+            (
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_returns_map_visibility_when_workout_visibility_is_local_followers_only(  # noqa
+        self,
+        input_map_visibility: PrivacyLevel,
+        expected_map_visibility: PrivacyLevel,
+    ) -> None:
+        assert (
+            get_map_visibility(input_map_visibility, PrivacyLevel.FOLLOWERS)
+            == expected_map_visibility
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility',
+        [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_returns_map_visibility_when_workout_visibility_is_private(
+        self,
+        input_map_visibility: PrivacyLevel,
+    ) -> None:
+        assert (
+            get_map_visibility(input_map_visibility, PrivacyLevel.PRIVATE)
+            == PrivacyLevel.PRIVATE
+        )
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index c080d4782..792492c4c 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -1491,6 +1491,44 @@ def test_it_updates_user_preferences_with_valid_map_visibility(
             == input_workout_visibility.value
         )
 
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_returns_400_when_privacy_level_is_invalid(
+        self,
+        app: Flask,
+        user_1: User,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/auth/profile/edit/preferences',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    timezone='America/New_York',
+                    weekm=True,
+                    language='fr',
+                    imperial_units=True,
+                    display_ascent=True,
+                    date_format='MM/dd/yyyy',
+                    map_visibility=input_map_visibility.value,
+                    workouts_visibility=input_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(response)
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 57b9ae679..46a210a51 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -670,6 +670,49 @@ def test_workout_is_created_with_valid_privacy_parameters_when_provided(
             == input_workout_visibility.value
         )
 
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_returns_400_when_privacy_level_is_invalid(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        """
+        when workout visibility is stricter, map visibility is initialised
+        with workout visibility value
+        """
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{input_map_visibility.value}", '
+                    f'"workout_visibility": '
+                    f'"{input_workout_visibility.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        self.assert_400(response)
+
     def test_it_calls_configured_tile_server_for_static_map_when_default_static_map_to_false(  # noqa
         self,
         app: Flask,
@@ -1232,11 +1275,8 @@ def test_workout_is_created_with_user_privacy_parameters_when_no_provided(
         )
 
     @pytest.mark.parametrize(
-        'input_map_visibility,input_workout_visibility',
-        [
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC),
-            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS),
-        ],
+        'input_workout_visibility',
+        [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE],
     )
     def test_workout_is_created_with_provided_privacy_parameters(
         self,
@@ -1244,7 +1284,6 @@ def test_workout_is_created_with_provided_privacy_parameters(
         user_1: User,
         sport_1_cycling: Sport,
         gpx_file: str,
-        input_map_visibility: PrivacyLevel,
         input_workout_visibility: PrivacyLevel,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -1260,7 +1299,6 @@ def test_workout_is_created_with_provided_privacy_parameters(
                     duration=3600,
                     workout_date='2018-05-15 14:05',
                     distance=10,
-                    map_visibility=input_map_visibility.value,
                     workout_visibility=input_workout_visibility.value,
                 )
             ),
@@ -1271,34 +1309,20 @@ def test_workout_is_created_with_provided_privacy_parameters(
         data = json.loads(response.data.decode())
         assert 'created' in data['status']
         assert len(data['data']['workouts']) == 1
-        assert (
-            data['data']['workouts'][0]['map_visibility']
-            == input_map_visibility.value
-        )
         assert (
             data['data']['workouts'][0]['workout_visibility']
             == input_workout_visibility.value
         )
 
-    @pytest.mark.parametrize(
-        'input_map_visibility,input_workout_visibility',
-        [
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
-            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
-        ],
-    )
-    def test_workout_is_created_with_valid_privacy_parameters_when_provided(
+    def test_it_returns_400_when_privacy_level_is_invalid(
         self,
         app: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         gpx_file: str,
-        input_map_visibility: PrivacyLevel,
-        input_workout_visibility: PrivacyLevel,
     ) -> None:
         """
-        when workout visibility is stricter, map visibility is initialised
-        with workout visibility value
+        'FOLLOWERS_AND_REMOTE' is not available on un-federated instances
         """
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
@@ -1313,25 +1337,13 @@ def test_workout_is_created_with_valid_privacy_parameters_when_provided(
                     duration=3600,
                     workout_date='2018-05-15 14:05',
                     distance=10,
-                    map_visibility=input_map_visibility.value,
-                    workout_visibility=input_workout_visibility.value,
+                    workout_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE.value,
                 )
             ),
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        assert response.status_code == 201
-        data = json.loads(response.data.decode())
-        assert 'created' in data['status']
-        assert len(data['data']['workouts']) == 1
-        assert (
-            data['data']['workouts'][0]['map_visibility']
-            == input_workout_visibility.value
-        )
-        assert (
-            data['data']['workouts'][0]['workout_visibility']
-            == input_workout_visibility.value
-        )
+        self.assert_400(response)
 
     @pytest.mark.parametrize(
         'client_scope, can_access',
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 18774fe75..3e9049569 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -935,6 +935,12 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
     map_visibility = post_data.get('map_visibility')
     workouts_visibility = post_data.get('workouts_visibility')
 
+    if not current_app.config['federation_enabled'] and (
+        map_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
+        or workouts_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
+    ):
+        return InvalidPayloadErrorResponse()
+
     try:
         auth_user.date_format = date_format
         auth_user.display_ascent = display_ascent
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index f48fb42df..9e4c33001 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -997,6 +997,14 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
     if not workout_data or workout_data.get('sport_id') is None:
         return InvalidPayloadErrorResponse()
 
+    if not current_app.config['federation_enabled'] and (
+        workout_data.get('workout_visibility')
+        == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
+        or workout_data.get('map_visibility')
+        == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
+    ):
+        return InvalidPayloadErrorResponse()
+
     workout_file = request.files['file']
     upload_dir = os.path.join(
         current_app.config['UPLOAD_FOLDER'], 'workouts', str(auth_user.id)
@@ -1162,14 +1170,23 @@ def post_workout_no_gpx(
     ):
         return InvalidPayloadErrorResponse()
 
+    if (
+        not current_app.config['federation_enabled']
+        and workout_data.get('workout_visibility')
+        == PrivacyLevel.FOLLOWERS_AND_REMOTE
+    ):
+        return InvalidPayloadErrorResponse()
+
     try:
         new_workout = create_workout(auth_user, workout_data)
         db.session.add(new_workout)
         db.session.commit()
 
-        if (
-            current_app.config['federation_enabled']
-            and new_workout.workout_visibility != PrivacyLevel.PRIVATE
+        if current_app.config[
+            'federation_enabled'
+        ] and new_workout.workout_visibility in (
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
         ):
             sender_id = new_workout.user.actor.id
             workout_activity, note_activity = new_workout.get_activities()

From 53b2b845acb46958bc56a2822e83c570d457ccc7 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Nov 2022 16:44:49 +0100
Subject: [PATCH 146/238] API - send activities for workouts w/ gpx to remote
 instances (WIP)

 (no map-related data are sent)
---
 .../workouts/test_workouts_api_post.py        | 299 +++++++++++++++++-
 .../workouts/test_workouts_api_1_post.py      |   3 -
 fittrackee/tests/workouts/utils.py            |   1 +
 fittrackee/workouts/workouts.py               |  31 ++
 4 files changed, 326 insertions(+), 8 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
index 1553cf405..9d96045ae 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -1,5 +1,7 @@
 import json
-from unittest.mock import Mock, patch
+import os
+from io import BytesIO
+from unittest.mock import Mock, call, patch
 
 import pytest
 from flask import Flask
@@ -150,8 +152,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
         )
 
         workout_activity, _ = user_1.workouts[0].get_activities()
-        send_to_remote_inbox_mock.send.assert_called_once()
-        send_to_remote_inbox_mock.send.assert_called_with(
+        send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=workout_activity,
             recipients=[remote_user.actor.shared_inbox_url],
@@ -195,9 +196,297 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
         )
 
         _, note_activity = user_1.workouts[0].get_activities()
-        send_to_remote_inbox_mock.send.assert_called_once()
-        send_to_remote_inbox_mock.send.assert_called_with(
+        send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=note_activity,
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestFederationPostWorkoutWithGpx(ApiTestCaseMixin):
+    def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        gpx_file: str,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS.value}", '
+                    f'"workout_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        gpx_file: str,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS.value}", '
+                    f'"workout_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_does_not_call_sent_to_inbox_if_workout_is_private(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        gpx_file: str,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{PrivacyLevel.PRIVATE.value}", '
+                    f'"workout_visibility": '
+                    f'"{PrivacyLevel.PRIVATE.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        gpx_file: str,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{PrivacyLevel.PRIVATE.value}", '
+                    f'"workout_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        workout_activity, _ = user_1.workouts[0].get_activities()
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=workout_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{PrivacyLevel.PRIVATE.value}", '
+                    f'"workout_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        _, note_activity = user_1.workouts[0].get_activities()
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user_2.actor.shared_inbox_url],
+        )
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestFederationPostWorkoutWithZipArchive(ApiTestCaseMixin):
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        file_path = os.path.join(
+            app_with_federation.root_path, 'tests/files/gpx_test.zip'
+        )
+        with open(file_path, 'rb') as zip_file:
+            client, auth_token = self.get_test_client_and_auth_token(
+                app_with_federation, user_1.email
+            )
+
+            client.post(
+                '/api/workouts',
+                data=dict(
+                    file=(zip_file, 'gpx_test.zip'),
+                    data=(
+                        f'{{"sport_id": 1, "map_visibility": '
+                        f'"{PrivacyLevel.PRIVATE.value}", '
+                        f'"workout_visibility": '
+                        f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                    ),
+                ),
+                headers=dict(
+                    content_type='multipart/form-data',
+                    Authorization=f'Bearer {auth_token}',
+                ),
+            )
+
+            assert send_to_remote_inbox_mock.send.call_count == 3
+            calls = []
+            for workout in user_1.workouts:
+                workout_activity, _ = workout.get_activities()
+                calls.append(
+                    call(
+                        sender_id=user_1.actor.id,
+                        activity=workout_activity,
+                        recipients=[remote_user.actor.shared_inbox_url],
+                    )
+                )
+            send_to_remote_inbox_mock.send.assert_has_calls(
+                calls, any_order=True
+            )
+
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        file_path = os.path.join(
+            app_with_federation.root_path, 'tests/files/gpx_test.zip'
+        )
+        with open(file_path, 'rb') as zip_file:
+            client, auth_token = self.get_test_client_and_auth_token(
+                app_with_federation, user_1.email
+            )
+
+            client.post(
+                '/api/workouts',
+                data=dict(
+                    file=(zip_file, 'gpx_test.zip'),
+                    data=(
+                        f'{{"sport_id": 1, "map_visibility": '
+                        f'"{PrivacyLevel.PRIVATE.value}", '
+                        f'"workout_visibility": '
+                        f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                    ),
+                ),
+                headers=dict(
+                    content_type='multipart/form-data',
+                    Authorization=f'Bearer {auth_token}',
+                ),
+            )
+
+            assert send_to_remote_inbox_mock.send.call_count == 3
+            calls = []
+            for workout in user_1.workouts:
+                _, note_activity = workout.get_activities()
+                calls.append(
+                    call(
+                        sender_id=user_1.actor.id,
+                        activity=note_activity,
+                        recipients=[remote_user_2.actor.shared_inbox_url],
+                    )
+                )
+            send_to_remote_inbox_mock.send.assert_has_calls(
+                calls, any_order=True
+            )
diff --git a/fittrackee/tests/workouts/test_workouts_api_1_post.py b/fittrackee/tests/workouts/test_workouts_api_1_post.py
index 46a210a51..7d79df8bd 100644
--- a/fittrackee/tests/workouts/test_workouts_api_1_post.py
+++ b/fittrackee/tests/workouts/test_workouts_api_1_post.py
@@ -1393,9 +1393,6 @@ def test_it_adds_workouts_with_zip_archive(
     ) -> None:
         # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
         file_path = os.path.join(app.root_path, 'tests/files/gpx_test.zip')
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
         with open(file_path, 'rb') as zip_file:
             client, auth_token = self.get_test_client_and_auth_token(
                 app, user_1.email
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 50bca1e6b..b1d5f978a 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -37,4 +37,5 @@ def post_a_workout(
         ),
     )
     data = json.loads(response.data.decode())
+    print(data)
     return token, data['data']['workouts'][0]['id']
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 9e4c33001..ad371f844 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1019,6 +1019,37 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
             auth_user, workout_data, workout_file, folders
         )
         if len(new_workouts) > 0:
+            if current_app.config['federation_enabled']:
+                # TODO: handle massive imports
+                for new_workout in new_workouts:
+                    if new_workout.workout_visibility in (
+                        PrivacyLevel.PUBLIC,
+                        PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                    ):
+
+                        sender_id = new_workout.user.actor.id
+                        (
+                            workout_activity,
+                            note_activity,
+                        ) = new_workout.get_activities()
+                        recipients = (
+                            new_workout.user.get_followers_shared_inboxes()
+                        )
+
+                        # only workout data are sent (no map data)
+                        if recipients['fittrackee']:
+                            send_to_remote_inbox.send(
+                                sender_id=sender_id,
+                                activity=workout_activity,
+                                recipients=list(recipients['fittrackee']),
+                            )
+                        if recipients['others']:
+                            send_to_remote_inbox.send(
+                                sender_id=sender_id,
+                                activity=note_activity,
+                                recipients=list(recipients['others']),
+                            )
+
             response_object = {
                 'status': 'created',
                 'data': {

From bd42876f263a454f4f4f9301031d47e3cb633d7f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 20 Nov 2022 17:22:50 +0100
Subject: [PATCH 147/238] API - only send the last workouts when zip archive is
 imported

---
 .../workouts/test_workouts_api_post.py        | 48 +++++++++++++++++++
 .../workouts/test_utils/test_workouts.py      | 45 +++++++++++++++++
 fittrackee/workouts/utils/workouts.py         |  6 +++
 fittrackee/workouts/workouts.py               |  8 +++-
 4 files changed, 105 insertions(+), 2 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
index 9d96045ae..57e6698b9 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -490,3 +490,51 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             send_to_remote_inbox_mock.send.assert_has_calls(
                 calls, any_order=True
             )
+
+    def test_it_calls_sent_to_inbox_for_latest_workouts(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        file_path = os.path.join(
+            app_with_federation.root_path, 'tests/files/gpx_test.zip'
+        )
+        max_workouts_to_send = 2
+
+        with open(file_path, 'rb') as zip_file:
+            client, auth_token = self.get_test_client_and_auth_token(
+                app_with_federation, user_1.email
+            )
+
+            with patch(
+                'fittrackee.workouts.workouts.MAX_WORKOUTS_TO_SEND',
+                max_workouts_to_send,
+            ):
+                client.post(
+                    '/api/workouts',
+                    data=dict(
+                        file=(zip_file, 'gpx_test.zip'),
+                        data=(
+                            f'{{"sport_id": 1, "map_visibility": '
+                            f'"{PrivacyLevel.PRIVATE.value}", '
+                            f'"workout_visibility": '
+                            f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                        ),
+                    ),
+                    headers=dict(
+                        content_type='multipart/form-data',
+                        Authorization=f'Bearer {auth_token}',
+                    ),
+                )
+
+            assert (
+                send_to_remote_inbox_mock.send.call_count
+                == max_workouts_to_send
+            )
diff --git a/fittrackee/tests/workouts/test_utils/test_workouts.py b/fittrackee/tests/workouts/test_utils/test_workouts.py
index 7ae061ebf..182d7d845 100644
--- a/fittrackee/tests/workouts/test_utils/test_workouts.py
+++ b/fittrackee/tests/workouts/test_utils/test_workouts.py
@@ -12,6 +12,7 @@
 from fittrackee.workouts.utils.workouts import (
     create_segment,
     get_average_speed,
+    get_ordered_workouts,
     get_workout_datetime,
 )
 
@@ -148,3 +149,47 @@ def test_it_removes_microseconds(
         )
 
         assert segment.duration.microseconds == 0
+
+
+class TestGetOrderedWorkouts:
+    def test_it_returns_empty_list_when_no_workouts_provided(
+        self,
+        app: Flask,
+    ) -> None:
+        ordered_workouts = get_ordered_workouts([], limit=3)
+
+        assert ordered_workouts == []
+
+    def test_it_returns_last_workouts_depending_on_limit(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        seven_workouts_user_1: List[Workout],
+    ) -> None:
+        ordered_workouts = get_ordered_workouts(seven_workouts_user_1, limit=3)
+
+        assert ordered_workouts == [
+            seven_workouts_user_1[6],
+            seven_workouts_user_1[5],
+            seven_workouts_user_1[3],
+        ]
+
+    def test_it_returns_all_workouts_when_below_limit(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        ordered_workouts = get_ordered_workouts(
+            [workout_cycling_user_1, workout_running_user_1], limit=3
+        )
+
+        assert ordered_workouts == [
+            workout_running_user_1,
+            workout_cycling_user_1,
+        ]
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index a0363a4a1..740944ad5 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -477,3 +477,9 @@ def get_average_speed(
         / nb_workouts,
         2,
     )
+
+
+def get_ordered_workouts(workouts: List[Workout], limit: int) -> List[Workout]:
+    return sorted(
+        workouts, key=lambda workout: workout.workout_date, reverse=True
+    )[:limit]
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index ad371f844..466349d37 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -49,6 +49,7 @@
     edit_workout,
     get_absolute_file_path,
     get_datetime_from_request_args,
+    get_ordered_workouts,
     process_files,
 )
 
@@ -56,6 +57,7 @@
 
 DEFAULT_WORKOUTS_PER_PAGE = 5
 MAX_WORKOUTS_PER_PAGE = 100
+MAX_WORKOUTS_TO_SEND = 5
 
 
 @workouts_blueprint.route('/workouts', methods=['GET'])
@@ -1020,8 +1022,10 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
         )
         if len(new_workouts) > 0:
             if current_app.config['federation_enabled']:
-                # TODO: handle massive imports
-                for new_workout in new_workouts:
+                workouts_to_send = get_ordered_workouts(
+                    new_workouts, limit=MAX_WORKOUTS_TO_SEND
+                )
+                for new_workout in workouts_to_send:
                     if new_workout.workout_visibility in (
                         PrivacyLevel.PUBLIC,
                         PrivacyLevel.FOLLOWERS_AND_REMOTE,

From 0b8ec5b126cd3f04b25e08d4e55bf41f99b894ce Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 30 Nov 2022 20:07:39 +0100
Subject: [PATCH 148/238] API - update visibility utils with remote followers

---
 .../test_workouts_utils_visibility.py         | 209 ++++++++++++++++++
 fittrackee/workouts/utils/visibility.py       |  24 +-
 2 files changed, 225 insertions(+), 8 deletions(-)
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py

diff --git a/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py
new file mode 100644
index 000000000..ee88b044e
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py
@@ -0,0 +1,209 @@
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.utils.visibility import can_view_workout
+
+
+class TestFederationCanViewWorkout:
+    def test_workout_owner_can_view_his_workout(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+        assert can_view_workout(
+            workout_cycling_user_1, 'workout_visibility', user_1
+        ) == (True, 'owner')
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_remote_follower_can_not_view_workout_when_visibility_does_not_allow_it(  # noqa
+        self,
+        input_workout_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (False, 'remote_follower')
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_remote_follower_can_view_workout_when_visibility_allows_it(
+        self,
+        input_workout_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (True, 'remote_follower')
+
+    def test_local_follower_can_view_workout_when_follower_and_remote_only(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (True, 'follower')
+
+    def test_another_user_can_not_view_workout_when_follower_and_remote_only(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'workout_visibility', user_1
+        ) == (False, 'other')
+
+
+class TestFederationCanViewWorkoutMap:
+    def test_workout_owner_can_view_his_workout_map(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.map_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+        assert can_view_workout(
+            workout_cycling_user_1, 'map_visibility', user_1
+        ) == (True, 'owner')
+
+    @pytest.mark.parametrize(
+        'input_map_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_remote_follower_can_not_view_workout_map_when_visibility_does_not_allow_it(  # noqa
+        self,
+        input_map_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_2.map_visibility = input_map_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (False, 'remote_follower')
+
+    @pytest.mark.parametrize(
+        'input_map_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_remote_follower_can_view_workout_map_when_visibility_allows_it(
+        self,
+        input_map_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_2.map_visibility = input_map_visibility
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (True, 'remote_follower')
+
+    def test_local_follower_can_not_view_workout_map_when_follower_and_remote_only(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_2.map_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (True, 'follower')
+
+    def test_another_user_can_not_view_workout_map_when_follower_and_remote_only(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_2.map_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+        assert can_view_workout(
+            workout_cycling_user_2, 'map_visibility', user_1
+        ) == (False, 'other')
diff --git a/fittrackee/workouts/utils/visibility.py b/fittrackee/workouts/utils/visibility.py
index ba7a3903e..dff8b44b2 100644
--- a/fittrackee/workouts/utils/visibility.py
+++ b/fittrackee/workouts/utils/visibility.py
@@ -16,18 +16,19 @@ def can_view_workout(
     status:
     - owner: provided user is workout owner
     - follower: provided user follows workout owner
+    - remote_follower: provided user follows workout owner from remote instance
     - other: other cases (user does not follow workout owner,
       unauthenticated user (no user provided))
     """
     status = 'other'
     if user is not None:
-        status = (
-            'owner'
-            if workout.user_id == user.id
-            else 'follower'
-            if user in workout.user.followers
-            else 'other'
-        )
+        if workout.user_id == user.id:
+            status = 'owner'
+        if user in workout.user.followers:
+            status = (
+                'remote_follower' if workout.user.is_remote else 'follower'
+            )
+
     visibility = getattr(workout, visibility)
     if (
         visibility == PrivacyLevel.PUBLIC
@@ -36,7 +37,14 @@ def can_view_workout(
             workout.user_id == user.id
             or (
                 user in workout.user.followers
-                and visibility == PrivacyLevel.FOLLOWERS
+                and visibility
+                in [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE]
+                and status == 'follower'
+            )
+            or (
+                user in workout.user.followers
+                and visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+                and status == 'remote_follower'
             )
         )
     ):

From 074a185757710477680decd50c35c38dea15f7ed Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 30 Nov 2022 20:31:50 +0100
Subject: [PATCH 149/238] API - update Workout model with remote followers

---
 .../workouts/test_workouts_models.py          | 116 +++++++++++++++++-
 fittrackee/workouts/models.py                 |  25 +++-
 2 files changed, 134 insertions(+), 7 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 79e22e365..24656527a 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -2,13 +2,127 @@
 from flask import Flask
 
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.workouts.test_workouts_model import WorkoutModelTestCase
 from fittrackee.users.models import User
-from fittrackee.workouts.exceptions import PrivateWorkoutException
+from fittrackee.workouts.exceptions import (
+    PrivateWorkoutException,
+    WorkoutForbiddenException,
+)
 from fittrackee.workouts.models import Sport, Workout
 
+from ...utils import random_string
+
 DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
 
 
+class TestWorkoutModelAsRemoteFollower(WorkoutModelTestCase):
+    user_status = 'remote_follower'
+
+    def test_it_raises_exception_when_workout_visibility_is_private(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PRIVATE
+
+        with pytest.raises(WorkoutForbiddenException):
+            workout_cycling_user_1.serialize(user_status=self.user_status)
+
+    def test_it_raises_exception_when_workout_visibility_is_local_follower_only(  # noqa
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+
+        with pytest.raises(WorkoutForbiddenException):
+            workout_cycling_user_1.serialize(user_status=self.user_status)
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                PrivacyLevel.PUBLIC,
+            ),
+            (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_serializer_returns_map_related_data(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout = self.update_workout(
+            workout_cycling_user_1, map_id=random_string()
+        )
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] == workout.map
+        assert serialized_workout['bounds'] == workout.bounds
+        assert serialized_workout['with_gpx'] is True
+        assert serialized_workout['map_visibility'] == input_map_visibility
+        assert (
+            serialized_workout['workout_visibility']
+            == input_workout_visibility
+        )
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+        ],
+    )
+    def test_serializer_does_not_return_map_related_data(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize(user_status=self.user_status)
+
+        assert serialized_workout['map'] is None
+        assert serialized_workout['bounds'] == []
+        assert serialized_workout['with_gpx'] is False
+        assert serialized_workout['map_visibility'] == input_map_visibility
+        assert (
+            serialized_workout['workout_visibility']
+            == input_workout_visibility
+        )
+
+
 class TestWorkoutModelGetWorkoutActivity:
     def test_it_raises_error_if_visibility_is_private(
         self,
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 164805cd8..4ad5f8f1a 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -214,20 +214,33 @@ def _can_see_map_data(self, user_status: str) -> bool:
             user_status == 'owner'
             or self.calculated_map_visibility == PrivacyLevel.PUBLIC
             or (
-                self.calculated_map_visibility == PrivacyLevel.FOLLOWERS
+                self.calculated_map_visibility
+                in [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE]
                 and user_status == 'follower'
             )
+            or (
+                self.calculated_map_visibility
+                == PrivacyLevel.FOLLOWERS_AND_REMOTE
+                and user_status == 'remote_follower'
+            )
         )
 
     def serialize(
         self, user_status: str, params: Optional[Dict] = None
     ) -> Dict:
         if (
-            self.workout_visibility == PrivacyLevel.PRIVATE
-            and user_status != 'owner'
-        ) or (
-            self.workout_visibility != PrivacyLevel.PUBLIC
-            and user_status == 'other'
+            (
+                self.workout_visibility == PrivacyLevel.PRIVATE
+                and user_status != 'owner'
+            )
+            or (
+                self.workout_visibility == PrivacyLevel.FOLLOWERS
+                and user_status == 'remote_follower'
+            )
+            or (
+                self.workout_visibility != PrivacyLevel.PUBLIC
+                and user_status == 'other'
+            )
         ):
             raise WorkoutForbiddenException()
         can_see_map_data = self._can_see_map_data(user_status)

From 6f22274fc6fdf06948a7072a0f71efd84f5ff81e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 30 Nov 2022 20:48:24 +0100
Subject: [PATCH 150/238] API - update timeline api with remote followers

---
 .../federation/workouts/test_timeline_api.py  | 211 ++++++++++++++++++
 fittrackee/tests/workouts/utils.py            |   1 -
 fittrackee/workouts/timeline.py               |  21 +-
 3 files changed, 229 insertions(+), 4 deletions(-)
 create mode 100644 fittrackee/tests/federation/workouts/test_timeline_api.py

diff --git a/fittrackee/tests/federation/workouts/test_timeline_api.py b/fittrackee/tests/federation/workouts/test_timeline_api.py
new file mode 100644
index 000000000..0a0407590
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_timeline_api.py
@@ -0,0 +1,211 @@
+import json
+
+import pytest
+from flask import Flask
+from werkzeug.test import TestResponse
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ...mixins import ApiTestCaseMixin
+
+
+class TestFederationGetUserTimeline(ApiTestCaseMixin):
+    @staticmethod
+    def assert_no_workout_returned(response: TestResponse) -> None:
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 0
+
+    @staticmethod
+    def assert_workout_returned(
+        response: TestResponse, workout: Workout
+    ) -> None:
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert data['data']['workouts'][0]['id'] == workout.short_id
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            (
+                'workout visibility: followers_and_remote_only',
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_authenticated_user_workout(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_workout_returned(response, workout_cycling_user_1)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            (
+                'workout visibility: followers_and_remote_only',
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_followed_user_workout_when_visibility_allows_it(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_workout_returned(response, workout_cycling_user_2)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_visibility',
+        [
+            (
+                'workout visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('workout visibility: private', PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_does_return_workout_if_visibility_does_not_allow_it(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_no_workout_returned(response)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_map_visibility',
+        [
+            (
+                'map visibility: followers_only',
+                PrivacyLevel.FOLLOWERS,
+            ),
+            ('map visibility: private', PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_does_not_return_followed_user_workout_map_when_privacy_does_not_allow_it(  # noqa
+        self,
+        input_desc: str,
+        input_map_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_2.map_visibility = input_map_visibility
+        workout_cycling_user_2.map_id = self.random_string()
+        workout_cycling_user_2.map = self.random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['data']['workouts'][0]['map'] is None
+
+    @pytest.mark.parametrize(
+        'input_desc,input_visibility',
+        [
+            (
+                'workout and map visibility: followers_and_remote_only',
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            ('workout and map visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_returns_followed_user_workout_map_when_visibility_allows_it(
+        self,
+        input_desc: str,
+        input_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_visibility
+        workout_cycling_user_2.map_visibility = input_visibility
+        map_id = self.random_string()
+        workout_cycling_user_2.map_id = map_id
+        workout_cycling_user_2.map = self.random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            '/api/timeline',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['data']['workouts'][0]['map'] == map_id
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index b1d5f978a..50bca1e6b 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -37,5 +37,4 @@ def post_a_workout(
         ),
     )
     data = json.loads(response.data.decode())
-    print(data)
     return token, data['data']['workouts'][0]['id']
diff --git a/fittrackee/workouts/timeline.py b/fittrackee/workouts/timeline.py
index e2434de0d..f4041b303 100644
--- a/fittrackee/workouts/timeline.py
+++ b/fittrackee/workouts/timeline.py
@@ -22,15 +22,30 @@ def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
     try:
         params = request.args.copy()
         page = int(params.get('page', 1))
+        local_following_users_id = []
+        remote_following_users_id = []
+        for user in auth_user.following:
+            if user.is_remote is True:
+                remote_following_users_id.append(user.id)
+            else:
+                local_following_users_id.append(user.id)
         workouts_pagination = (
             Workout.query.filter(
                 or_(
                     Workout.user_id == auth_user.id,
                     and_(
-                        Workout.user_id.in_(
-                            [user.id for user in auth_user.following]
+                        Workout.user_id.in_(local_following_users_id),
+                        Workout.workout_visibility.in_(
+                            [
+                                PrivacyLevel.FOLLOWERS,
+                                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                            ]
                         ),
-                        Workout.workout_visibility == PrivacyLevel.FOLLOWERS,
+                    ),
+                    and_(
+                        Workout.user_id.in_(remote_following_users_id),
+                        Workout.workout_visibility
+                        == PrivacyLevel.FOLLOWERS_AND_REMOTE,
                     ),
                     Workout.workout_visibility == PrivacyLevel.PUBLIC,
                 )

From d2bfe58b35ad995e141c3b0d5cb63a3cf8e73de1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 1 Dec 2022 15:02:21 +0100
Subject: [PATCH 151/238] Client - add local and remote followers privacy level
 (WIP)

---
 .../User/ProfileDisplay/UserPreferences.vue   | 29 ++++++++++++--
 .../ProfileEdition/UserPreferencesEdition.vue | 34 +++++++++++++---
 .../WorkoutDetail/WorkoutVisibility.vue       | 31 +++++++++++++--
 .../src/components/Workout/WorkoutEdition.vue | 24 ++++++++++--
 fittrackee_client/src/locales/en/privacy.json |  2 +
 fittrackee_client/src/locales/fr/privacy.json |  2 +
 fittrackee_client/src/types/application.ts    |  1 +
 fittrackee_client/src/types/user.ts           |  6 ++-
 fittrackee_client/src/utils/privacy.ts        | 31 +++++++++++----
 .../tests/unit/utils/privacy.spec.ts          | 39 ++++++++++++++++++-
 10 files changed, 175 insertions(+), 24 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
index a584a33d1..becfef6cd 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserPreferences.vue
@@ -20,9 +20,27 @@
       <dt>{{ $t('user.PROFILE.ASCENT_DATA') }}:</dt>
       <dd>{{ $t(`common.${display_ascent}`) }}</dd>
       <dt>{{ $t('privacy.WORKOUTS_VISIBILITY') }}:</dt>
-      <dd>{{ $t(`privacy.LEVELS.${user.workouts_visibility}`) }}</dd>
+      <dd>
+        {{
+          $t(
+            `privacy.LEVELS.${getPrivacyLevelForLabel(
+              user.workouts_visibility,
+              appConfig.federation_enabled
+            )}`
+          )
+        }}
+      </dd>
       <dt>{{ $t('privacy.MAP_VISIBILITY') }}:</dt>
-      <dd>{{ $t(`privacy.LEVELS.${user.map_visibility}`) }}</dd>
+      <dd>
+        {{
+          $t(
+            `privacy.LEVELS.${getPrivacyLevelForLabel(
+              user.map_visibility,
+              appConfig.federation_enabled
+            )}`
+          )
+        }}
+      </dd>
     </dl>
     <div class="profile-buttons">
       <button @click="$router.push('/profile/edit/preferences')">
@@ -37,11 +55,12 @@
   import { ComputedRef, computed, toRefs } from 'vue'
 
   import { ROOT_STORE } from '@/store/constants'
+  import { TAppConfig } from '@/types/application'
   import { IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { getDateFormat } from '@/utils/dates'
   import { languageLabels } from '@/utils/locales'
-
+  import { getPrivacyLevelForLabel } from '@/utils/privacy'
   interface Props {
     user: IAuthUserProfile
   }
@@ -53,6 +72,10 @@
   const appLanguage: ComputedRef<string> = computed(
     () => store.getters[ROOT_STORE.GETTERS.LANGUAGE]
   )
+
+  const appConfig: ComputedRef<TAppConfig> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
+  )
   const userLanguage = computed(() =>
     props.user.language
       ? languageLabels[props.user.language]
diff --git a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
index 8931208d5..f81f64469 100644
--- a/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
+++ b/fittrackee_client/src/components/User/ProfileEdition/UserPreferencesEdition.vue
@@ -108,7 +108,14 @@
             @change="updateMapVisibility"
           >
             <option v-for="level in privacyLevels" :value="level" :key="level">
-              {{ $t(`privacy.LEVELS.${level}`) }}
+              {{
+                $t(
+                  `privacy.LEVELS.${getPrivacyLevelForLabel(
+                    level,
+                    appConfig.federation_enabled
+                  )}`
+                )
+              }}
             </option>
           </select>
         </label>
@@ -124,7 +131,14 @@
               :value="level"
               :key="level"
             >
-              {{ $t(`privacy.LEVELS.${level}`) }}
+              {{
+                $t(
+                  `privacy.LEVELS.${getPrivacyLevelForLabel(
+                    level,
+                    appConfig.federation_enabled
+                  )}`
+                )
+              }}
             </option>
           </select>
         </label>
@@ -149,14 +163,16 @@
 
   import TimezoneDropdown from '@/components/User/ProfileEdition/TimezoneDropdown.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
+  import { TAppConfig } from '@/types/application'
   import { IUserPreferencesPayload, IAuthUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { availableDateFormatOptions } from '@/utils/dates'
   import { availableLanguages } from '@/utils/locales'
   import {
-    privacyLevels,
-    getUpdatedMapVisibility,
+    getPrivacyLevels,
+    getPrivacyLevelForLabel,
     getMapVisibilityLevels,
+    getUpdatedMapVisibility,
   } from '@/utils/privacy'
 
   interface Props {
@@ -206,6 +222,9 @@
       value: false,
     },
   ]
+  const appConfig: ComputedRef<TAppConfig> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
+  )
   const loading = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.USER_LOADING]
   )
@@ -219,6 +238,9 @@
       userForm.language
     )
   )
+  const privacyLevels = computed(() =>
+    getPrivacyLevels(appConfig.value.federation_enabled)
+  )
   const mapPrivacyLevels = computed(() =>
     getMapVisibilityLevels(userForm.workouts_visibility)
   )
@@ -295,7 +317,9 @@
     }
 
     #language,
-    #date_format {
+    #date_format,
+    #map_visibility,
+    #workouts_visibility {
       padding: $default-padding * 0.5;
     }
   }
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
index b0131afbb..12eb9b811 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutVisibility.vue
@@ -11,7 +11,14 @@
         :title="$t(`privacy.LEVELS.${workoutObject.workoutVisibility}`)"
       />
       <span class="visibility-label">
-        ({{ $t(`privacy.LEVELS.${workoutObject.workoutVisibility}`) }})
+        ({{
+          $t(
+            `privacy.LEVELS.${getPrivacyLevelForLabel(
+              workoutObject.workoutVisibility,
+              appConfig.federation_enabled
+            )}`
+          )
+        }})
       </span>
       <span v-if="workoutObject.with_gpx">-</span>
     </div>
@@ -23,28 +30,44 @@
         :title="$t(`privacy.LEVELS.${workoutObject.mapVisibility}`)"
       />
       <span class="visibility-label">
-        ({{ $t(`privacy.LEVELS.${workoutObject.mapVisibility}`) }})
+        ({{
+          $t(
+            `privacy.LEVELS.${getPrivacyLevelForLabel(
+              workoutObject.mapVisibility,
+              appConfig.federation_enabled
+            )}`
+          )
+        }})
       </span>
     </div>
   </div>
 </template>
 
 <script setup lang="ts">
-  import { toRefs } from 'vue'
+  import { computed, ComputedRef, toRefs } from 'vue'
 
+  import { ROOT_STORE } from '@/store/constants'
+  import { TAppConfig } from '@/types/application'
   import { TPrivacyLevels } from '@/types/user'
   import { IWorkoutObject } from '@/types/workouts'
-
+  import { useStore } from '@/use/useStore'
+  import { getPrivacyLevelForLabel } from '@/utils/privacy'
   interface Props {
     workoutObject: IWorkoutObject
   }
   const props = defineProps<Props>()
   const { workoutObject } = toRefs(props)
 
+  const store = useStore()
+
+  const appConfig: ComputedRef<TAppConfig> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
+  )
   function getPrivacyIcon(privacyLevel: TPrivacyLevels): string {
     switch (privacyLevel) {
       case 'public':
         return 'globe'
+      case 'followers_and_remote_only':
       case 'followers_only':
         return 'users'
       default:
diff --git a/fittrackee_client/src/components/Workout/WorkoutEdition.vue b/fittrackee_client/src/components/Workout/WorkoutEdition.vue
index 05f87d90f..b1949a3c3 100644
--- a/fittrackee_client/src/components/Workout/WorkoutEdition.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutEdition.vue
@@ -213,7 +213,14 @@
                     :value="level"
                     :key="level"
                   >
-                    {{ $t(`privacy.LEVELS.${level}`) }}
+                    {{
+                      $t(
+                        `privacy.LEVELS.${getPrivacyLevelForLabel(
+                          level,
+                          appConfig.federation_enabled
+                        )}`
+                      )
+                    }}
                   </option>
                 </select>
               </div>
@@ -229,7 +236,14 @@
                     :value="level"
                     :key="level"
                   >
-                    {{ $t(`privacy.LEVELS.${level}`) }}
+                    {{
+                      $t(
+                        `privacy.LEVELS.${getPrivacyLevelForLabel(
+                          level,
+                          appConfig.federation_enabled
+                        )}`
+                      )
+                    }}
                   </option>
                 </select>
               </div>
@@ -287,9 +301,10 @@
   import { formatWorkoutDate, getDateWithTZ } from '@/utils/dates'
   import { getReadableFileSize } from '@/utils/files'
   import {
+    getPrivacyLevels,
+    getPrivacyLevelForLabel,
     getMapVisibilityLevels,
     getUpdatedMapVisibility,
-    privacyLevels,
   } from '@/utils/privacy'
   import { translateSports } from '@/utils/sports'
   import { convertDistance } from '@/utils/units'
@@ -323,6 +338,9 @@
   const appConfig: ComputedRef<TAppConfig> = computed(
     () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
   )
+  const privacyLevels = computed(() =>
+    getPrivacyLevels(appConfig.value.federation_enabled)
+  )
   const fileSizeLimit = appConfig.value.max_single_file_size
     ? getReadableFileSize(appConfig.value.max_single_file_size)
     : ''
diff --git a/fittrackee_client/src/locales/en/privacy.json b/fittrackee_client/src/locales/en/privacy.json
index fc4143b88..d90d75a92 100644
--- a/fittrackee_client/src/locales/en/privacy.json
+++ b/fittrackee_client/src/locales/en/privacy.json
@@ -2,6 +2,8 @@
   "LEVELS": {
     "private": "Private (only me)",
     "followers_only": "Followers only",
+    "local_followers_only": "Local followers only",
+    "followers_and_remote_only": "Local and remote followers only",
     "public": "Public (everyone)"
   },
   "MAP_VISIBILITY": "Map and analysis visibility",
diff --git a/fittrackee_client/src/locales/fr/privacy.json b/fittrackee_client/src/locales/fr/privacy.json
index 185a7d8c8..a2cb649c0 100644
--- a/fittrackee_client/src/locales/fr/privacy.json
+++ b/fittrackee_client/src/locales/fr/privacy.json
@@ -2,6 +2,8 @@
   "LEVELS": {
     "private": "Privé (seulement moi)",
     "followers_only": "Abonnées uniquement",
+    "followers_and_remote_only": "Abonnées locaux et distants uniquement",
+    "local_followers_only": "Abonnées locaux uniquement",
     "public": "Public (tout le monde)"
   },
   "MAP_VISIBILITY": "Visibilité de la carte et de l'analyse",
diff --git a/fittrackee_client/src/types/application.ts b/fittrackee_client/src/types/application.ts
index 6dc49a4a5..1978ad03a 100644
--- a/fittrackee_client/src/types/application.ts
+++ b/fittrackee_client/src/types/application.ts
@@ -8,6 +8,7 @@ export interface IAppStatistics {
 export type TAppConfig = {
   [key: string]: number | boolean | string
   admin_contact: string
+  federation_enabled: boolean
   gpx_limit_import: number
   is_email_sending_enabled: boolean
   is_registration_enabled: boolean
diff --git a/fittrackee_client/src/types/user.ts b/fittrackee_client/src/types/user.ts
index 056ffc825..1350bd0f0 100644
--- a/fittrackee_client/src/types/user.ts
+++ b/fittrackee_client/src/types/user.ts
@@ -3,7 +3,11 @@ import { LocationQueryValue } from 'vue-router'
 import { TPaginationPayload } from '@/types/api'
 import { IRecord } from '@/types/workouts'
 
-export type TPrivacyLevels = 'private' | 'followers_only' | 'public'
+export type TPrivacyLevels =
+  | 'private'
+  | 'followers_only'
+  | 'followers_and_remote_only'
+  | 'public'
 export type TRelationshipAction = 'follow' | 'unfollow'
 export type TRelationships = 'followers' | 'following'
 export type TFollowRequestAction = 'accept' | 'reject'
diff --git a/fittrackee_client/src/utils/privacy.ts b/fittrackee_client/src/utils/privacy.ts
index c085b9098..4df73b0aa 100644
--- a/fittrackee_client/src/utils/privacy.ts
+++ b/fittrackee_client/src/utils/privacy.ts
@@ -1,10 +1,22 @@
 import { TPrivacyLevels } from '@/types/user'
 
-export const privacyLevels: TPrivacyLevels[] = [
-  'private',
-  'followers_only',
-  'public',
-]
+export const getPrivacyLevels = (
+  federationEnabled: boolean
+): TPrivacyLevels[] => {
+  return federationEnabled
+    ? ['private', 'followers_only', 'followers_and_remote_only', 'public']
+    : ['private', 'followers_only', 'public']
+}
+
+export const getPrivacyLevelForLabel = (
+  privacyLevel: string,
+  federationEnabled: boolean
+): string => {
+  if (privacyLevel !== 'followers_only') {
+    return privacyLevel
+  }
+  return federationEnabled ? 'local_followers_only' : 'followers_only'
+}
 
 export const getUpdatedMapVisibility = (
   mapVisibility: TPrivacyLevels,
@@ -14,7 +26,10 @@ export const getUpdatedMapVisibility = (
   // for map visibility
   if (
     workoutVisibility === 'private' ||
-    (workoutVisibility === 'followers_only' && mapVisibility === 'public')
+    (workoutVisibility === 'followers_only' &&
+      ['followers_and_remote_only', 'public'].includes(mapVisibility)) ||
+    (workoutVisibility === 'followers_and_remote_only' &&
+      mapVisibility === 'public')
   ) {
     return workoutVisibility
   }
@@ -26,7 +41,9 @@ export const getMapVisibilityLevels = (
 ): TPrivacyLevels[] => {
   switch (workoutVisibility) {
     case 'public':
-      return privacyLevels
+      return ['private', 'followers_only', 'public']
+    case 'followers_and_remote_only':
+      return ['private', 'followers_only']
     case 'followers_only':
       return ['private', 'followers_only']
     case 'private':
diff --git a/fittrackee_client/tests/unit/utils/privacy.spec.ts b/fittrackee_client/tests/unit/utils/privacy.spec.ts
index 6757cf8c8..89cdfd77a 100644
--- a/fittrackee_client/tests/unit/utils/privacy.spec.ts
+++ b/fittrackee_client/tests/unit/utils/privacy.spec.ts
@@ -2,8 +2,9 @@ import { assert } from 'chai'
 
 import { TPrivacyLevels } from '@/types/user'
 import {
-  getUpdatedMapVisibility,
   getMapVisibilityLevels,
+  getPrivacyLevelForLabel,
+  getUpdatedMapVisibility,
 } from '@/utils/privacy'
 
 describe('getUpdatedMapVisibility', () => {
@@ -11,12 +12,23 @@ describe('getUpdatedMapVisibility', () => {
     // input map visibility, input workout visibility, excepted map visibility
     ['private', 'private', 'private'],
     ['private', 'followers_only', 'private'],
+    ['private', 'followers_and_remote_only', 'private'],
     ['private', 'public', 'private'],
     ['followers_only', 'private', 'private'],
     ['followers_only', 'followers_only', 'followers_only'],
+    ['followers_only', 'followers_and_remote_only', 'followers_only'],
     ['followers_only', 'public', 'followers_only'],
+    ['followers_and_remote_only', 'private', 'private'],
+    ['followers_and_remote_only', 'followers_only', 'followers_only'],
+    [
+      'followers_and_remote_only',
+      'followers_and_remote_only',
+      'followers_and_remote_only',
+    ],
+    ['followers_and_remote_only', 'public', 'followers_and_remote_only'],
     ['public', 'private', 'private'],
     ['public', 'followers_only', 'followers_only'],
+    ['public', 'followers_and_remote_only', 'followers_and_remote_only'],
     ['public', 'public', 'public'],
   ]
 
@@ -30,10 +42,35 @@ describe('getUpdatedMapVisibility', () => {
   })
 })
 
+describe('getPrivacyLevelForLabel', () => {
+  const testsParams: [string, boolean, string][] = [
+    ['private', true, 'private'],
+    ['followers_only', true, 'local_followers_only'],
+    ['followers_and_remote_only', true, 'followers_and_remote_only'],
+    ['private', true, 'private'],
+    ['private', false, 'private'],
+    ['followers_only', false, 'followers_only'],
+    ['followers_and_remote_only', false, 'followers_and_remote_only'],
+    ['private', false, 'private'],
+  ]
+
+  testsParams.map((testParams) => {
+    it(`get privacy level label for ${testParams[0]} and federation ${
+      testParams[1] ? 'enabled' : ' disabled'
+    }`, () => {
+      assert.equal(
+        getPrivacyLevelForLabel(testParams[0], testParams[1]),
+        testParams[2]
+      )
+    })
+  })
+})
+
 describe('getMapVisibilityLevels', () => {
   const testsParams: [TPrivacyLevels, TPrivacyLevels[]][] = [
     ['private', ['private']],
     ['followers_only', ['private', 'followers_only']],
+    ['followers_and_remote_only', ['private', 'followers_only']],
     ['public', ['private', 'followers_only', 'public']],
   ]
 

From 350ea1f579250fb84e683e36fa8634545b78a17c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 1 Dec 2022 15:19:38 +0100
Subject: [PATCH 152/238] API - segments are not returned when user can not see
 map data

---
 .../tests/federation/workouts/test_workouts_models.py     | 8 +++++++-
 fittrackee/tests/workouts/test_workouts_model.py          | 4 ++++
 fittrackee/workouts/models.py                             | 6 +++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 24656527a..02dd55a7c 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -8,7 +8,7 @@
     PrivateWorkoutException,
     WorkoutForbiddenException,
 )
-from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
 
 from ...utils import random_string
 
@@ -67,6 +67,7 @@ def test_serializer_returns_map_related_data(
         sport_1_cycling: Sport,
         user_1: User,
         workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
@@ -84,6 +85,9 @@ def test_serializer_returns_map_related_data(
             serialized_workout['workout_visibility']
             == input_workout_visibility
         )
+        assert serialized_workout['segments'] == [
+            workout_cycling_user_1_segment.serialize()
+        ]
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -106,6 +110,7 @@ def test_serializer_does_not_return_map_related_data(
         sport_1_cycling: Sport,
         user_1: User,
         workout_cycling_user_1: Workout,
+        workout_cycling_user_1_segment: WorkoutSegment,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
@@ -121,6 +126,7 @@ def test_serializer_does_not_return_map_related_data(
             serialized_workout['workout_visibility']
             == input_workout_visibility
         )
+        assert serialized_workout['segments'] == []
 
 
 class TestWorkoutModelGetWorkoutActivity:
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 36287467d..da03a2aa3 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -357,6 +357,7 @@ def test_serializer_returns_map_related_data(
             serialized_workout['workout_visibility']
             == input_workout_visibility
         )
+        assert serialized_workout['segments'] == []
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -394,6 +395,7 @@ def test_serializer_does_not_return_map_related_data(
             serialized_workout['workout_visibility']
             == input_workout_visibility
         )
+        assert serialized_workout['segments'] == []
 
     def test_serializer_does_not_return_next_workout(
         self,
@@ -487,6 +489,7 @@ def test_serializer_returns_map_related_data_when_visibility_is_public(
         assert serialized_workout['with_gpx'] is True
         assert serialized_workout['map_visibility'] == PrivacyLevel.PUBLIC
         assert serialized_workout['workout_visibility'] == PrivacyLevel.PUBLIC
+        assert serialized_workout['segments'] == []
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -524,6 +527,7 @@ def test_serializer_does_not_return_map_related_data(
             serialized_workout['workout_visibility']
             == input_workout_visibility
         )
+        assert serialized_workout['segments'] == []
 
     def test_serializer_does_not_return_next_workout(
         self,
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 4ad5f8f1a..47eb5ee62 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -367,7 +367,11 @@ def serialize(
             if previous_workout
             else None,  # noqa
             'next_workout': next_workout.short_id if next_workout else None,
-            'segments': [segment.serialize() for segment in self.segments],
+            'segments': (
+                [segment.serialize() for segment in self.segments]
+                if can_see_map_data
+                else []
+            ),
             'records': [record.serialize() for record in self.records],
             'map': self.map_id if self.map and can_see_map_data else None,
             'map_visibility': self.calculated_map_visibility.value,

From b232de0bba94cdf498b7b22ba6dfde7253145391 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 2 Dec 2022 09:38:55 +0100
Subject: [PATCH 153/238] API - minor refacto

---
 fittrackee/federation/utils/__init__.py |  9 +++
 fittrackee/workouts/workouts.py         | 77 +++++++++----------------
 2 files changed, 36 insertions(+), 50 deletions(-)

diff --git a/fittrackee/federation/utils/__init__.py b/fittrackee/federation/utils/__init__.py
index de84352da..2be9ef5ad 100644
--- a/fittrackee/federation/utils/__init__.py
+++ b/fittrackee/federation/utils/__init__.py
@@ -8,6 +8,8 @@
 from Crypto.PublicKey import RSA  # nosec B413
 from flask import current_app
 
+from fittrackee.privacy_levels import PrivacyLevel
+
 from ..enums import ActivityType
 
 
@@ -56,3 +58,10 @@ def is_invalid_activity_data(activity_data: Dict) -> bool:
         or 'object' not in activity_data
         or activity_data['type'] not in [a.value for a in ActivityType]
     )
+
+
+def sending_activities_allowed(visibility: PrivacyLevel) -> bool:
+    return current_app.config['federation_enabled'] and visibility in (
+        PrivacyLevel.PUBLIC,
+        PrivacyLevel.FOLLOWERS_AND_REMOTE,
+    )
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 11faa101a..1365c2c28 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -18,6 +18,7 @@
 
 from fittrackee import appLog, db, limiter
 from fittrackee.federation.tasks.inbox import send_to_remote_inbox
+from fittrackee.federation.utils import sending_activities_allowed
 from fittrackee.oauth2.server import require_auth
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.responses import (
@@ -60,6 +61,26 @@
 MAX_WORKOUTS_TO_SEND = 5
 
 
+def handle_workout_activities(workout: Workout) -> None:
+    sender_id = workout.user.actor.id
+    workout_activity, note_activity = workout.get_activities()
+    recipients = workout.user.get_followers_shared_inboxes()
+
+    # only workout data are sent (no map data)
+    if recipients['fittrackee']:
+        send_to_remote_inbox.send(
+            sender_id=sender_id,
+            activity=workout_activity,
+            recipients=list(recipients['fittrackee']),
+        )
+    if recipients['others']:
+        send_to_remote_inbox.send(
+            sender_id=sender_id,
+            activity=note_activity,
+            recipients=list(recipients['others']),
+        )
+
+
 @workouts_blueprint.route('/workouts', methods=['GET'])
 @require_auth(scopes=['workouts:read'])
 def get_workouts(auth_user: User) -> Union[Dict, HttpResponse]:
@@ -1022,38 +1043,14 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
             auth_user, workout_data, workout_file, folders
         )
         if len(new_workouts) > 0:
-            if current_app.config['federation_enabled']:
+            if sending_activities_allowed(
+                workout_data.get('workout_visibility')
+            ):
                 workouts_to_send = get_ordered_workouts(
                     new_workouts, limit=MAX_WORKOUTS_TO_SEND
                 )
                 for new_workout in workouts_to_send:
-                    if new_workout.workout_visibility in (
-                        PrivacyLevel.PUBLIC,
-                        PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                    ):
-
-                        sender_id = new_workout.user.actor.id
-                        (
-                            workout_activity,
-                            note_activity,
-                        ) = new_workout.get_activities()
-                        recipients = (
-                            new_workout.user.get_followers_shared_inboxes()
-                        )
-
-                        # only workout data are sent (no map data)
-                        if recipients['fittrackee']:
-                            send_to_remote_inbox.send(
-                                sender_id=sender_id,
-                                activity=workout_activity,
-                                recipients=list(recipients['fittrackee']),
-                            )
-                        if recipients['others']:
-                            send_to_remote_inbox.send(
-                                sender_id=sender_id,
-                                activity=note_activity,
-                                recipients=list(recipients['others']),
-                            )
+                    handle_workout_activities(new_workout)
 
             response_object = {
                 'status': 'created',
@@ -1218,28 +1215,8 @@ def post_workout_no_gpx(
         db.session.add(new_workout)
         db.session.commit()
 
-        if current_app.config[
-            'federation_enabled'
-        ] and new_workout.workout_visibility in (
-            PrivacyLevel.PUBLIC,
-            PrivacyLevel.FOLLOWERS_AND_REMOTE,
-        ):
-            sender_id = new_workout.user.actor.id
-            workout_activity, note_activity = new_workout.get_activities()
-            recipients = new_workout.user.get_followers_shared_inboxes()
-
-            if recipients['fittrackee']:
-                send_to_remote_inbox.send(
-                    sender_id=sender_id,
-                    activity=workout_activity,
-                    recipients=list(recipients['fittrackee']),
-                )
-            if recipients['others']:
-                send_to_remote_inbox.send(
-                    sender_id=sender_id,
-                    activity=note_activity,
-                    recipients=list(recipients['others']),
-                )
+        if sending_activities_allowed(new_workout.workout_visibility):
+            handle_workout_activities(new_workout)
 
         return (
             {

From b709f02ce49d89710e4d4a63f409d6936a1a9d85 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 2 Dec 2022 10:50:20 +0100
Subject: [PATCH 154/238] API - rename activity object method

---
 fittrackee/federation/objects/base_object.py              | 2 +-
 fittrackee/federation/objects/follow_request.py           | 2 +-
 fittrackee/federation/objects/workout.py                  | 2 +-
 .../federation/test_federation_objects_follow_request.py  | 8 ++++----
 .../federation/test_federation_objects_workout.py         | 8 ++++----
 fittrackee/users/models.py                                | 2 +-
 fittrackee/workouts/models.py                             | 2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index 0ad9c82bd..a93d6b188 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -12,5 +12,5 @@ class BaseObject(ABC):
     actor: 'Actor'
 
     @abstractmethod
-    def serialize(self) -> Dict:
+    def get_activity(self) -> Dict:
         pass
diff --git a/fittrackee/federation/objects/follow_request.py b/fittrackee/federation/objects/follow_request.py
index 2f153c9f3..2249a2fa2 100644
--- a/fittrackee/federation/objects/follow_request.py
+++ b/fittrackee/federation/objects/follow_request.py
@@ -47,7 +47,7 @@ def _get_follow_activity(self) -> Dict:
             'object': self.to_actor.activitypub_id,
         }
 
-    def serialize(self) -> Dict:
+    def get_activity(self) -> Dict:
         if self.type == ActivityType.FOLLOW:
             activity = self._get_follow_activity()
         else:
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index e5c1c59a1..d791acbad 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -71,7 +71,7 @@ def _update_activity_recipients(self, activity: Dict) -> Dict:
             activity['object']['cc'] = []
         return activity
 
-    def serialize(self, is_note: bool = False) -> Dict:
+    def get_activity(self, is_note: bool = False) -> Dict:
         activity = self.activity_dict.copy()
         # for non-FitTrackee instances (like Mastodon)
         if is_note:
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py b/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
index 1b38cbd85..6f2021d35 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
@@ -19,7 +19,7 @@ def test_it_generates_follow_activity(
             activity_type=ActivityType.FOLLOW,
         )
 
-        serialized_follow_request = follow_request.serialize()
+        serialized_follow_request = follow_request.get_activity()
 
         assert serialized_follow_request == {
             '@context': AP_CTX,
@@ -44,7 +44,7 @@ def test_it_generates_accept_activity(
             activity_type=ActivityType.ACCEPT,
         )
 
-        serialized_follow_request = follow_request.serialize()
+        serialized_follow_request = follow_request.get_activity()
 
         assert serialized_follow_request == {
             '@context': AP_CTX,
@@ -77,7 +77,7 @@ def test_it_generates_reject_activity(
             activity_type=ActivityType.REJECT,
         )
 
-        serialized_follow_request = follow_request.serialize()
+        serialized_follow_request = follow_request.get_activity()
 
         assert serialized_follow_request == {
             '@context': AP_CTX,
@@ -110,7 +110,7 @@ def test_it_generates_undo_activity(
             activity_type=ActivityType.UNDO,
         )
 
-        serialized_follow_request = follow_request.serialize()
+        serialized_follow_request = follow_request.get_activity()
 
         assert serialized_follow_request == {
             '@context': AP_CTX,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index 6d4fca384..f07bf13de 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -47,7 +47,7 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
 
-        serialized_workout = workout.serialize()
+        serialized_workout = workout.get_activity()
 
         assert serialized_workout == {
             '@context': AP_CTX,
@@ -99,7 +99,7 @@ def test_it_generates_create_activity_when_visibility_is_public(
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
 
-        serialized_workout = workout.serialize()
+        serialized_workout = workout.get_activity()
 
         assert serialized_workout == {
             '@context': AP_CTX,
@@ -172,7 +172,7 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
         workout = WorkoutObject(workout_cycling_user_1)
         expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
-        serialized_workout_note = workout.serialize(is_note=True)
+        serialized_workout_note = workout.get_activity(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
@@ -215,7 +215,7 @@ def test_it_returns_note_activity_when_visibility_is_public(
         workout = WorkoutObject(workout_cycling_user_1)
         expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
-        serialized_workout_note = workout.serialize(is_note=True)
+        serialized_workout_note = workout.get_activity(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index ab9324fa7..cbe55478e 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -81,7 +81,7 @@ def get_activity(self, undo: bool = False) -> Dict:
             to_actor=self.to_user.actor,
             activity_type=self._get_activity_type(undo),
         )
-        return follow_request_object.serialize()
+        return follow_request_object.get_activity()
 
 
 class User(BaseModel):
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 47eb5ee62..90270da1d 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -425,7 +425,7 @@ def get_activities(self) -> Tuple[Dict, Dict]:
             raise PrivateWorkoutException()
 
         workout_object = WorkoutObject(self)
-        return workout_object.serialize(), workout_object.serialize(
+        return workout_object.get_activity(), workout_object.get_activity(
             is_note=True
         )
 

From 2b9f3380b62cd3deba9fbc90dd22b2d26b9ac43b Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 2 Dec 2022 12:25:49 +0100
Subject: [PATCH 155/238] API - update Create activity for workout

---
 fittrackee/federation/objects/exceptions.py   |  2 ++
 fittrackee/federation/objects/workout.py      | 11 ++++--
 .../test_federation_objects_workout.py        | 34 ++++++++++---------
 .../workouts/test_workouts_models.py          | 22 ++++++------
 fittrackee/workouts/exceptions.py             |  4 ---
 fittrackee/workouts/models.py                 |  5 +--
 6 files changed, 40 insertions(+), 38 deletions(-)
 create mode 100644 fittrackee/federation/objects/exceptions.py

diff --git a/fittrackee/federation/objects/exceptions.py b/fittrackee/federation/objects/exceptions.py
new file mode 100644
index 000000000..c36245ef2
--- /dev/null
+++ b/fittrackee/federation/objects/exceptions.py
@@ -0,0 +1,2 @@
+class InvalidVisibilityException(Exception):
+    ...
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index d791acbad..bd55ae701 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -2,12 +2,12 @@
 
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
-from fittrackee.workouts.exceptions import PrivateWorkoutException
 
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from ..enums import ActivityType
 from ..exceptions import InvalidWorkoutException
 from .base_object import BaseObject
+from .exceptions import InvalidVisibilityException
 from .templates.workout_note import WORKOUT_NOTE
 
 if TYPE_CHECKING:
@@ -18,8 +18,13 @@ class WorkoutObject(BaseObject):
     workout: 'Workout'
 
     def __init__(self, workout: 'Workout') -> None:
-        if workout.workout_visibility == PrivacyLevel.PRIVATE:
-            raise PrivateWorkoutException()
+        if workout.workout_visibility in [
+            PrivacyLevel.PRIVATE,
+            PrivacyLevel.FOLLOWERS,
+        ]:
+            raise InvalidVisibilityException(
+                f"object visibility is: '{workout.workout_visibility.value}'"
+            )
         self.workout = workout
         self.type = ActivityType.CREATE
         self.actor = self.workout.user.actor
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index f07bf13de..b0025e8b5 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -5,6 +5,7 @@
 
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.federation.exceptions import InvalidWorkoutException
+from fittrackee.federation.objects.exceptions import InvalidVisibilityException
 from fittrackee.federation.objects.workout import (
     WorkoutObject,
     convert_duration_string_to_seconds,
@@ -14,7 +15,6 @@
 from fittrackee.tests.mixins import RandomMixin
 from fittrackee.users.models import User
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
-from fittrackee.workouts.exceptions import PrivateWorkoutException
 from fittrackee.workouts.models import Sport, Workout
 
 
@@ -25,17 +25,25 @@ def expected_url(user: User, workout: Workout) -> str:
 
 
 class TestWorkoutObject(WorkoutObjectTestCase):
-    def test_it_raises_error_when_visibility_is_private(
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_when_visibility_is_invalid(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
     ) -> None:
-        with pytest.raises(PrivateWorkoutException):
+        workout_cycling_user_1.workout_visibility = input_visibility
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=f"object visibility is: '{input_visibility.value}'",
+        ):
             WorkoutObject(workout_cycling_user_1)
 
-    def test_it_generates_create_activity_when_visibility_is_followers_only(
+    def test_it_generates_create_activity_when_visibility_is_followers_and_remote_only(  # noqa
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -43,7 +51,9 @@ def test_it_generates_create_activity_when_visibility_is_followers_only(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
-        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
 
@@ -149,16 +159,6 @@ def expected_workout_note(workout: Workout, expected_url: str) -> str:
 Duration: {workout.duration}</p>
 """
 
-    def test_it_raises_error_if_visibility_is_private(
-        self,
-        app_with_federation: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        with pytest.raises(PrivateWorkoutException):
-            WorkoutObject(workout_cycling_user_1)
-
     def test_it_returns_note_activity_when_visibility_is_followers_only(
         self,
         app_with_federation: Flask,
@@ -167,7 +167,9 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
-        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1)
         expected_url = self.expected_url(user_1, workout_cycling_user_1)
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 02dd55a7c..5cbd5a7db 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -1,13 +1,11 @@
 import pytest
 from flask import Flask
 
+from fittrackee.federation.objects.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.test_workouts_model import WorkoutModelTestCase
 from fittrackee.users.models import User
-from fittrackee.workouts.exceptions import (
-    PrivateWorkoutException,
-    WorkoutForbiddenException,
-)
+from fittrackee.workouts.exceptions import WorkoutForbiddenException
 from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
 
 from ...utils import random_string
@@ -130,22 +128,24 @@ def test_serializer_does_not_return_map_related_data(
 
 
 class TestWorkoutModelGetWorkoutActivity:
-    def test_it_raises_error_if_visibility_is_private(
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_if_visibility_is_invalid(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
     ) -> None:
-        with pytest.raises(PrivateWorkoutException):
+        workout_cycling_user_1.workout_visibility = input_visibility
+        with pytest.raises(InvalidVisibilityException):
             workout_cycling_user_1.get_activities()
 
     @pytest.mark.parametrize(
         'workout_visibility',
-        [
-            PrivacyLevel.FOLLOWERS,
-            PrivacyLevel.PUBLIC,
-        ],
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
     )
     def test_it_returns_activities_when_visibility_is_not_private(
         self,
@@ -155,7 +155,7 @@ def test_it_returns_activities_when_visibility_is_not_private(
         workout_cycling_user_1: Workout,
         workout_visibility: PrivacyLevel,
     ) -> None:
-        workout_cycling_user_1.workout_visibility = workout_visibility.value
+        workout_cycling_user_1.workout_visibility = workout_visibility
 
         workout, note = workout_cycling_user_1.get_activities()
 
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index c9255eaea..e3b220375 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -1,10 +1,6 @@
 from fittrackee.exceptions import GenericException
 
 
-class PrivateWorkoutException(Exception):
-    ...
-
-
 class SportNotFoundException(Exception):
     ...
 
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 90270da1d..904d97896 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -17,7 +17,7 @@
 from fittrackee.files import get_absolute_file_path
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 
-from .exceptions import PrivateWorkoutException, WorkoutForbiddenException
+from .exceptions import WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
 from .utils.short_id import encode_uuid
 
@@ -421,9 +421,6 @@ def get_user_workout_records(
 
     @federation_required
     def get_activities(self) -> Tuple[Dict, Dict]:
-        if self.workout_visibility == PrivacyLevel.PRIVATE:
-            raise PrivateWorkoutException()
-
         workout_object = WorkoutObject(self)
         return workout_object.get_activity(), workout_object.get_activity(
             is_note=True

From 63a5c79a2ad1a0020dcca0fd7b26529624424f72 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 21 Dec 2022 17:43:29 +0100
Subject: [PATCH 156/238] API - fix migration

---
 ...d8_init_federation.py => 30_8842c351a2d8_init_federation.py} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename fittrackee/migrations/versions/{29_8842c351a2d8_init_federation.py => 30_8842c351a2d8_init_federation.py} (99%)

diff --git a/fittrackee/migrations/versions/29_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
similarity index 99%
rename from fittrackee/migrations/versions/29_8842c351a2d8_init_federation.py
rename to fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
index e0719955e..84bbbc5d3 100644
--- a/fittrackee/migrations/versions/29_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
@@ -19,7 +19,7 @@
 
 # revision identifiers, used by Alembic.
 revision = '8842c351a2d8'
-down_revision = 'a8cc0adfe1d3'
+down_revision = '0f375c44e659'
 branch_labels = None
 depends_on = None
 

From 95d6e0d4d8716a340ffc4446e008064b47e57070 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 21 Dec 2022 19:56:28 +0100
Subject: [PATCH 157/238] API - add remote object id in workout model

---
 .../versions/30_8842c351a2d8_init_federation.py   | 15 ++++++++++-----
 .../test_federation_activities_activities.py      |  1 +
 fittrackee/workouts/models.py                     |  4 +++-
 fittrackee/workouts/utils/workouts.py             |  1 +
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
index 84bbbc5d3..6bf357ed5 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
@@ -229,10 +229,6 @@ def upgrade():
         sa.PrimaryKeyConstraint('follower_user_id', 'followed_user_id'),
     )
 
-    op.add_column(
-        'workouts',
-        sa.Column('remote_url', sa.String(length=255), nullable=True)
-    )
     op.add_column(
         'workouts',
         sa.Column(
@@ -251,6 +247,14 @@ def upgrade():
             nullable=True
         )
     )
+    op.add_column(
+        'workouts',
+        sa.Column('ap_id', sa.Text(), nullable=True)
+    )
+    op.add_column(
+        'workouts',
+        sa.Column('remote_url', sa.Text(), nullable=True)
+    )
     op.execute(
         "UPDATE workouts "
         "SET workout_visibility = 'PRIVATE', "
@@ -261,9 +265,10 @@ def upgrade():
 
 
 def downgrade():
+    op.drop_column('workouts', 'remote_url')
+    op.drop_column('workouts', 'ap_id')
     op.drop_column('workouts', 'map_visibility')
     op.drop_column('workouts', 'workout_visibility')
-    op.drop_column('workouts', 'remote_url')
 
     op.drop_table('follow_requests')
 
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index e251a950b..532fc64a9 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -600,6 +600,7 @@ def test_it_creates_remote_workout_without_gpx(
         remote_workout = Workout.query.filter_by(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
         ).first()
+        assert remote_workout.ap_id == workout_activity['object']['id']
         assert remote_workout.remote_url == workout_activity['object']['url']
         assert (
             remote_workout.distance == workout_activity['object']['distance']
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index d51f1324a..782858f2e 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -160,7 +160,6 @@ class Workout(BaseModel):
     weather_start = db.Column(JSON, nullable=True)
     weather_end = db.Column(JSON, nullable=True)
     notes = db.Column(db.String(500), nullable=True)
-    remote_url = db.Column(db.String(255), nullable=True)
     workout_visibility = db.Column(
         Enum(PrivacyLevel, name='privacy_levels'),
         server_default='PRIVATE',
@@ -171,6 +170,9 @@ class Workout(BaseModel):
         server_default='PRIVATE',
         nullable=False,
     )
+    ap_id = db.Column(db.Text(), nullable=True)
+    remote_url = db.Column(db.Text(), nullable=True)
+
     segments = db.relationship(
         'WorkoutSegment',
         lazy=True,
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index e55a9b793..bbfb69072 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -137,6 +137,7 @@ def create_workout(
         duration=duration,
     )
     new_workout.notes = workout_data.get('notes')
+    new_workout.ap_id = workout_data.get('id')
     new_workout.remote_url = workout_data.get('url')
     new_workout.workout_visibility = PrivacyLevel(
         workout_data.get('workout_visibility', user.workouts_visibility.value)

From 7b1a91aa4df46f08f67eb55d77f34c9b445bcb7d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 21 Dec 2022 20:57:38 +0100
Subject: [PATCH 158/238] API - init Delete activity for workouts (WIP)

---
 fittrackee/federation/activities/__init__.py  |   2 +
 .../federation/activities/activities.py       |  25 +++-
 fittrackee/federation/enums.py                |   1 +
 fittrackee/federation/exceptions.py           |   8 ++
 fittrackee/federation/objects/tombstone.py    |  56 +++++++++
 .../test_federation_activities_activities.py  |  89 ++++++++++++-
 .../test_federation_objects_tombstone.py      |  93 ++++++++++++++
 .../workouts/test_workouts_api_delete.py      | 118 ++++++++++++++++++
 .../workouts/test_workouts_api_post.py        |  24 +++-
 .../workouts/test_workouts_models.py          |  60 +++++++--
 .../tests/fixtures/fixtures_workouts.py       |  24 ++++
 .../tests/workouts/test_workouts_model.py     |   2 +-
 fittrackee/workouts/models.py                 |  17 ++-
 fittrackee/workouts/workouts.py               |  16 ++-
 14 files changed, 507 insertions(+), 28 deletions(-)
 create mode 100644 fittrackee/federation/objects/tombstone.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_api_delete.py

diff --git a/fittrackee/federation/activities/__init__.py b/fittrackee/federation/activities/__init__.py
index 1f464b326..57c696ec1 100644
--- a/fittrackee/federation/activities/__init__.py
+++ b/fittrackee/federation/activities/__init__.py
@@ -1,6 +1,7 @@
 from .activities import (
     AcceptActivity,
     CreateActivity,
+    DeleteActivity,
     FollowActivity,
     RejectActivity,
     UndoActivity,
@@ -9,6 +10,7 @@
 __all__ = [
     'AcceptActivity',
     'CreateActivity',
+    'DeleteActivity',
     'FollowActivity',
     'RejectActivity',
     'UndoActivity',
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index ca44ab9a8..4635aabae 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -2,7 +2,10 @@
 from typing import Dict, Tuple
 
 from fittrackee import appLog, db
-from fittrackee.federation.exceptions import ActorNotFoundException
+from fittrackee.federation.exceptions import (
+    ActorNotFoundException,
+    ObjectNotFoundException,
+)
 from fittrackee.federation.models import Actor
 from fittrackee.federation.utils.user import (
     create_remote_user,
@@ -14,7 +17,7 @@
     NotExistingFollowRequestError,
 )
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport
+from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.workouts import create_workout
 
 from ..objects.workout import convert_workout_activity
@@ -170,3 +173,21 @@ def process_activity(self) -> None:
         actor = self.get_actor()
         if self.activity['object']['type'] == 'Workout':
             self.create_remote_workout(actor=actor)
+
+
+class DeleteActivity(AbstractActivity):
+    def delete_remote_workout(self, actor: Actor) -> None:
+        workout_ap_id = self.activity['object']['id']
+        workout_to_delete = Workout.query.filter_by(
+            ap_id=workout_ap_id
+        ).first()
+        if not workout_to_delete:
+            raise ObjectNotFoundException('workout', self.activity_name())
+
+        db.session.delete(workout_to_delete)
+        db.session.commit()
+
+    def process_activity(self) -> None:
+        actor = self.get_actor()
+        if 'workout' in self.activity['id']:
+            self.delete_remote_workout(actor)
diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index a544b1cad..387f24d0b 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -4,6 +4,7 @@
 class ActivityType(Enum):
     ACCEPT = 'Accept'
     CREATE = 'Create'
+    DELETE = 'Delete'
     FOLLOW = 'Follow'
     REJECT = 'Reject'
     UNDO = 'Undo'
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index 52f8b2d13..dfda2a5f2 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -74,3 +74,11 @@ def __init__(self, activity_type: str) -> None:
             status='error',
             message=f"Unsupported activity '{activity_type}'.",
         )
+
+
+class ObjectNotFoundException(GenericException):
+    def __init__(self, object_type: str, activity_type: str) -> None:
+        super().__init__(
+            status='error',
+            message=f"{object_type} not found for {activity_type}.",
+        )
diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
new file mode 100644
index 000000000..20571f406
--- /dev/null
+++ b/fittrackee/federation/objects/tombstone.py
@@ -0,0 +1,56 @@
+from typing import TYPE_CHECKING, Dict
+
+from fittrackee.privacy_levels import PrivacyLevel
+
+from ..constants import AP_CTX, PUBLIC_STREAM
+from ..enums import ActivityType
+from .base_object import BaseObject
+from .exceptions import InvalidVisibilityException
+
+if TYPE_CHECKING:
+    from fittrackee.workouts.models import Workout
+
+
+class TombstoneObject(BaseObject):
+    # WIP
+    # for now only tombstone for workouts is implemented
+    object_to_delete: 'Workout'
+
+    def __init__(self, object_to_delete: 'Workout') -> None:
+        self.object_to_delete = object_to_delete
+        self.type = ActivityType.DELETE
+        self.actor = self.object_to_delete.user.actor
+        self.visibility = self._get_object_visibility()
+        if self.visibility in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]:
+            raise InvalidVisibilityException(
+                f"object visibility is: '{self.visibility.value}'"
+            )
+
+    def _get_object_id(self) -> str:
+        return (
+            f'{self.actor.activitypub_id}/workouts/'
+            f'{self.object_to_delete.short_id}'
+        )
+
+    def _get_object_visibility(self) -> PrivacyLevel:
+        return self.object_to_delete.workout_visibility
+
+    def get_activity(self) -> Dict:
+        object_id = self._get_object_id()
+        delete_activity = {
+            "@context": AP_CTX,
+            "id": f'{object_id}/delete',
+            "type": "Delete",
+            "actor": self.actor.activitypub_id,
+            "object": {
+                "type": "Tombstone",
+                "id": object_id,
+            },
+        }
+        if self.visibility == PrivacyLevel.PUBLIC:
+            delete_activity['to'] = [PUBLIC_STREAM]
+            delete_activity['cc'] = [self.actor.followers_url]
+        else:
+            delete_activity['to'] = [self.actor.followers_url]
+            delete_activity['cc'] = []
+        return delete_activity
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 532fc64a9..7e398af21 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -5,10 +5,11 @@
 import pytest
 from flask import Flask
 
-from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
+from fittrackee.federation.constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
     ActorNotFoundException,
+    ObjectNotFoundException,
     UnsupportedActivityException,
 )
 from fittrackee.federation.models import Actor
@@ -545,6 +546,34 @@ def generate_workout_create_activity(
             },
         }
 
+    def generate_workout_delete_activity(
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        remote_workout: Optional[Workout] = None,
+    ) -> Dict:
+        remote_domain = (
+            remote_actor.domain
+            if isinstance(remote_actor, RandomActor)
+            else f'https://{remote_actor.domain.name}'
+        )
+        workout_short_id = (
+            remote_workout.ap_id
+            if remote_workout
+            else f'{remote_domain}/workouts/{self.random_short_id()}'
+        )
+        return {
+            '@context': AP_CTX,
+            'id': f'{workout_short_id}/delete',
+            'type': 'Delete',
+            'actor': remote_actor.activitypub_id,
+            'to': [PUBLIC_STREAM],
+            'cc': [],
+            'object': {
+                'id': workout_short_id,
+                'type': 'Tombstone',
+            },
+        }
+
 
 class TestCreateActivityForWorkout(WorkoutActivitiesTestCase):
     def test_it_raises_error_if_workout_actor_does_not_exist(
@@ -652,3 +681,61 @@ def test_it_does_not_create_records_for_remote_workout(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
         ).first()
         assert remote_workout.records == []
+
+
+class TestDeleteActivityForWorkout(WorkoutActivitiesTestCase):
+    def test_it_raises_error_if_remote_workout_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        delete_activity = self.generate_workout_delete_activity(
+            remote_actor=remote_user.actor
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+
+        with pytest.raises(
+            ObjectNotFoundException,
+            match='workout not found for DeleteActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_workout_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        random_actor: Actor,
+    ) -> None:
+        delete_activity = self.generate_workout_delete_activity(
+            remote_actor=random_actor
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for DeleteActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_deletes_remote_workout(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        delete_activity = self.generate_workout_delete_activity(
+            remote_actor=remote_user.actor,
+            remote_workout=remote_cycling_workout,
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+        workout_id = remote_cycling_workout.id
+
+        activity.process_activity()
+
+        assert Workout.query.filter_by(id=workout_id).first() is None
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
new file mode 100644
index 000000000..be48dc1c2
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -0,0 +1,93 @@
+import pytest
+from flask import Flask
+
+from fittrackee.federation.constants import AP_CTX, PUBLIC_STREAM
+from fittrackee.federation.objects.exceptions import InvalidVisibilityException
+from fittrackee.federation.objects.tombstone import TombstoneObject
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Sport, Workout
+
+
+class TestTombstoneObjectForWorkout:
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_when_visibility_is_private(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_visibility
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=f"object visibility is: '{input_visibility.value}'",
+        ):
+            TombstoneObject(workout_cycling_user_1)
+
+    def test_it_generates_delete_activity_for_workout_with_public_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        tombstone = TombstoneObject(workout_cycling_user_1)
+
+        delete_activity = tombstone.get_activity()
+
+        assert delete_activity == {
+            "@context": AP_CTX,
+            "id": (
+                f'{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/delete'
+            ),
+            "type": "Delete",
+            "actor": user_1.actor.activitypub_id,
+            "object": {
+                "type": "Tombstone",
+                "id": (
+                    f'{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+            },
+            "to": [PUBLIC_STREAM],
+            "cc": [user_1.actor.followers_url],
+        }
+
+    def test_it_generates_delete_activity_for_workout_with_follower_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        tombstone = TombstoneObject(workout_cycling_user_1)
+
+        delete_activity = tombstone.get_activity()
+
+        assert delete_activity == {
+            "@context": AP_CTX,
+            "id": (
+                f'{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/delete'
+            ),
+            "type": "Delete",
+            "actor": user_1.actor.activitypub_id,
+            "object": {
+                "type": "Tombstone",
+                "id": (
+                    f'{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}'
+                ),
+            },
+            "to": [user_1.actor.followers_url],
+            "cc": [],
+        }
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_delete.py b/fittrackee/tests/federation/workouts/test_workouts_api_delete.py
new file mode 100644
index 000000000..f320ffade
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_delete.py
@@ -0,0 +1,118 @@
+from unittest.mock import Mock, patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.utils import generate_follow_request
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ...mixins import ApiTestCaseMixin
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestFederationDeleteWorkout(ApiTestCaseMixin):
+    @pytest.mark.parametrize(
+        'workout_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_does_not_call_sent_to_inbox(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        delete_workout_activity, _ = workout_cycling_user_1.get_activities(
+            activity_type='Delete'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=delete_workout_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        _, delete_note_activity = workout_cycling_user_1.get_activities(
+            activity_type='Delete'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=delete_note_activity,
+            recipients=[remote_user_2.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
index 57e6698b9..d9c4741ed 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -151,7 +151,9 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        workout_activity, _ = user_1.workouts[0].get_activities()
+        workout_activity, _ = user_1.workouts[0].get_activities(
+            activity_type='Create'
+        )
         send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=workout_activity,
@@ -195,7 +197,9 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        _, note_activity = user_1.workouts[0].get_activities()
+        _, note_activity = user_1.workouts[0].get_activities(
+            activity_type='Create'
+        )
         send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=note_activity,
@@ -339,7 +343,9 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
             ),
         )
 
-        workout_activity, _ = user_1.workouts[0].get_activities()
+        workout_activity, _ = user_1.workouts[0].get_activities(
+            activity_type='Create'
+        )
         send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=workout_activity,
@@ -378,7 +384,9 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             ),
         )
 
-        _, note_activity = user_1.workouts[0].get_activities()
+        _, note_activity = user_1.workouts[0].get_activities(
+            activity_type='Create'
+        )
         send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=note_activity,
@@ -427,7 +435,9 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
             assert send_to_remote_inbox_mock.send.call_count == 3
             calls = []
             for workout in user_1.workouts:
-                workout_activity, _ = workout.get_activities()
+                workout_activity, _ = workout.get_activities(
+                    activity_type='Create'
+                )
                 calls.append(
                     call(
                         sender_id=user_1.actor.id,
@@ -479,7 +489,9 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             assert send_to_remote_inbox_mock.send.call_count == 3
             calls = []
             for workout in user_1.workouts:
-                _, note_activity = workout.get_activities()
+                _, note_activity = workout.get_activities(
+                    activity_type='Create'
+                )
                 calls.append(
                     call(
                         sender_id=user_1.actor.id,
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 5cbd5a7db..7a407bf9d 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -127,7 +127,7 @@ def test_serializer_does_not_return_map_related_data(
         assert serialized_workout['segments'] == []
 
 
-class TestWorkoutModelGetWorkoutActivity:
+class TestWorkoutModelGetWorkoutCreateActivity:
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
@@ -141,13 +141,13 @@ def test_it_raises_error_if_visibility_is_invalid(
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_visibility
         with pytest.raises(InvalidVisibilityException):
-            workout_cycling_user_1.get_activities()
+            workout_cycling_user_1.get_activities(activity_type='Create')
 
     @pytest.mark.parametrize(
         'workout_visibility',
         [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
     )
-    def test_it_returns_activities_when_visibility_is_not_private(
+    def test_it_returns_activities_when_visibility_is_valid(
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -157,9 +157,53 @@ def test_it_returns_activities_when_visibility_is_not_private(
     ) -> None:
         workout_cycling_user_1.workout_visibility = workout_visibility
 
-        workout, note = workout_cycling_user_1.get_activities()
+        create_workout, create_note = workout_cycling_user_1.get_activities(
+            activity_type='Create'
+        )
+
+        assert create_workout['type'] == 'Create'
+        assert create_workout['object']['type'] == 'Workout'
+        assert create_note['type'] == 'Create'
+        assert create_note['object']['type'] == 'Note'
+
+
+class TestWorkoutModelGetWorkoutDeleteActivity:
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_if_visibility_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_visibility
+        with pytest.raises(InvalidVisibilityException):
+            workout_cycling_user_1.get_activities(activity_type='Delete')
 
-        assert workout['type'] == 'Create'
-        assert workout['object']['type'] == 'Workout'
-        assert note['type'] == 'Create'
-        assert note['object']['type'] == 'Note'
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_returns_activities_when_visibility_is_valid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = workout_visibility
+
+        delete_workout, _ = workout_cycling_user_1.get_activities(
+            activity_type='Delete'
+        )
+
+        assert delete_workout['type'] == 'Delete'
+        assert delete_workout['object']['type'] == 'Tombstone'
+        assert delete_workout['object']['id'] == (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
diff --git a/fittrackee/tests/fixtures/fixtures_workouts.py b/fittrackee/tests/fixtures/fixtures_workouts.py
index b1a8e28bb..8260fd48f 100644
--- a/fittrackee/tests/fixtures/fixtures_workouts.py
+++ b/fittrackee/tests/fixtures/fixtures_workouts.py
@@ -9,6 +9,8 @@
 from werkzeug.datastructures import FileStorage
 
 from fittrackee import db
+from fittrackee.tests.utils import random_short_id
+from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
 from fittrackee.workouts.utils.maps import StaticMap
 
@@ -225,6 +227,28 @@ def workout_cycling_user_2() -> Workout:
     return workout
 
 
+@pytest.fixture()
+def remote_cycling_workout(remote_user: User) -> Workout:
+    workout = Workout(
+        user_id=remote_user.id,
+        sport_id=1,
+        workout_date=datetime.datetime.strptime('01/01/2022', '%d/%m/%Y'),
+        distance=10,
+        duration=datetime.timedelta(seconds=3600),
+    )
+    update_workout(workout)
+    remote_domain = remote_user.actor.domain.name
+    remote_id = random_short_id()
+    workout.ap_id = (
+        f"https://{remote_domain}/federation/user/{remote_user.username}/"
+        f"workouts/{remote_id}"
+    )
+    workout.remote_url = f"https://{remote_domain}/workouts/{remote_id}"
+    db.session.add(workout)
+    db.session.commit()
+    return workout
+
+
 @pytest.fixture()
 def gpx_file() -> str:
     return (
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index ab981855a..7e935b855 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -613,4 +613,4 @@ def test_it_raises_error_if_federation_is_disabled(
         workout_cycling_user_1: Workout,
     ) -> None:
         with pytest.raises(FederationDisabledException):
-            workout_cycling_user_1.get_activities()
+            workout_cycling_user_1.get_activities(activity_type='Create')
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 782858f2e..d2e86dd21 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -13,6 +13,7 @@
 
 from fittrackee import BaseModel, appLog, db
 from fittrackee.federation.decorators import federation_required
+from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
@@ -424,11 +425,17 @@ def get_user_workout_records(
         return records
 
     @federation_required
-    def get_activities(self) -> Tuple[Dict, Dict]:
-        workout_object = WorkoutObject(self)
-        return workout_object.get_activity(), workout_object.get_activity(
-            is_note=True
-        )
+    def get_activities(self, activity_type: str) -> Tuple[Dict, Dict]:
+        if activity_type == 'Create':
+            workout_object = WorkoutObject(self)
+            return workout_object.get_activity(), workout_object.get_activity(
+                is_note=True
+            )
+        # Delete activity
+        tombstone_object = TombstoneObject(self)
+        delete_activity = tombstone_object.get_activity()
+        # delete activities for workout and note are the same
+        return delete_activity, delete_activity
 
 
 @listens_for(Workout, 'after_insert')
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 2731e92c5..f8b1d4639 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -61,12 +61,13 @@
 MAX_WORKOUTS_TO_SEND = 5
 
 
-def handle_workout_activities(workout: Workout) -> None:
+def handle_workout_activities(workout: Workout, activity_type: str) -> None:
     sender_id = workout.user.actor.id
-    workout_activity, note_activity = workout.get_activities()
+    workout_activity, note_activity = workout.get_activities(
+        activity_type=activity_type
+    )
     recipients = workout.user.get_followers_shared_inboxes()
 
-    # only workout data are sent (no map data)
     if recipients['fittrackee']:
         send_to_remote_inbox.send(
             sender_id=sender_id,
@@ -1050,7 +1051,9 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
                     new_workouts, limit=MAX_WORKOUTS_TO_SEND
                 )
                 for new_workout in workouts_to_send:
-                    handle_workout_activities(new_workout)
+                    handle_workout_activities(
+                        new_workout, activity_type='Create'
+                    )
 
             response_object = {
                 'status': 'created',
@@ -1234,7 +1237,7 @@ def post_workout_no_gpx(
         db.session.commit()
 
         if sending_activities_allowed(new_workout.workout_visibility):
-            handle_workout_activities(new_workout)
+            handle_workout_activities(new_workout, activity_type='Create')
 
         return (
             {
@@ -1492,6 +1495,9 @@ def delete_workout(
         if auth_user.id != workout.user.id:
             return ForbiddenErrorResponse()
 
+        if sending_activities_allowed(workout.workout_visibility):
+            handle_workout_activities(workout, activity_type='Delete')
+
         db.session.delete(workout)
         db.session.commit()
         return {'status': 'no content'}, 204

From 9ef379c15b81558d8a0446224a1bfcb7dec9ec36 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 1 Jan 2023 17:28:37 +0100
Subject: [PATCH 159/238] API - check actor on Delete activity

---
 .../federation/activities/activities.py       |  7 +++++
 fittrackee/federation/exceptions.py           | 21 +++++++++-----
 .../test_federation_activities_activities.py  | 29 +++++++++++++++++++
 3 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 4635aabae..e9d9646a1 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -3,6 +3,7 @@
 
 from fittrackee import appLog, db
 from fittrackee.federation.exceptions import (
+    ActivityException,
     ActorNotFoundException,
     ObjectNotFoundException,
 )
@@ -184,6 +185,12 @@ def delete_remote_workout(self, actor: Actor) -> None:
         if not workout_to_delete:
             raise ObjectNotFoundException('workout', self.activity_name())
 
+        if workout_to_delete.user.actor.id != actor.id:
+            raise ActivityException(
+                f'{self.activity_name()}: activity actor does not '
+                f'match workout actor.'
+            )
+
         db.session.delete(workout_to_delete)
         db.session.commit()
 
diff --git a/fittrackee/federation/exceptions.py b/fittrackee/federation/exceptions.py
index dfda2a5f2..7cde1eefd 100644
--- a/fittrackee/federation/exceptions.py
+++ b/fittrackee/federation/exceptions.py
@@ -3,6 +3,11 @@
 from fittrackee.exceptions import GenericException
 
 
+class ActivityException(GenericException):
+    def __init__(self, message: str) -> None:
+        super().__init__(status='error', message=message)
+
+
 class ActorNotFoundException(GenericException):
     def __init__(self, message: Optional[str] = None) -> None:
         super().__init__(
@@ -42,6 +47,14 @@ def __init__(self, message: Optional[str] = None) -> None:
         )
 
 
+class ObjectNotFoundException(GenericException):
+    def __init__(self, object_type: str, activity_type: str) -> None:
+        super().__init__(
+            status='error',
+            message=f"{object_type} not found for {activity_type}.",
+        )
+
+
 class SenderNotFoundException(GenericException):
     def __init__(self) -> None:
         super().__init__(
@@ -74,11 +87,3 @@ def __init__(self, activity_type: str) -> None:
             status='error',
             message=f"Unsupported activity '{activity_type}'.",
         )
-
-
-class ObjectNotFoundException(GenericException):
-    def __init__(self, object_type: str, activity_type: str) -> None:
-        super().__init__(
-            status='error',
-            message=f"{object_type} not found for {activity_type}.",
-        )
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 7e398af21..f6732737f 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -8,6 +8,7 @@
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
+    ActivityException,
     ActorNotFoundException,
     ObjectNotFoundException,
     UnsupportedActivityException,
@@ -720,6 +721,34 @@ def test_it_raises_error_if_workout_actor_does_not_exist(
         ):
             activity.process_activity()
 
+    def test_it_raises_error_when_activity_actor_is_not_workout_actor(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        remote_user_2: User,
+    ) -> None:
+        delete_activity = self.generate_workout_delete_activity(
+            remote_actor=remote_user_2.actor,
+            remote_workout=remote_cycling_workout,
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+
+        with pytest.raises(
+            ActivityException,
+            match=(
+                'DeleteActivity: activity actor does not match workout actor.'
+            ),
+        ):
+            activity.process_activity()
+        assert (
+            Workout.query.filter_by(id=remote_cycling_workout.id).first()
+            is not None
+        )
+
     def test_it_deletes_remote_workout(
         self,
         app_with_federation: Flask,

From 5bf4765d7d56988485ddc840cbe1682838684904 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 4 Jan 2023 10:25:54 +0100
Subject: [PATCH 160/238] API - init Update activity for Workouts

---
 fittrackee/federation/activities/__init__.py  |   2 +
 .../federation/activities/activities.py       |  64 ++++
 .../test_federation_activities_activities.py  | 337 ++++++++++++++++--
 3 files changed, 372 insertions(+), 31 deletions(-)

diff --git a/fittrackee/federation/activities/__init__.py b/fittrackee/federation/activities/__init__.py
index 57c696ec1..a2e0908fa 100644
--- a/fittrackee/federation/activities/__init__.py
+++ b/fittrackee/federation/activities/__init__.py
@@ -5,6 +5,7 @@
     FollowActivity,
     RejectActivity,
     UndoActivity,
+    UpdateActivity,
 )
 
 __all__ = [
@@ -14,4 +15,5 @@
     'FollowActivity',
     'RejectActivity',
     'UndoActivity',
+    'UpdateActivity',
 ]
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index e9d9646a1..3b55d153c 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -1,4 +1,5 @@
 from abc import ABC, abstractmethod
+from datetime import datetime, timedelta
 from typing import Dict, Tuple
 
 from fittrackee import appLog, db
@@ -8,6 +9,9 @@
     ObjectNotFoundException,
 )
 from fittrackee.federation.models import Actor
+from fittrackee.federation.objects.workout import (
+    convert_duration_string_to_seconds,
+)
 from fittrackee.federation.utils.user import (
     create_remote_user,
     get_or_create_remote_domain_from_url,
@@ -17,6 +21,7 @@
     FollowRequestAlreadyRejectedError,
     NotExistingFollowRequestError,
 )
+from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
 from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.workouts import create_workout
@@ -198,3 +203,62 @@ def process_activity(self) -> None:
         actor = self.get_actor()
         if 'workout' in self.activity['id']:
             self.delete_remote_workout(actor)
+
+
+class UpdateActivity(AbstractActivity):
+    @staticmethod
+    def convert_duration_string_to_timedelta(
+        duration_string: str,
+    ) -> timedelta:
+        return timedelta(
+            seconds=convert_duration_string_to_seconds(duration_string)
+        )
+
+    def update_remote_workout(self, actor: Actor) -> None:
+        workout_data = self.activity['object']
+        workout_to_update = Workout.query.filter_by(
+            ap_id=workout_data['id']
+        ).first()
+        if not workout_to_update:
+            raise ObjectNotFoundException('workout', self.activity_name())
+
+        if workout_to_update.user.actor.id != actor.id:
+            raise ActivityException(
+                f'{self.activity_name()}: activity actor does not '
+                f'match workout actor.'
+            )
+
+        try:
+            workout_to_update.ave_speed = workout_data['ave_speed']
+            workout_to_update.distance = workout_data['distance']
+            workout_to_update.duration = (
+                self.convert_duration_string_to_timedelta(
+                    workout_data['duration']
+                )
+            )
+            workout_to_update.max_speed = workout_data['max_speed']
+            workout_to_update.moving = (
+                self.convert_duration_string_to_timedelta(
+                    workout_data['moving']
+                )
+            )
+            workout_to_update.sport_id = workout_data['sport_id']
+            workout_to_update.title = workout_data['title']
+            # workout date must be in GMT+00:00
+            workout_to_update.workout_date = datetime.strptime(
+                workout_data['workout_date'], WORKOUT_DATE_FORMAT
+            )
+            workout_to_update.workout_visibility = workout_data[
+                'workout_visibility'
+            ]
+            db.session.commit()
+        except Exception as e:
+            raise ActivityException(
+                f'{self.activity_name()}: invalid Workout activity '
+                f'({e.__class__.__name__}: {e}).'
+            )
+
+    def process_activity(self) -> None:
+        actor = self.get_actor()
+        if 'workout' in self.activity['id']:
+            self.update_remote_workout(actor)
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index f6732737f..a29c86d21 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, timedelta
 from typing import Dict, Optional, Union
 from unittest.mock import patch
 
@@ -14,6 +14,9 @@
     UnsupportedActivityException,
 )
 from fittrackee.federation.models import Actor
+from fittrackee.federation.objects.workout import (
+    convert_duration_string_to_seconds,
+)
 from fittrackee.federation.tasks.activity import get_activity_instance
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.exceptions import (
@@ -500,8 +503,11 @@ def test_it_undoes_follow_request_regardless_its_status(
 
 
 class WorkoutActivitiesTestCase(RandomMixin):
-    def generate_workout_create_activity(
-        self, remote_actor: Union[RandomActor, Actor], sport_id: int
+    def generate_random_object(
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        sport_id: int,
+        activity_type: str,
     ) -> Dict:
         remote_domain = (
             remote_actor.domain
@@ -514,39 +520,97 @@ def generate_workout_create_activity(
         workout_url = f'{remote_domain}/workouts/{workout_short_id}'
         published = datetime.utcnow().strftime(DATE_FORMAT)
         return {
-            '@context': AP_CTX,
-            'id': (
-                f'{remote_actor.activitypub_id}/workouts/'
-                f'{workout_short_id}/activity'
+            "@context": AP_CTX,
+            "id": (
+                f"{remote_actor.activitypub_id}/workouts/"
+                f"{workout_short_id}/activity"
             ),
-            'type': 'Create',
-            'actor': remote_actor.activitypub_id,
-            'published': published,
-            'to': [remote_actor.followers_url],
-            'cc': [],
-            'object': {
-                'id': (
-                    f'{remote_actor.activitypub_id}/workouts/'
-                    f'{workout_short_id}'
+            "type": activity_type,
+            "actor": remote_actor.activitypub_id,
+            "published": published,
+            "to": [remote_actor.followers_url],
+            "cc": [],
+            "object": {
+                "id": (
+                    f"{remote_actor.activitypub_id}/workouts/"
+                    f"{workout_short_id}"
                 ),
-                'type': 'Workout',
-                'published': published,
-                'url': workout_url,
-                'attributedTo': remote_actor.activitypub_id,
-                'to': [remote_actor.followers_url],
-                'cc': [],
-                'ave_speed': workout_distance,
-                'distance': workout_distance,
-                'duration': '01:00:00',
-                'max_speed': workout_distance,
-                'moving': '01:00:00',
-                'sport_id': sport_id,
-                'title': self.random_string(),
-                'workout_date': workout_date,
-                'workout_visibility': PrivacyLevel.FOLLOWERS.value,
+                "type": "Workout",
+                "published": published,
+                "url": workout_url,
+                "attributedTo": remote_actor.activitypub_id,
+                "to": [remote_actor.followers_url],
+                "cc": [],
+                "ave_speed": workout_distance,
+                "distance": workout_distance,
+                "duration": "01:00:00",
+                "max_speed": workout_distance,
+                "moving": "01:00:00",
+                "sport_id": sport_id,
+                "title": self.random_string(),
+                "workout_date": workout_date,
+                "workout_visibility": PrivacyLevel.FOLLOWERS.value,
             },
         }
 
+    def generate_workout_create_activity(
+        self, remote_actor: Union[RandomActor, Actor], sport_id: int
+    ) -> Dict:
+        return self.generate_random_object(remote_actor, sport_id, 'Create')
+
+    def generate_workout_update_activity(
+        self,
+        remote_actor: Union[RandomActor, Actor, None] = None,
+        sport_id: Optional[int] = None,
+        workout: Optional[Workout] = None,
+        updates: Optional[Dict] = None,
+    ) -> Dict:
+        activity = {}
+        if not updates:
+            updates = {}
+        if workout:
+            actor: Actor = workout.user.actor
+            remote_domain = f'https://{workout.user.actor.domain.name}'
+            published = datetime.utcnow().strftime(DATE_FORMAT)
+            activity = {
+                "@context": AP_CTX,
+                "id": (
+                    f"{actor.activitypub_id}/workouts/"
+                    f"{workout.short_id}/activity"
+                ),
+                "type": "Update",
+                "actor": actor.activitypub_id,
+                "published": published,
+                "to": [actor.followers_url],
+                "cc": [],
+                "object": {
+                    "id": workout.ap_id,
+                    "type": "Workout",
+                    "published": published,
+                    "url": f"{remote_domain}/workouts/{workout.short_id}",
+                    "attributedTo": actor.activitypub_id,
+                    "to": [actor.followers_url],
+                    "cc": [],
+                    "ave_speed": workout.ave_speed,
+                    "distance": workout.distance,
+                    "duration": str(workout.duration),
+                    "max_speed": workout.max_speed,
+                    "moving": str(workout.moving),
+                    "sport_id": workout.sport_id,
+                    "title": workout.title,
+                    "workout_date": datetime.utcnow().strftime(
+                        WORKOUT_DATE_FORMAT
+                    ),
+                    "workout_visibility": PrivacyLevel.FOLLOWERS.value,
+                },
+            }
+        elif remote_actor and remote_actor and sport_id:
+            activity = self.generate_random_object(
+                remote_actor, sport_id, 'Update'
+            )
+        activity["object"] = {**activity["object"], **updates}
+        return activity
+
     def generate_workout_delete_activity(
         self,
         remote_actor: Union[RandomActor, Actor],
@@ -768,3 +832,214 @@ def test_it_deletes_remote_workout(
         activity.process_activity()
 
         assert Workout.query.filter_by(id=workout_id).first() is None
+
+
+class TestUpdateActivityForWorkout(WorkoutActivitiesTestCase):
+    def test_it_raises_error_if_remote_workout_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            remote_actor=remote_user.actor, sport_id=sport_1_cycling.id
+        )
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+        with pytest.raises(
+            ObjectNotFoundException,
+            match="workout not found for UpdateActivity",
+        ):
+
+            activity.process_activity()
+
+    def test_it_raises_error_if_workout_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        random_actor: Actor,
+        sport_1_cycling: Sport,
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            remote_actor=random_actor, sport_id=sport_1_cycling.id
+        )
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+        with pytest.raises(
+            ActorNotFoundException,
+            match="actor not found for UpdateActivity",
+        ):
+
+            activity.process_activity()
+
+    def test_it_raises_error_when_activity_actor_is_not_workout_actor(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        remote_user_2: User,
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            workout=remote_cycling_workout,
+            updates={'title': self.random_string()},
+        )
+        update_activity = {
+            **update_activity,
+            'actor': remote_user_2.actor.activitypub_id,
+        }
+        activity = get_activity_instance({'type': update_activity['type']})(
+            activity_dict=update_activity
+        )
+        serialize_workout = remote_cycling_workout.serialize(
+            user_status='owner'
+        )
+
+        with pytest.raises(
+            ActivityException,
+            match=(
+                "UpdateActivity: activity actor does not match workout actor."
+            ),
+        ):
+
+            activity.process_activity()
+
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        assert workout.serialize('owner') == serialize_workout
+
+    @pytest.mark.parametrize(
+        "input_key, input_new_value",
+        [
+            ("ave_speed", 9.0),
+            ("distance", 12.0),
+            ("max_speed", 13.0),
+            ("sport_id", 2),
+            ("title", "new_title"),
+            ("workout_visibility", PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_updates_remote_workout(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        remote_cycling_workout: Workout,
+        input_key: str,
+        input_new_value: Union[str, int, float, PrivacyLevel],
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            workout=remote_cycling_workout,
+            updates={input_key: input_new_value},
+        )
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+
+        activity.process_activity()
+
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        assert workout.__getattribute__(input_key) == input_new_value
+
+    @pytest.mark.parametrize(
+        "input_key, input_new_value",
+        [
+            ("duration", "00:50:00"),
+            ("moving", "01:20:10"),
+        ],
+    )
+    def test_it_updates_remote_workout_durations(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        remote_cycling_workout: Workout,
+        input_key: str,
+        input_new_value: str,
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            workout=remote_cycling_workout,
+            updates={input_key: input_new_value},
+        )
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+
+        activity.process_activity()
+
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        assert workout.__getattribute__(input_key) == timedelta(
+            seconds=convert_duration_string_to_seconds(input_new_value)
+        )
+
+    def test_it_updates_remote_workout_date(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        new_workout_date = "2022-01-04 08:16"
+        update_activity = self.generate_workout_update_activity(
+            workout=remote_cycling_workout,
+            updates={"workout_date": new_workout_date},
+        )
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+
+        activity.process_activity()
+
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        assert workout.workout_date == datetime.strptime(
+            new_workout_date, WORKOUT_DATE_FORMAT
+        )
+
+    def test_it_updates_remote_workout_modification_date(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            workout=remote_cycling_workout,
+            updates={"title": self.random_string()},
+        )
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+
+        activity.process_activity()
+
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        assert workout.modification_date is not None
+
+    def test_it_raises_exception_when_activity_is_invalid(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        update_activity = self.generate_workout_update_activity(
+            workout=remote_cycling_workout,
+        )
+        del update_activity["object"]["title"]
+        activity = get_activity_instance({"type": update_activity["type"]})(
+            activity_dict=update_activity
+        )
+        with pytest.raises(
+            ActivityException,
+            match=(
+                "UpdateActivity: invalid Workout activity"
+                " \\(KeyError: 'title'\\)."
+            ),
+        ):
+
+            activity.process_activity()

From f194a1ce9a3284b23f371e59828672a61405212c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 4 Jan 2023 12:51:17 +0100
Subject: [PATCH 161/238] API - send activity to remote instances on workout
 update

---
 fittrackee/federation/enums.py                |   1 +
 fittrackee/federation/objects/workout.py      |   4 +-
 .../test_federation_objects_workout.py        |  35 +++-
 .../workouts/test_workouts_api_patch.py       | 190 ++++++++++++++++++
 .../workouts/test_workouts_models.py          |  18 +-
 fittrackee/workouts/models.py                 |   4 +-
 fittrackee/workouts/workouts.py               |  24 +++
 7 files changed, 260 insertions(+), 16 deletions(-)
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_api_patch.py

diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index 387f24d0b..3968a7584 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -8,6 +8,7 @@ class ActivityType(Enum):
     FOLLOW = 'Follow'
     REJECT = 'Reject'
     UNDO = 'Undo'
+    UPDATE = 'Update'
 
 
 class ActorType(Enum):
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index bd55ae701..b150deb8c 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -17,7 +17,7 @@
 class WorkoutObject(BaseObject):
     workout: 'Workout'
 
-    def __init__(self, workout: 'Workout') -> None:
+    def __init__(self, workout: 'Workout', activity_type: str) -> None:
         if workout.workout_visibility in [
             PrivacyLevel.PRIVATE,
             PrivacyLevel.FOLLOWERS,
@@ -26,7 +26,7 @@ def __init__(self, workout: 'Workout') -> None:
                 f"object visibility is: '{workout.workout_visibility.value}'"
             )
         self.workout = workout
-        self.type = ActivityType.CREATE
+        self.type = ActivityType(activity_type)
         self.actor = self.workout.user.actor
         self.activity_id = (
             f'{self.actor.activitypub_id}/workouts/{self.workout.short_id}'
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index b0025e8b5..75ccdde5a 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -41,21 +41,38 @@ def test_it_raises_error_when_visibility_is_invalid(
             InvalidVisibilityException,
             match=f"object visibility is: '{input_visibility.value}'",
         ):
-            WorkoutObject(workout_cycling_user_1)
+            WorkoutObject(workout_cycling_user_1, 'Create')
 
-    def test_it_generates_create_activity_when_visibility_is_followers_and_remote_only(  # noqa
+    def test_it_raises_error_when_activity_type_is_invalid(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+    ) -> None:
+        invalid_activity_type = self.random_string()
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        with pytest.raises(
+            ValueError,
+            match=f"'{invalid_activity_type}' is not a valid ActivityType",
+        ):
+            WorkoutObject(workout_cycling_user_1, invalid_activity_type)
+
+    @pytest.mark.parametrize('input_activity_type', ['Create', 'Update'])
+    def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_activity_type: str,
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = (
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
-        workout = WorkoutObject(workout_cycling_user_1)
+        workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
 
         serialized_workout = workout.get_activity()
 
@@ -65,7 +82,7 @@ def test_it_generates_create_activity_when_visibility_is_followers_and_remote_on
                 f'{user_1.actor.activitypub_id}/workouts/'
                 f'{workout_cycling_user_1.short_id}/activity'
             ),
-            'type': 'Create',
+            'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
@@ -97,17 +114,19 @@ def test_it_generates_create_activity_when_visibility_is_followers_and_remote_on
             },
         }
 
+    @pytest.mark.parametrize('input_activity_type', ['Create', 'Update'])
     def test_it_generates_create_activity_when_visibility_is_public(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_activity_type: str,
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
-        workout = WorkoutObject(workout_cycling_user_1)
+        workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
 
         serialized_workout = workout.get_activity()
 
@@ -117,7 +136,7 @@ def test_it_generates_create_activity_when_visibility_is_public(
                 f'{user_1.actor.activitypub_id}/workouts/'
                 f'{workout_cycling_user_1.short_id}/activity'
             ),
-            'type': 'Create',
+            'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': ['https://www.w3.org/ns/activitystreams#Public'],
@@ -171,7 +190,7 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
-        workout = WorkoutObject(workout_cycling_user_1)
+        workout = WorkoutObject(workout_cycling_user_1, 'Create')
         expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
         serialized_workout_note = workout.get_activity(is_note=True)
@@ -214,7 +233,7 @@ def test_it_returns_note_activity_when_visibility_is_public(
         workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
-        workout = WorkoutObject(workout_cycling_user_1)
+        workout = WorkoutObject(workout_cycling_user_1, 'Create')
         expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
         serialized_workout_note = workout.get_activity(is_note=True)
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_patch.py b/fittrackee/tests/federation/workouts/test_workouts_api_patch.py
new file mode 100644
index 000000000..29de74eb3
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_patch.py
@@ -0,0 +1,190 @@
+import json
+from unittest.mock import Mock, patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ...mixins import ApiTestCaseMixin
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestFederationUpdateWorkout(ApiTestCaseMixin):
+    @pytest.mark.parametrize(
+        'workout_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_does_not_call_sent_to_inbox_when_visibility_does_not_change_for_local_workouts(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(dict(sport_id=2, title=self.random_string())),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'workout_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=2,
+                    title=self.random_string(),
+                    workout_visibility=workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        update_workout_activity, _ = workout_cycling_user_1.get_activities(
+            activity_type='Update'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=update_workout_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'old_workout_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    @pytest.mark.parametrize(
+        'new_workout_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS],
+    )
+    def test_it_calls_sent_to_inbox_with_delete_activity_when_workout_is_not_visible_anymore_on_remote(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        old_workout_visibility: PrivacyLevel,
+        new_workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = old_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        delete_workout_activity, _ = workout_cycling_user_1.get_activities(
+            activity_type='Delete'
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=2,
+                    title=self.random_string(),
+                    workout_visibility=new_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=delete_workout_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'old_workout_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS],
+    )
+    @pytest.mark.parametrize(
+        'new_workout_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_with_create_activity_when_workout_is_now_visible_on_remote(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        old_workout_visibility: PrivacyLevel,
+        new_workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = old_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=2,
+                    title=self.random_string(),
+                    workout_visibility=new_workout_visibility.value,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        create_workout_activity, _ = workout_cycling_user_1.get_activities(
+            activity_type='Create'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=create_workout_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 7a407bf9d..f0cd0f604 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -128,6 +128,8 @@ def test_serializer_does_not_return_map_related_data(
 
 
 class TestWorkoutModelGetWorkoutCreateActivity:
+    activity_type = 'Create'
+
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
@@ -141,7 +143,9 @@ def test_it_raises_error_if_visibility_is_invalid(
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_visibility
         with pytest.raises(InvalidVisibilityException):
-            workout_cycling_user_1.get_activities(activity_type='Create')
+            workout_cycling_user_1.get_activities(
+                activity_type=self.activity_type
+            )
 
     @pytest.mark.parametrize(
         'workout_visibility',
@@ -158,15 +162,21 @@ def test_it_returns_activities_when_visibility_is_valid(
         workout_cycling_user_1.workout_visibility = workout_visibility
 
         create_workout, create_note = workout_cycling_user_1.get_activities(
-            activity_type='Create'
+            activity_type=self.activity_type
         )
 
-        assert create_workout['type'] == 'Create'
+        assert create_workout['type'] == self.activity_type
         assert create_workout['object']['type'] == 'Workout'
-        assert create_note['type'] == 'Create'
+        assert create_note['type'] == self.activity_type
         assert create_note['object']['type'] == 'Note'
 
 
+class TestWorkoutModelGetWorkoutUpdateActivity(
+    TestWorkoutModelGetWorkoutCreateActivity
+):
+    activity_type = 'Update'
+
+
 class TestWorkoutModelGetWorkoutDeleteActivity:
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index d2e86dd21..295f0faf0 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -426,8 +426,8 @@ def get_user_workout_records(
 
     @federation_required
     def get_activities(self, activity_type: str) -> Tuple[Dict, Dict]:
-        if activity_type == 'Create':
-            workout_object = WorkoutObject(self)
+        if activity_type in ['Create', 'Update']:
+            workout_object = WorkoutObject(self, activity_type=activity_type)
             return workout_object.get_activity(), workout_object.get_activity(
                 is_note=True
             )
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index f8b1d4639..deabd06c3 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1,6 +1,7 @@
 import json
 import os
 import shutil
+from copy import copy
 from datetime import timedelta
 from typing import Dict, List, Optional, Tuple, Union
 
@@ -1402,6 +1403,9 @@ def update_workout(
             return DataNotFoundErrorResponse('workouts')
         if auth_user.id != workout.user.id:
             return ForbiddenErrorResponse()
+        old_workout = (
+            copy(workout) if current_app.config['federation_enabled'] else None
+        )
 
         if not workout.gpx:
             try:
@@ -1432,6 +1436,26 @@ def update_workout(
 
         workout = edit_workout(workout, workout_data, auth_user)
         db.session.commit()
+
+        if current_app.config['federation_enabled']:
+            if workout.workout_visibility in (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ):
+                if old_workout.workout_visibility in (
+                    PrivacyLevel.PRIVATE,
+                    PrivacyLevel.FOLLOWERS,
+                ):
+                    handle_workout_activities(workout, activity_type='Create')
+                else:
+                    handle_workout_activities(workout, activity_type='Update')
+
+            elif old_workout.workout_visibility in (
+                PrivacyLevel.PUBLIC,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ):
+                handle_workout_activities(old_workout, activity_type='Delete')
+
         return {
             'status': 'success',
             'data': {'workouts': [workout.serialize('owner')]},

From 3efd7ce91ea8ffa2f43042fb768190fcaf8c85e7 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 4 Jan 2023 19:41:58 +0100
Subject: [PATCH 162/238] API - init workout comment model

---
 .../30_8842c351a2d8_init_federation.py        | 32 +++++-
 fittrackee/tests/utils.py                     |  2 +-
 .../tests/workouts/test_comments_models.py    | 98 +++++++++++++++++++
 .../tests/workouts/test_workouts_model.py     |  2 +-
 fittrackee/users/models.py                    |  5 +
 fittrackee/utils.py                           | 16 +++
 fittrackee/workouts/models.py                 | 56 ++++++++++-
 fittrackee/workouts/utils/short_id.py         | 17 ----
 fittrackee/workouts/workouts.py               |  2 +-
 9 files changed, 208 insertions(+), 22 deletions(-)
 create mode 100644 fittrackee/tests/workouts/test_comments_models.py
 delete mode 100644 fittrackee/workouts/utils/short_id.py

diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
index 6bf357ed5..a139cb750 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
@@ -10,7 +10,7 @@
 
 import sqlalchemy as sa
 from alembic import op
-from sqlalchemy.dialects.postgresql import ENUM
+from sqlalchemy.dialects.postgresql import ENUM, UUID
 
 from fittrackee.federation.utils import (
     generate_keys, get_ap_url, remove_url_scheme
@@ -263,8 +263,38 @@ def upgrade():
     op.alter_column('workouts', 'workout_visibility', nullable=False)
     op.alter_column('workouts', 'map_visibility', nullable=False)
 
+    op.create_table('workout_comments',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('uuid', UUID(as_uuid=True), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=False),
+    sa.Column('workout_id', sa.Integer(), nullable=False),
+    sa.Column('created_at', sa.DateTime(), nullable=True),
+    sa.Column('text', sa.String(), nullable=False),
+    sa.Column('reply_to', sa.Integer(), nullable=True),
+    sa.Column('ap_id', sa.Text(), nullable=True),
+    sa.Column('remote_url', sa.Text(), nullable=True),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+    sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('uuid')
+    )
+    op.add_column(
+        'workout_comments',
+        sa.Column(
+            'text_visibility',
+            privacy_levels,
+            server_default='PRIVATE',
+            nullable=True
+        )
+    )
+    with op.batch_alter_table('workout_comments', schema=None) as batch_op:
+        batch_op.create_index(batch_op.f('ix_workout_comments_user_id'), ['user_id'], unique=False)
 
 def downgrade():
+    with op.batch_alter_table('workout_comments', schema=None) as batch_op:
+        batch_op.drop_index(batch_op.f('ix_workout_comments_user_id'))
+    op.drop_table('workout_comments')
+
     op.drop_column('workouts', 'remote_url')
     op.drop_column('workouts', 'ap_id')
     op.drop_column('workouts', 'map_visibility')
diff --git a/fittrackee/tests/utils.py b/fittrackee/tests/utils.py
index 9cdf52898..190bc63c3 100644
--- a/fittrackee/tests/utils.py
+++ b/fittrackee/tests/utils.py
@@ -11,7 +11,7 @@
 
 from fittrackee import db
 from fittrackee.users.models import FollowRequest, User
-from fittrackee.workouts.utils.short_id import encode_uuid
+from fittrackee.utils import encode_uuid
 
 
 def random_string(
diff --git a/fittrackee/tests/workouts/test_comments_models.py b/fittrackee/tests/workouts/test_comments_models.py
new file mode 100644
index 000000000..139b55fc7
--- /dev/null
+++ b/fittrackee/tests/workouts/test_comments_models.py
@@ -0,0 +1,98 @@
+from datetime import datetime
+from typing import Optional
+
+from flask import Flask
+from freezegun import freeze_time
+
+from fittrackee import db
+from fittrackee.users.models import User
+from fittrackee.utils import encode_uuid
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+
+from ..mixins import RandomMixin
+
+
+class TestWorkoutCommentModel(RandomMixin):
+    def create_comment(
+        self,
+        user: User,
+        workout: Workout,
+        text: Optional[str] = None,
+        created_at: Optional[datetime] = None,
+    ) -> WorkoutComment:
+        text = self.random_string() if text is None else text
+        comment = WorkoutComment(
+            user_id=user.id,
+            workout_id=workout.id,
+            text=text,
+            created_at=created_at,
+        )
+        db.session.add(comment)
+        db.session.commit()
+        return comment
+
+    def test_comment_model(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        text = self.random_string()
+        created_at = datetime.utcnow()
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=text,
+            created_at=created_at,
+        )
+
+        assert comment.user_id == user_1.id
+        assert comment.workout_id == workout_cycling_user_1.id
+        assert comment.text == text
+        assert comment.created_at == created_at
+
+    def test_created_date_is_initialized_on_creation_when_not_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        now = datetime.utcnow()
+        with freeze_time(now):
+
+            comment = self.create_comment(
+                user=user_1,
+                workout=workout_cycling_user_1,
+            )
+
+        assert comment.created_at == now
+
+    def test_short_id_returns_encoded_comment_uuid(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+        )
+
+        assert comment.short_id == encode_uuid(comment.uuid)
+
+    def test_it_returns_string_representation(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+        )
+
+        assert str(comment) == f'<WorkoutComment {comment.id}>'
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 7e935b855..1f9b477a2 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -8,9 +8,9 @@
 from fittrackee.federation.exceptions import FederationDisabledException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
+from fittrackee.utils import encode_uuid
 from fittrackee.workouts.exceptions import WorkoutForbiddenException
 from fittrackee.workouts.models import Sport, Workout
-from fittrackee.workouts.utils.short_id import encode_uuid
 
 from ..utils import random_string
 
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index cbe55478e..d965c5cc2 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -182,6 +182,11 @@ class User(BaseModel):
         lazy='dynamic',
         viewonly=True,
     )
+    workout_comments = db.relationship(
+        'WorkoutComment',
+        lazy=True,
+        backref=db.backref('user', lazy='joined', single_parent=True),
+    )
 
     def __repr__(self) -> str:
         return f'<User {self.username!r}>'
diff --git a/fittrackee/utils.py b/fittrackee/utils.py
index b777e9926..0731fb14e 100644
--- a/fittrackee/utils.py
+++ b/fittrackee/utils.py
@@ -1,8 +1,10 @@
 import time
 from datetime import timedelta
 from typing import Optional
+from uuid import UUID
 
 import humanize
+import shortuuid
 
 from fittrackee import db
 
@@ -28,3 +30,17 @@ def clean(sql: str, days: int) -> int:
     limit = int(time.time()) - (days * 86400)
     result = db.engine.execute(sql, {'limit': limit})
     return result.rowcount
+
+
+def encode_uuid(uuid_value: UUID) -> str:
+    """
+    Return short id string from a UUID
+    """
+    return shortuuid.encode(uuid_value)
+
+
+def decode_short_id(short_id: str) -> UUID:
+    """
+    Return UUID from a short id string
+    """
+    return shortuuid.decode(short_id)
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 295f0faf0..a9d0b99a1 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -17,10 +17,10 @@
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
+from fittrackee.utils import encode_uuid
 
 from .exceptions import WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
-from .utils.short_id import encode_uuid
 
 record_types = [
     'AS',  # 'Best Average Speed'
@@ -186,6 +186,12 @@ class Workout(BaseModel):
         cascade='all, delete',
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
+    comments = db.relationship(
+        'WorkoutComment',
+        lazy=True,
+        cascade='all, delete',
+        backref=db.backref('workout', lazy='joined', single_parent=True),
+    )
 
     def __str__(self) -> str:
         return f'<Workout \'{self.sport.label}\' - {self.workout_date}>'
@@ -625,3 +631,51 @@ def receive_after_flush(session: Session, context: Any) -> None:
                 )
                 new_record.value = record_data['record_value']  # type: ignore
                 session.add(new_record)
+
+
+class WorkoutComment(BaseModel):
+    __tablename__ = 'workout_comments'
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    uuid = db.Column(
+        postgresql.UUID(as_uuid=True),
+        default=uuid4,
+        unique=True,
+        nullable=False,
+    )
+    user_id = db.Column(
+        db.Integer, db.ForeignKey('users.id'), index=True, nullable=False
+    )
+    workout_id = db.Column(
+        db.Integer, db.ForeignKey('workouts.id'), nullable=False
+    )
+    created_at = db.Column(db.DateTime, default=datetime.datetime.utcnow)
+    text = db.Column(db.String(), nullable=False)
+    text_visibility = db.Column(
+        Enum(PrivacyLevel, name='privacy_levels'),
+        server_default='PRIVATE',
+        nullable=False,
+    )
+    reply_to = db.Column(db.Integer, nullable=True)
+    ap_id = db.Column(db.Text(), nullable=True)
+    remote_url = db.Column(db.Text(), nullable=True)
+
+    def __repr__(self) -> str:
+        return f'<WorkoutComment {self.id}>'
+
+    def __init__(
+        self,
+        user_id: int,
+        workout_id: int,
+        text: str,
+        created_at: Optional[datetime.datetime] = None,
+    ) -> None:
+        self.user_id = user_id
+        self.workout_id = workout_id
+        self.text = text
+        self.created_at = (
+            datetime.datetime.utcnow() if created_at is None else created_at
+        )
+
+    @property
+    def short_id(self) -> str:
+        return encode_uuid(self.uuid)
diff --git a/fittrackee/workouts/utils/short_id.py b/fittrackee/workouts/utils/short_id.py
deleted file mode 100644
index 86ec51267..000000000
--- a/fittrackee/workouts/utils/short_id.py
+++ /dev/null
@@ -1,17 +0,0 @@
-from uuid import UUID
-
-import shortuuid
-
-
-def encode_uuid(uuid_value: UUID) -> str:
-    """
-    Return short id string from a UUID
-    """
-    return shortuuid.encode(uuid_value)
-
-
-def decode_short_id(short_id: str) -> UUID:
-    """
-    Return UUID from a short id string
-    """
-    return shortuuid.decode(short_id)
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index deabd06c3..11ec1a91e 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -35,6 +35,7 @@
     handle_error_and_return_response,
 )
 from fittrackee.users.models import User
+from fittrackee.utils import decode_short_id
 
 from .models import Workout
 from .utils.convert import convert_in_duration
@@ -43,7 +44,6 @@
     extract_segment_from_gpx_file,
     get_chart_data,
 )
-from .utils.short_id import decode_short_id
 from .utils.visibility import can_view_workout
 from .utils.workouts import (
     WorkoutException,

From 9389d3de3bfe547a35c46918de98e02d8e37f20a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 4 Jan 2023 20:00:09 +0100
Subject: [PATCH 163/238] API - update testing config

---
 fittrackee/config.py                       | 4 ++--
 fittrackee/tests/users/test_auth_api.py    | 6 +++---
 fittrackee/tests/users/test_users_model.py | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/fittrackee/config.py b/fittrackee/config.py
index afbadaa7b..a877cf7b1 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -96,8 +96,8 @@ class TestingConfig(BaseConfig):
     SECRET_KEY = 'test key'  # nosec
     BCRYPT_LOG_ROUNDS = 4
     TOKEN_EXPIRATION_DAYS = 0
-    TOKEN_EXPIRATION_SECONDS = 3
-    PASSWORD_TOKEN_EXPIRATION_SECONDS = 3
+    TOKEN_EXPIRATION_SECONDS = 10
+    PASSWORD_TOKEN_EXPIRATION_SECONDS = 10
     UI_URL = 'http://0.0.0.0:5000'
     SENDER_EMAIL = 'fittrackee@example.com'
     OAUTH2_TOKEN_EXPIRES_IN = {
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 792492c4c..240dd7615 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -2214,7 +2214,7 @@ def test_it_calls_reset_password_email_when_user_exists(
                 'email': user_1.email,
             },
             {
-                'expiration_delay': '3 seconds',
+                'expiration_delay': '10 seconds',
                 'username': user_1.username,
                 'password_reset_url': (
                     f'http://0.0.0.0:5000/password-reset?token={token}'
@@ -2321,7 +2321,7 @@ def test_it_returns_error_if_token_is_expired(
         token = get_user_token(user_1.id, password_reset=True)
         client = app.test_client()
 
-        with freeze_time(now + timedelta(seconds=4)):
+        with freeze_time(now + timedelta(seconds=11)):
             response = client.post(
                 '/api/auth/password/update',
                 data=json.dumps(
@@ -2735,7 +2735,7 @@ def test_it_returns_error_when_token_is_expired(
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
-        with freeze_time(now + timedelta(seconds=4)):
+        with freeze_time(now + timedelta(seconds=11)):
 
             response = client.post(
                 '/api/auth/logout',
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 90764925d..5907af5a3 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -408,7 +408,7 @@ def test_it_returns_error_when_token_is_expired(
     ) -> None:
         auth_token = user_1.encode_auth_token(user_1.id)
         now = datetime.utcnow()
-        with freeze_time(now + timedelta(seconds=4)):
+        with freeze_time(now + timedelta(seconds=11)):
             assert (
                 User.decode_auth_token(auth_token)
                 == 'signature expired, please log in again'

From 8d01f46dcd8e5358d1dd85415879331c40c5a163 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 7 Jan 2023 12:02:54 +0100
Subject: [PATCH 164/238] API - add visibity to comments

---
 .../workouts/test_comments_models.py          |  74 +++++++++++
 .../tests/workouts/test_comments_models.py    | 119 +++++++++++++++++-
 fittrackee/workouts/exceptions.py             |   4 +
 fittrackee/workouts/models.py                 |  42 ++++++-
 4 files changed, 237 insertions(+), 2 deletions(-)
 create mode 100644 fittrackee/tests/federation/workouts/test_comments_models.py

diff --git a/fittrackee/tests/federation/workouts/test_comments_models.py b/fittrackee/tests/federation/workouts/test_comments_models.py
new file mode 100644
index 000000000..cb74f1c1f
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_comments_models.py
@@ -0,0 +1,74 @@
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import User
+from fittrackee.workouts.exceptions import InvalidVisibilityException
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+
+from ...mixins import RandomMixin
+
+
+class TestWorkoutCommentModel(RandomMixin):
+    @pytest.mark.parametrize(
+        'input_workout_visibility, input_text_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.FOLLOWERS),
+            (
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_initializes_text_visibility_when_workout_visibility_is_not_stricter(  # noqa
+        self,
+        input_workout_visibility: PrivacyLevel,
+        input_text_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        comment = WorkoutComment(
+            user_id=user_1.id,
+            workout_id=workout_cycling_user_1.id,
+            workout_visibility=workout_cycling_user_1.workout_visibility,
+            text=self.random_string(),
+            text_visibility=input_text_visibility,
+        )
+
+        assert comment.text_visibility == input_text_visibility
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility, input_text_visibility',
+        [
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_raises_when_workout_visibility_is_stricter(
+        self,
+        input_workout_visibility: PrivacyLevel,
+        input_text_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=(
+                f'invalid visibility: {input_text_visibility} '
+                f'\\(workout visibility: {input_workout_visibility}\\)'
+            ),
+        ):
+            WorkoutComment(
+                user_id=user_1.id,
+                workout_id=workout_cycling_user_1.id,
+                workout_visibility=workout_cycling_user_1.workout_visibility,
+                text=self.random_string(),
+                text_visibility=input_text_visibility,
+            )
diff --git a/fittrackee/tests/workouts/test_comments_models.py b/fittrackee/tests/workouts/test_comments_models.py
index 139b55fc7..1721d5806 100644
--- a/fittrackee/tests/workouts/test_comments_models.py
+++ b/fittrackee/tests/workouts/test_comments_models.py
@@ -1,36 +1,44 @@
 from datetime import datetime
 from typing import Optional
 
+import pytest
 from flask import Flask
 from freezegun import freeze_time
 
 from fittrackee import db
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
 from fittrackee.utils import encode_uuid
+from fittrackee.workouts.exceptions import InvalidVisibilityException
 from fittrackee.workouts.models import Sport, Workout, WorkoutComment
 
 from ..mixins import RandomMixin
 
 
-class TestWorkoutCommentModel(RandomMixin):
+class WorkoutCommentModelTestCase(RandomMixin):
     def create_comment(
         self,
         user: User,
         workout: Workout,
         text: Optional[str] = None,
+        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
         created_at: Optional[datetime] = None,
     ) -> WorkoutComment:
         text = self.random_string() if text is None else text
         comment = WorkoutComment(
             user_id=user.id,
             workout_id=workout.id,
+            workout_visibility=workout.workout_visibility,
             text=text,
+            text_visibility=text_visibility,
             created_at=created_at,
         )
         db.session.add(comment)
         db.session.commit()
         return comment
 
+
+class TestWorkoutCommentModel(WorkoutCommentModelTestCase):
     def test_comment_model(
         self,
         app: Flask,
@@ -69,6 +77,115 @@ def test_created_date_is_initialized_on_creation_when_not_provided(
 
         assert comment.created_at == now
 
+    def test_privacy_is_private_when_not_provided_on_creation(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        now = datetime.utcnow()
+        with freeze_time(now):
+
+            comment = WorkoutComment(
+                user_id=user_1.id,
+                workout_id=workout_cycling_user_1.id,
+                workout_visibility=workout_cycling_user_1.workout_visibility,
+                text=self.random_string(),
+                created_at=now,
+            )
+
+        assert comment.text_visibility == PrivacyLevel.PRIVATE
+
+    def test_it_raises_error_when_privacy_is_invalid(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        text_visibility = PrivacyLevel.FOLLOWERS_AND_REMOTE
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=(
+                f'invalid visibility: {text_visibility}, '
+                'federation is disabled.'
+            ),
+        ):
+            WorkoutComment(
+                user_id=user_1.id,
+                workout_id=workout_cycling_user_1.id,
+                workout_visibility=workout_cycling_user_1.workout_visibility,
+                text=self.random_string(),
+                text_visibility=text_visibility,
+            )
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility, input_text_visibility',
+        [
+            (PrivacyLevel.PRIVATE, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.PUBLIC),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_initializes_text_visibility_when_workout_visibility_is_not_stricter(  # noqa
+        self,
+        input_workout_visibility: PrivacyLevel,
+        input_text_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+
+        comment = WorkoutComment(
+            user_id=user_1.id,
+            workout_id=workout_cycling_user_1.id,
+            workout_visibility=workout_cycling_user_1.workout_visibility,
+            text=self.random_string(),
+            text_visibility=input_text_visibility,
+        )
+
+        assert comment.text_visibility == input_text_visibility
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility, input_text_visibility',
+        [
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS),
+            (PrivacyLevel.PRIVATE, PrivacyLevel.PUBLIC),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_raises_when_workout_visibility_is_stricter(
+        self,
+        input_workout_visibility: PrivacyLevel,
+        input_text_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=(
+                f'invalid visibility: {input_text_visibility} '
+                f'\\(workout visibility: {input_workout_visibility}\\)'
+            ),
+        ):
+            WorkoutComment(
+                user_id=user_1.id,
+                workout_id=workout_cycling_user_1.id,
+                workout_visibility=workout_cycling_user_1.workout_visibility,
+                text=self.random_string(),
+                text_visibility=input_text_visibility,
+            )
+
     def test_short_id_returns_encoded_comment_uuid(
         self,
         app: Flask,
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index e3b220375..131e9ef76 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -1,6 +1,10 @@
 from fittrackee.exceptions import GenericException
 
 
+class InvalidVisibilityException(Exception):
+    ...
+
+
 class SportNotFoundException(Exception):
     ...
 
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index a9d0b99a1..3660159ba 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -3,6 +3,7 @@
 from typing import Any, Dict, Optional, Tuple, Union
 from uuid import UUID, uuid4
 
+from flask import current_app
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
@@ -19,7 +20,7 @@
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 from fittrackee.utils import encode_uuid
 
-from .exceptions import WorkoutForbiddenException
+from .exceptions import InvalidVisibilityException, WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
 
 record_types = [
@@ -666,16 +667,55 @@ def __init__(
         self,
         user_id: int,
         workout_id: int,
+        workout_visibility: PrivacyLevel,
         text: str,
+        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
         created_at: Optional[datetime.datetime] = None,
     ) -> None:
         self.user_id = user_id
         self.workout_id = workout_id
         self.text = text
+        self.text_visibility = self._check_visibility(
+            workout_visibility, text_visibility
+        )
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
 
+    @staticmethod
+    def _check_visibility(
+        workout_visibility: PrivacyLevel, text_visibility: PrivacyLevel
+    ) -> PrivacyLevel:
+        if (
+            text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+            and not current_app.config['federation_enabled']
+        ):
+            raise InvalidVisibilityException(
+                f'invalid visibility: {text_visibility},'
+                f' federation is disabled.'
+            )
+
+        if (
+            (
+                workout_visibility == PrivacyLevel.PRIVATE
+                and text_visibility != PrivacyLevel.PRIVATE
+            )
+            or (
+                workout_visibility == PrivacyLevel.FOLLOWERS
+                and text_visibility
+                in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE]
+            )
+            or (
+                workout_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+                and text_visibility == PrivacyLevel.PUBLIC
+            )
+        ):
+            raise InvalidVisibilityException(
+                f'invalid visibility: {text_visibility} '
+                f'(workout visibility: {workout_visibility})'
+            )
+        return text_visibility
+
     @property
     def short_id(self) -> str:
         return encode_uuid(self.uuid)

From 0f1c12de87f5b15750a9a62ea9425c69578b76f7 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 7 Jan 2023 19:39:46 +0100
Subject: [PATCH 165/238] API - init route to add comment to a workout (WIP)

---
 fittrackee/exceptions.py                      |   4 +
 fittrackee/federation/objects/exceptions.py   |   2 -
 fittrackee/federation/objects/tombstone.py    |   2 +-
 fittrackee/federation/objects/workout.py      |   2 +-
 .../test_federation_objects_tombstone.py      |   2 +-
 .../test_federation_objects_workout.py        |   2 +-
 .../workouts/test_comments_models.py          |  74 -----
 .../workouts/test_workouts_comments_api.py    | 127 +++++++
 .../workouts/test_workouts_comments_models.py | 206 ++++++++++++
 .../workouts/test_workouts_models.py          |   2 +-
 .../workouts/test_workouts_comments_api.py    | 311 ++++++++++++++++++
 ...ls.py => test_workouts_comments_models.py} | 210 +++++++++++-
 fittrackee/workouts/exceptions.py             |   9 +-
 fittrackee/workouts/models.py                 |  31 +-
 fittrackee/workouts/workouts.py               |  60 +++-
 15 files changed, 954 insertions(+), 90 deletions(-)
 delete mode 100644 fittrackee/federation/objects/exceptions.py
 delete mode 100644 fittrackee/tests/federation/workouts/test_comments_models.py
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_comments_api.py
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_comments_models.py
 create mode 100644 fittrackee/tests/workouts/test_workouts_comments_api.py
 rename fittrackee/tests/workouts/{test_comments_models.py => test_workouts_comments_models.py} (50%)

diff --git a/fittrackee/exceptions.py b/fittrackee/exceptions.py
index 4ec38e3d8..d0becee3a 100644
--- a/fittrackee/exceptions.py
+++ b/fittrackee/exceptions.py
@@ -9,3 +9,7 @@ def __init__(
         self.status = status
         self.message = message
         self.e = e
+
+
+class InvalidVisibilityException(Exception):
+    ...
diff --git a/fittrackee/federation/objects/exceptions.py b/fittrackee/federation/objects/exceptions.py
deleted file mode 100644
index c36245ef2..000000000
--- a/fittrackee/federation/objects/exceptions.py
+++ /dev/null
@@ -1,2 +0,0 @@
-class InvalidVisibilityException(Exception):
-    ...
diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
index 20571f406..62021db76 100644
--- a/fittrackee/federation/objects/tombstone.py
+++ b/fittrackee/federation/objects/tombstone.py
@@ -1,11 +1,11 @@
 from typing import TYPE_CHECKING, Dict
 
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 
 from ..constants import AP_CTX, PUBLIC_STREAM
 from ..enums import ActivityType
 from .base_object import BaseObject
-from .exceptions import InvalidVisibilityException
 
 if TYPE_CHECKING:
     from fittrackee.workouts.models import Workout
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index b150deb8c..3001afc89 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -1,5 +1,6 @@
 from typing import TYPE_CHECKING, Dict
 
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 
@@ -7,7 +8,6 @@
 from ..enums import ActivityType
 from ..exceptions import InvalidWorkoutException
 from .base_object import BaseObject
-from .exceptions import InvalidVisibilityException
 from .templates.workout_note import WORKOUT_NOTE
 
 if TYPE_CHECKING:
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
index be48dc1c2..a8cd60c64 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -1,8 +1,8 @@
 import pytest
 from flask import Flask
 
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.constants import AP_CTX, PUBLIC_STREAM
-from fittrackee.federation.objects.exceptions import InvalidVisibilityException
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index 75ccdde5a..b902ff486 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -3,9 +3,9 @@
 import pytest
 from flask import Flask
 
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.federation.exceptions import InvalidWorkoutException
-from fittrackee.federation.objects.exceptions import InvalidVisibilityException
 from fittrackee.federation.objects.workout import (
     WorkoutObject,
     convert_duration_string_to_seconds,
diff --git a/fittrackee/tests/federation/workouts/test_comments_models.py b/fittrackee/tests/federation/workouts/test_comments_models.py
deleted file mode 100644
index cb74f1c1f..000000000
--- a/fittrackee/tests/federation/workouts/test_comments_models.py
+++ /dev/null
@@ -1,74 +0,0 @@
-import pytest
-from flask import Flask
-
-from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.users.models import User
-from fittrackee.workouts.exceptions import InvalidVisibilityException
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
-
-from ...mixins import RandomMixin
-
-
-class TestWorkoutCommentModel(RandomMixin):
-    @pytest.mark.parametrize(
-        'input_workout_visibility, input_text_visibility',
-        [
-            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.FOLLOWERS),
-            (
-                PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                PrivacyLevel.FOLLOWERS_AND_REMOTE,
-            ),
-            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE),
-        ],
-    )
-    def test_it_initializes_text_visibility_when_workout_visibility_is_not_stricter(  # noqa
-        self,
-        input_workout_visibility: PrivacyLevel,
-        input_text_visibility: PrivacyLevel,
-        app_with_federation: Flask,
-        sport_1_cycling: Sport,
-        user_1: User,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.workout_visibility = input_workout_visibility
-        comment = WorkoutComment(
-            user_id=user_1.id,
-            workout_id=workout_cycling_user_1.id,
-            workout_visibility=workout_cycling_user_1.workout_visibility,
-            text=self.random_string(),
-            text_visibility=input_text_visibility,
-        )
-
-        assert comment.text_visibility == input_text_visibility
-
-    @pytest.mark.parametrize(
-        'input_workout_visibility, input_text_visibility',
-        [
-            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE),
-        ],
-    )
-    def test_it_raises_when_workout_visibility_is_stricter(
-        self,
-        input_workout_visibility: PrivacyLevel,
-        input_text_visibility: PrivacyLevel,
-        app_with_federation: Flask,
-        sport_1_cycling: Sport,
-        user_1: User,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.workout_visibility = input_workout_visibility
-        with pytest.raises(
-            InvalidVisibilityException,
-            match=(
-                f'invalid visibility: {input_text_visibility} '
-                f'\\(workout visibility: {input_workout_visibility}\\)'
-            ),
-        ):
-            WorkoutComment(
-                user_id=user_1.id,
-                workout_id=workout_cycling_user_1.id,
-                workout_visibility=workout_cycling_user_1.workout_visibility,
-                text=self.random_string(),
-                text_visibility=input_text_visibility,
-            )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
new file mode 100644
index 000000000..599eff34c
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -0,0 +1,127 @@
+import json
+
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+
+from ...mixins import ApiTestCaseMixin, BaseTestMixin
+from ...utils import jsonify_dict
+
+
+class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
+    @pytest.mark.parametrize(
+        'input_workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_returns_404_when_user_can_not_access_workout(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{remote_cycling_workout.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {remote_cycling_workout.short_id})",
+        )
+
+    def test_it_returns_404_when_follower_can_not_access_workout(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PRIVATE
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{remote_cycling_workout.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {remote_cycling_workout.short_id})",
+        )
+
+    def test_it_returns_201_when_comment_is_created(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        remote_cycling_workout.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment_text = self.random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{remote_cycling_workout.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=comment_text,
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=remote_cycling_workout.id
+        ).first()
+        assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
new file mode 100644
index 000000000..3b1a31e39
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -0,0 +1,206 @@
+import pytest
+from flask import Flask
+
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.workouts.test_workouts_comments_models import (
+    WorkoutCommentModelTestCase,
+)
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.exceptions import CommentForbiddenException
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+
+from ...mixins import RandomMixin
+
+
+class TestWorkoutCommentModel(RandomMixin):
+    @pytest.mark.parametrize(
+        'input_workout_visibility, input_text_visibility',
+        [
+            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.FOLLOWERS),
+            (
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            ),
+            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_initializes_text_visibility_when_workout_visibility_is_not_stricter(  # noqa
+        self,
+        input_workout_visibility: PrivacyLevel,
+        input_text_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        comment = WorkoutComment(
+            user_id=user_1.id,
+            workout_id=workout_cycling_user_1.id,
+            workout_visibility=workout_cycling_user_1.workout_visibility,
+            text=self.random_string(),
+            text_visibility=input_text_visibility,
+        )
+
+        assert comment.text_visibility == input_text_visibility
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility, input_text_visibility',
+        [
+            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE),
+        ],
+    )
+    def test_it_raises_when_workout_visibility_is_stricter(
+        self,
+        input_workout_visibility: PrivacyLevel,
+        input_text_visibility: PrivacyLevel,
+        app_with_federation: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=(
+                f'invalid visibility: {input_text_visibility} '
+                f'\\(workout visibility: {input_workout_visibility}\\)'
+            ),
+        ):
+            WorkoutComment(
+                user_id=user_1.id,
+                workout_id=workout_cycling_user_1.id,
+                workout_visibility=workout_cycling_user_1.workout_visibility,
+                text=self.random_string(),
+                text_visibility=input_text_visibility,
+            )
+
+
+class TestWorkoutCommentModelSerializeForCommentOwner(
+    WorkoutCommentModelTestCase
+):
+    def test_it_serializes_owner_comment(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'user_id': user_1.id,
+            'workout_id': workout_cycling_user_1.id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+        }
+
+
+class TestWorkoutCommentModelSerializeForRemoteFollower(
+    WorkoutCommentModelTestCase
+):
+    def test_it_raises_error_when_user_does_not_follow_comment_user(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        user_1: User,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=remote_user,
+            workout=remote_cycling_workout,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize(user_1)
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_serializes_comment_for_follower_when_privacy_allows_it(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        remote_cycling_workout.workout_visibility = input_visibility
+        comment = self.create_comment(
+            user=remote_user,
+            workout=remote_cycling_workout,
+            text_visibility=input_visibility,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'user_id': remote_user.id,
+            'workout_id': remote_cycling_workout.id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+        }
+
+
+class TestWorkoutCommentModelSerializeForUser(WorkoutCommentModelTestCase):
+    def test_it_raises_error_when_comment_is_visible_to_remote_follower(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=remote_user,
+            workout=remote_cycling_workout,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize(user_1)
+
+
+class TestWorkoutCommentModelSerializeForUnauthenticatedUser(
+    WorkoutCommentModelTestCase
+):
+    def test_it_raises_error_when_comment_is_visible_to_remote_follower(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=remote_cycling_workout,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize()
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index f0cd0f604..4a3becf25 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -1,7 +1,7 @@
 import pytest
 from flask import Flask
 
-from fittrackee.federation.objects.exceptions import InvalidVisibilityException
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.test_workouts_model import WorkoutModelTestCase
 from fittrackee.users.models import User
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
new file mode 100644
index 000000000..b4307dab8
--- /dev/null
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -0,0 +1,311 @@
+import json
+
+import pytest
+from flask import Flask
+
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+
+from ..mixins import ApiTestCaseMixin, BaseTestMixin
+from ..utils import jsonify_dict
+
+
+class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_400_when_text_is_missing(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(response)
+
+    def test_it_returns_400_when_visibility_is_missing(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_domain(),
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(response)
+
+    def test_it_returns_404_when_workout_does_not_exist(
+        self, app: Flask, user_1: User
+    ) -> None:
+        workout_short_id = self.random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_short_id})",
+        )
+
+    @pytest.mark.parametrize(
+        'input_workout_visibility',
+        [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE],
+    )
+    def test_it_returns_404_when_user_can_not_access_workout(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = input_workout_visibility
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_cycling_user_2.short_id})",
+        )
+
+    def test_it_returns_400_when_comment_visibility_is_invalid(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.PUBLIC,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(
+            response,
+            f"invalid visibility: {PrivacyLevel.PUBLIC} "
+            f"(workout visibility: {PrivacyLevel.FOLLOWERS})",
+        )
+
+    def test_it_returns_500_when_data_is_invalid(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=self.random_string(),
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_500(response, 'Error during comment save.', 'fail')
+        assert WorkoutComment.query.all() == []
+
+    def test_it_returns_201_when_comment_is_created(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment_text = self.random_string()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=comment_text,
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                    workout_id=workout_cycling_user_2.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {access_token}",
+            ),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/workouts/test_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
similarity index 50%
rename from fittrackee/tests/workouts/test_comments_models.py
rename to fittrackee/tests/workouts/test_workouts_comments_models.py
index 1721d5806..1cc7c3b29 100644
--- a/fittrackee/tests/workouts/test_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -6,10 +6,11 @@
 from freezegun import freeze_time
 
 from fittrackee import db
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.users.models import User
+from fittrackee.users.models import FollowRequest, User
 from fittrackee.utils import encode_uuid
-from fittrackee.workouts.exceptions import InvalidVisibilityException
+from fittrackee.workouts.exceptions import CommentForbiddenException
 from fittrackee.workouts.models import Sport, Workout, WorkoutComment
 
 from ..mixins import RandomMixin
@@ -213,3 +214,208 @@ def test_it_returns_string_representation(
         )
 
         assert str(comment) == f'<WorkoutComment {comment.id}>'
+
+
+class TestWorkoutCommentModelSerializeForCommentOwner(
+    WorkoutCommentModelTestCase
+):
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC],
+    )
+    def test_it_serializes_owner_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_visibility
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=input_visibility,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'user_id': user_1.id,
+            'workout_id': workout_cycling_user_1.id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+        }
+
+
+class TestWorkoutCommentModelSerializeForFollower(WorkoutCommentModelTestCase):
+    def test_it_raises_error_when_user_does_not_follow_comment_owner(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize(user_2)
+
+    def test_it_raises_error_when_privacy_does_not_allow_it(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize(user_2)
+
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC]
+    )
+    def test_it_serializes_comment_for_follower_when_privacy_allows_it(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = input_visibility
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=input_visibility,
+        )
+
+        serialized_comment = comment.serialize(user_2)
+
+        assert serialized_comment == {
+            'user_id': user_1.id,
+            'workout_id': workout_cycling_user_1.id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+        }
+
+
+class TestWorkoutCommentModelSerializeForUser(WorkoutCommentModelTestCase):
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
+    )
+    def test_it_raises_error_when_comment_is_not_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=input_visibility,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize(user_2)
+
+    def test_it_serializes_comment_when_comment_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        # TODO: mentions
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        serialized_comment = comment.serialize(user_2)
+
+        assert serialized_comment == {
+            'user_id': user_1.id,
+            'workout_id': workout_cycling_user_1.id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+        }
+
+
+class TestWorkoutCommentModelSerializeForUnauthenticatedUser(
+    WorkoutCommentModelTestCase
+):
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
+    )
+    def test_it_raises_error_when_comment_is_not_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=input_visibility,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize()
+
+    def test_it_serializes_comment_when_comment_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        # TODO: mentions
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        serialized_comment = comment.serialize()
+
+        assert serialized_comment == {
+            'user_id': user_1.id,
+            'workout_id': workout_cycling_user_1.id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+        }
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index 131e9ef76..436885187 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -1,10 +1,6 @@
 from fittrackee.exceptions import GenericException
 
 
-class InvalidVisibilityException(Exception):
-    ...
-
-
 class SportNotFoundException(Exception):
     ...
 
@@ -17,6 +13,11 @@ class WorkoutGPXException(GenericException):
     ...
 
 
+class CommentForbiddenException(GenericException):
+    def __init__(self) -> None:
+        super().__init__('error', 'you do not have permissions')
+
+
 class WorkoutForbiddenException(GenericException):
     def __init__(self) -> None:
         super().__init__('error', 'you do not have permissions')
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 3660159ba..f6b51223a 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -1,6 +1,6 @@
 import datetime
 import os
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import TYPE_CHECKING, Any, Dict, Optional, Tuple, Union
 from uuid import UUID, uuid4
 
 from flask import current_app
@@ -13,6 +13,7 @@
 from sqlalchemy.types import JSON, Enum
 
 from fittrackee import BaseModel, appLog, db
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
@@ -20,9 +21,13 @@
 from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
 from fittrackee.utils import encode_uuid
 
-from .exceptions import InvalidVisibilityException, WorkoutForbiddenException
+from .exceptions import CommentForbiddenException, WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
 
+if TYPE_CHECKING:
+    from fittrackee.users.models import User
+
+
 record_types = [
     'AS',  # 'Best Average Speed'
     'FD',  # 'Farthest Distance'
@@ -719,3 +724,25 @@ def _check_visibility(
     @property
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
+
+    def serialize(self, user: Optional['User'] = None) -> Dict:
+        # TODO: mentions
+        if (
+            self.text_visibility != PrivacyLevel.PUBLIC
+            and user != self.user
+            and (
+                (user not in self.user.followers)
+                or (
+                    user in self.user.followers
+                    and self.text_visibility == PrivacyLevel.PRIVATE
+                )
+            )
+        ):
+            raise CommentForbiddenException
+        return {
+            'user_id': self.user_id,
+            'workout_id': self.workout_id,
+            'text': self.text,
+            'text_visibility': self.text_visibility,
+            'created_at': self.created_at,
+        }
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 11ec1a91e..55fc31eca 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -18,6 +18,7 @@
 from werkzeug.utils import secure_filename
 
 from fittrackee import appLog, db, limiter
+from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.tasks.inbox import send_to_remote_inbox
 from fittrackee.federation.utils import sending_activities_allowed
 from fittrackee.oauth2.server import require_auth
@@ -37,7 +38,7 @@
 from fittrackee.users.models import User
 from fittrackee.utils import decode_short_id
 
-from .models import Workout
+from .models import Workout, WorkoutComment
 from .utils.convert import convert_in_duration
 from .utils.gpx import (
     WorkoutGPXException,
@@ -1532,3 +1533,60 @@ def delete_workout(
         OSError,
     ) as e:
         return handle_error_and_return_response(e, db=db)
+
+
+@workouts_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments", methods=["POST"]
+)
+@require_auth(scopes=["workouts:write"])
+def add_workout_comment(
+    auth_user: User, workout_short_id: str
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    comment_data = request.get_json()
+    if (
+        not comment_data
+        or not comment_data.get('text')
+        or not comment_data.get('text_visibility')
+    ):
+        return InvalidPayloadErrorResponse()
+
+    workout_uuid = decode_short_id(workout_short_id)
+    workout = Workout.query.filter_by(uuid=workout_uuid).first()
+    if not workout:
+        return NotFoundErrorResponse(
+            f"workout not found (id: {workout_short_id})"
+        )
+
+    can_view, _ = can_view_workout(workout, 'workout_visibility', auth_user)
+    if not can_view:
+        return NotFoundErrorResponse(
+            f"workout not found (id: {workout_short_id})"
+        )
+
+    try:
+        new_comment = WorkoutComment(
+            user_id=auth_user.id,
+            workout_id=workout.id,
+            workout_visibility=workout.workout_visibility,
+            text=comment_data['text'],
+            text_visibility=PrivacyLevel(comment_data['text_visibility']),
+        )
+        db.session.add(new_comment)
+        db.session.commit()
+
+        return (
+            {
+                'status': 'created',
+                'comment': new_comment.serialize(auth_user),
+            },
+            201,
+        )
+    except InvalidVisibilityException as e:
+        return InvalidPayloadErrorResponse(message=str(e))
+    except (exc.IntegrityError, ValueError) as e:
+        return handle_error_and_return_response(
+            error=e,
+            message='Error during comment save.',
+            status='fail',
+            db=db,
+        )

From 51c41ccb8704bbd9a12ebece1bff2667ab87bc4f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 8 Jan 2023 09:26:15 +0100
Subject: [PATCH 166/238] API - init route to get workout comment (WIP)

---
 .../workouts/test_workouts_comments_api.py    | 191 +++++++++
 .../workouts/test_workouts_comments_models.py |  38 +-
 .../workouts/test_workouts_comments_api.py    | 375 ++++++++++++++++++
 .../workouts/test_workouts_comments_models.py |  39 +-
 fittrackee/tests/workouts/utils.py            |  29 ++
 fittrackee/workouts/models.py                 |  13 +-
 .../workouts/utils/comment_visibility.py      |  38 ++
 fittrackee/workouts/workouts.py               |  39 ++
 8 files changed, 707 insertions(+), 55 deletions(-)
 create mode 100644 fittrackee/workouts/utils/comment_visibility.py

diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 599eff34c..9e9293310 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -9,6 +9,7 @@
 
 from ...mixins import ApiTestCaseMixin, BaseTestMixin
 from ...utils import jsonify_dict
+from ...workouts.utils import WorkoutCommentMixin
 
 
 class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
@@ -125,3 +126,193 @@ def test_it_returns_201_when_comment_is_created(
             user_id=user_1.id, workout_id=remote_cycling_workout.id
         ).first()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
+
+
+class TestGetWorkoutCommentAsUser(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {workout_comment.short_id})",
+        )
+
+
+class TestGetWorkoutCommentAsFollower(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutCommentAsRemoteFollower(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        user_1.send_follow_request_to(remote_user)
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutCommentAsOwner(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutCommentAsUnauthenticatedUser(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {workout_comment.short_id})",
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index 3b1a31e39..98d9c6e79 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -3,9 +3,7 @@
 
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.tests.workouts.test_workouts_comments_models import (
-    WorkoutCommentModelTestCase,
-)
+from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.exceptions import CommentForbiddenException
 from fittrackee.workouts.models import Sport, Workout, WorkoutComment
@@ -78,9 +76,7 @@ def test_it_raises_when_workout_visibility_is_stricter(
             )
 
 
-class TestWorkoutCommentModelSerializeForCommentOwner(
-    WorkoutCommentModelTestCase
-):
+class TestWorkoutCommentModelSerializeForCommentOwner(WorkoutCommentMixin):
     def test_it_serializes_owner_comment(
         self,
         app_with_federation: Flask,
@@ -108,9 +104,7 @@ def test_it_serializes_owner_comment(
         }
 
 
-class TestWorkoutCommentModelSerializeForRemoteFollower(
-    WorkoutCommentModelTestCase
-):
+class TestWorkoutCommentModelSerializeForRemoteFollower(WorkoutCommentMixin):
     def test_it_raises_error_when_user_does_not_follow_comment_user(
         self,
         app_with_federation: Flask,
@@ -131,6 +125,28 @@ def test_it_raises_error_when_user_does_not_follow_comment_user(
         with pytest.raises(CommentForbiddenException):
             comment.serialize(user_1)
 
+    def test_it_raises_error_when_privacy_does_not_allows_it(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        user_1: User,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        remote_cycling_workout.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=remote_user,
+            workout=remote_cycling_workout,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            comment.serialize(user_1)
+
     @pytest.mark.parametrize(
         'input_visibility',
         [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
@@ -164,7 +180,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         }
 
 
-class TestWorkoutCommentModelSerializeForUser(WorkoutCommentModelTestCase):
+class TestWorkoutCommentModelSerializeForUser(WorkoutCommentMixin):
     def test_it_raises_error_when_comment_is_visible_to_remote_follower(
         self,
         app_with_federation: Flask,
@@ -185,7 +201,7 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
 
 
 class TestWorkoutCommentModelSerializeForUnauthenticatedUser(
-    WorkoutCommentModelTestCase
+    WorkoutCommentMixin
 ):
     def test_it_raises_error_when_comment_is_visible_to_remote_follower(
         self,
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index b4307dab8..d546ad727 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -9,6 +9,7 @@
 
 from ..mixins import ApiTestCaseMixin, BaseTestMixin
 from ..utils import jsonify_dict
+from .utils import WorkoutCommentMixin
 
 
 class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
@@ -309,3 +310,377 @@ def test_expected_scopes_are_defined(
         )
 
         self.assert_response_scope(response, can_access)
+
+
+class TestGetWorkoutCommentAsUser(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_404_when_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_short_id = self.random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_short_id}/"
+            f"comments/{self.random_short_id()}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_short_id})",
+        )
+
+    def test_it_returns_404_when_workout_comment_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_comment_short_id = self.random_short_id()
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment_short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {workout_comment_short_id})",
+        )
+
+    @pytest.mark.parametrize(
+        'input_text_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
+    )
+    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {workout_comment.short_id})",
+        )
+
+    def test_it_returns_comment_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutCommentAsFollower(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_2.approves_follow_request_from(user_3)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {workout_comment.short_id})",
+        )
+
+    @pytest.mark.parametrize(
+        'input_text_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC]
+    )
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutCommentAsOwner(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    @pytest.mark.parametrize(
+        'input_text_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC],
+    )
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutCommentAsUnauthenticatedUser(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    @pytest.mark.parametrize(
+        'input_text_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS],
+    )
+    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {workout_comment.short_id})",
+        )
+
+    def test_it_returns_comment_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(workout_comment.serialize())
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', True),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {access_token}",
+            ),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index 1cc7c3b29..55b636f58 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -1,11 +1,9 @@
 from datetime import datetime
-from typing import Optional
 
 import pytest
 from flask import Flask
 from freezegun import freeze_time
 
-from fittrackee import db
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
@@ -13,33 +11,10 @@
 from fittrackee.workouts.exceptions import CommentForbiddenException
 from fittrackee.workouts.models import Sport, Workout, WorkoutComment
 
-from ..mixins import RandomMixin
+from .utils import WorkoutCommentMixin
 
 
-class WorkoutCommentModelTestCase(RandomMixin):
-    def create_comment(
-        self,
-        user: User,
-        workout: Workout,
-        text: Optional[str] = None,
-        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
-        created_at: Optional[datetime] = None,
-    ) -> WorkoutComment:
-        text = self.random_string() if text is None else text
-        comment = WorkoutComment(
-            user_id=user.id,
-            workout_id=workout.id,
-            workout_visibility=workout.workout_visibility,
-            text=text,
-            text_visibility=text_visibility,
-            created_at=created_at,
-        )
-        db.session.add(comment)
-        db.session.commit()
-        return comment
-
-
-class TestWorkoutCommentModel(WorkoutCommentModelTestCase):
+class TestWorkoutCommentModel(WorkoutCommentMixin):
     def test_comment_model(
         self,
         app: Flask,
@@ -216,9 +191,7 @@ def test_it_returns_string_representation(
         assert str(comment) == f'<WorkoutComment {comment.id}>'
 
 
-class TestWorkoutCommentModelSerializeForCommentOwner(
-    WorkoutCommentModelTestCase
-):
+class TestWorkoutCommentModelSerializeForCommentOwner(WorkoutCommentMixin):
     @pytest.mark.parametrize(
         'input_visibility',
         [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC],
@@ -249,7 +222,7 @@ def test_it_serializes_owner_comment(
         }
 
 
-class TestWorkoutCommentModelSerializeForFollower(WorkoutCommentModelTestCase):
+class TestWorkoutCommentModelSerializeForFollower(WorkoutCommentMixin):
     def test_it_raises_error_when_user_does_not_follow_comment_owner(
         self,
         app: Flask,
@@ -321,7 +294,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         }
 
 
-class TestWorkoutCommentModelSerializeForUser(WorkoutCommentModelTestCase):
+class TestWorkoutCommentModelSerializeForUser(WorkoutCommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
     )
@@ -372,7 +345,7 @@ def test_it_serializes_comment_when_comment_is_public(
 
 
 class TestWorkoutCommentModelSerializeForUnauthenticatedUser(
-    WorkoutCommentModelTestCase
+    WorkoutCommentMixin
 ):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 50bca1e6b..2ab067706 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -1,10 +1,16 @@
 import json
+from datetime import datetime
 from io import BytesIO
 from typing import Optional, Tuple
 
 from flask import Flask
 
+from fittrackee import db
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Workout, WorkoutComment
+
+from ..mixins import RandomMixin
 
 
 def post_a_workout(
@@ -38,3 +44,26 @@ def post_a_workout(
     )
     data = json.loads(response.data.decode())
     return token, data['data']['workouts'][0]['id']
+
+
+class WorkoutCommentMixin(RandomMixin):
+    def create_comment(
+        self,
+        user: User,
+        workout: Workout,
+        text: Optional[str] = None,
+        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
+        created_at: Optional[datetime] = None,
+    ) -> WorkoutComment:
+        text = self.random_string() if text is None else text
+        comment = WorkoutComment(
+            user_id=user.id,
+            workout_id=workout.id,
+            workout_visibility=workout.workout_visibility,
+            text=text,
+            text_visibility=text_visibility,
+            created_at=created_at,
+        )
+        db.session.add(comment)
+        db.session.commit()
+        return comment
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index f6b51223a..2b575185a 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -22,6 +22,7 @@
 from fittrackee.utils import encode_uuid
 
 from .exceptions import CommentForbiddenException, WorkoutForbiddenException
+from .utils.comment_visibility import can_view_workout_comment
 from .utils.convert import convert_in_duration, convert_value_to_integer
 
 if TYPE_CHECKING:
@@ -727,17 +728,7 @@ def short_id(self) -> str:
 
     def serialize(self, user: Optional['User'] = None) -> Dict:
         # TODO: mentions
-        if (
-            self.text_visibility != PrivacyLevel.PUBLIC
-            and user != self.user
-            and (
-                (user not in self.user.followers)
-                or (
-                    user in self.user.followers
-                    and self.text_visibility == PrivacyLevel.PRIVATE
-                )
-            )
-        ):
+        if not can_view_workout_comment(self, user):
             raise CommentForbiddenException
         return {
             'user_id': self.user_id,
diff --git a/fittrackee/workouts/utils/comment_visibility.py b/fittrackee/workouts/utils/comment_visibility.py
new file mode 100644
index 000000000..7fbc309ad
--- /dev/null
+++ b/fittrackee/workouts/utils/comment_visibility.py
@@ -0,0 +1,38 @@
+from typing import TYPE_CHECKING, Optional
+
+from fittrackee.privacy_levels import PrivacyLevel
+
+if TYPE_CHECKING:
+    from fittrackee.users.models import User
+    from fittrackee.workouts.models import WorkoutComment
+
+
+def can_view_workout_comment(
+    workout_comment: 'WorkoutComment',
+    user: Optional['User'] = None,
+) -> bool:
+    # TODO: handle mentions
+    if (
+        workout_comment.text_visibility == PrivacyLevel.PUBLIC
+        or user == workout_comment.user
+    ):
+        return True
+
+    if not user:
+        return False
+
+    if (
+        workout_comment.text_visibility == PrivacyLevel.FOLLOWERS
+        and user in workout_comment.user.followers
+        and user.is_remote is False
+        and workout_comment.user.is_remote is False
+    ):
+        return True
+
+    if (
+        workout_comment.text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+        and user in workout_comment.user.followers
+    ):
+        return True
+
+    return False
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 55fc31eca..aa0518bc6 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -39,6 +39,7 @@
 from fittrackee.utils import decode_short_id
 
 from .models import Workout, WorkoutComment
+from .utils.comment_visibility import can_view_workout_comment
 from .utils.convert import convert_in_duration
 from .utils.gpx import (
     WorkoutGPXException,
@@ -1590,3 +1591,41 @@ def add_workout_comment(
             status='fail',
             db=db,
         )
+
+
+@workouts_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
+    methods=["GET"],
+)
+@require_auth(scopes=['workouts:read'], optional_auth_user=True)
+def get_workout_comment(
+    auth_user: Optional[User], workout_short_id: str, comment_short_id: str
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    workout_uuid = decode_short_id(workout_short_id)
+    workout = Workout.query.filter_by(uuid=workout_uuid).first()
+    if not workout:
+        return NotFoundErrorResponse(
+            f"workout not found (id: {workout_short_id})"
+        )
+
+    workout_comment_uuid = decode_short_id(comment_short_id)
+    workout_comment = WorkoutComment.query.filter_by(
+        uuid=workout_comment_uuid
+    ).first()
+    if not workout_comment:
+        return NotFoundErrorResponse(
+            f"workout comment not found (id: {comment_short_id})"
+        )
+
+    if not can_view_workout_comment(workout_comment, auth_user):
+        return NotFoundErrorResponse(
+            f"workout comment not found (id: {comment_short_id})"
+        )
+
+    return (
+        {
+            'status': 'success',
+            'comment': workout_comment.serialize(auth_user),
+        },
+        200,
+    )

From ab33524a25f5244da7634cb106d07c6c56b923ac Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 8 Jan 2023 16:05:36 +0100
Subject: [PATCH 167/238] API - init Create activity for workout comment (Note)
 + refacto

---
 fittrackee/federation/objects/base_object.py  |  50 +++++++
 fittrackee/federation/objects/comments.py     |  35 +++++
 fittrackee/federation/objects/workout.py      |  55 +------
 .../test_federation_objects_workout.py        |  64 +++------
 ...test_federation_objects_workout_comment.py | 135 ++++++++++++++++++
 .../workouts/test_workouts_api_post.py        | 127 +++++++++++++++-
 fittrackee/workouts/utils/workouts.py         |   3 +
 fittrackee/workouts/workouts.py               |  12 +-
 8 files changed, 381 insertions(+), 100 deletions(-)
 create mode 100644 fittrackee/federation/objects/comments.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py

diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index a93d6b188..9a719ee85 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -1,6 +1,12 @@
 from abc import ABC, abstractmethod
+from datetime import datetime
 from typing import TYPE_CHECKING, Dict
 
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.privacy_levels import PrivacyLevel
+
+from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
+
 if TYPE_CHECKING:
     from ..enums import ActivityType
     from ..models import Actor
@@ -10,6 +16,50 @@ class BaseObject(ABC):
     id: str
     type: 'ActivityType'
     actor: 'Actor'
+    visibility: 'PrivacyLevel'
+    activity_id: str
+    object_url: str
+    published: str
+
+    @staticmethod
+    def _check_visibility(visibility: PrivacyLevel) -> None:
+        if visibility in [
+            PrivacyLevel.PRIVATE,
+            PrivacyLevel.FOLLOWERS,
+        ]:
+            raise InvalidVisibilityException(
+                f"object visibility is: '{visibility}'"
+            )
+
+    def _init_activity_dict(self) -> Dict:
+        activity = {
+            '@context': AP_CTX,
+            'type': self.type.value,
+            'id': f"{self.activity_id}/activity",
+            'actor': self.actor.activitypub_id,
+            'published': self.published,
+            'object': {
+                'id': self.activity_id,
+                'published': self.published,
+                'url': self.object_url,
+                'attributedTo': self.actor.activitypub_id,
+            },
+        }
+        if self.visibility == PrivacyLevel.PUBLIC:
+            activity['to'] = [PUBLIC_STREAM]
+            activity['cc'] = [self.actor.followers_url]
+            activity['object']['to'] = [PUBLIC_STREAM]
+            activity['object']['cc'] = [self.actor.followers_url]
+        else:
+            activity['to'] = [self.actor.followers_url]
+            activity['cc'] = []
+            activity['object']['to'] = [self.actor.followers_url]
+            activity['object']['cc'] = []
+        return activity
+
+    @staticmethod
+    def _get_published_date(object_date: datetime) -> str:
+        return object_date.strftime(DATE_FORMAT)
 
     @abstractmethod
     def get_activity(self) -> Dict:
diff --git a/fittrackee/federation/objects/comments.py b/fittrackee/federation/objects/comments.py
new file mode 100644
index 000000000..ecd182739
--- /dev/null
+++ b/fittrackee/federation/objects/comments.py
@@ -0,0 +1,35 @@
+from typing import TYPE_CHECKING, Dict
+
+from ..enums import ActivityType
+from .base_object import BaseObject
+
+if TYPE_CHECKING:
+    from fittrackee.workouts.models import Workout, WorkoutComment
+
+
+class WorkoutCommentObject(BaseObject):
+
+    workout: 'Workout'
+    workout_comment: 'WorkoutComment'
+
+    def __init__(
+        self, workout_comment: 'WorkoutComment', activity_type: str
+    ) -> None:
+        self._check_visibility(workout_comment.text_visibility)
+        self.workout_comment = workout_comment
+        self.visibility = workout_comment.text_visibility
+        self.workout = workout_comment.workout
+        self.type = ActivityType(activity_type)
+        self.actor = self.workout_comment.user.actor
+        self.activity_id = self.workout_comment.ap_id
+        self.published = self._get_published_date(
+            self.workout_comment.created_at
+        )
+        self.object_url = self.workout_comment.remote_url
+        self.activity_dict = self._init_activity_dict()
+
+    def get_activity(self) -> Dict:
+        self.activity_dict['object']['type'] = 'Note'
+        self.activity_dict['object']['content'] = self.workout_comment.text
+        self.activity_dict['object']['inReplyTo'] = self.workout.ap_id
+        return self.activity_dict
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index 3001afc89..3c4dde5dc 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -1,10 +1,7 @@
 from typing import TYPE_CHECKING, Dict
 
-from fittrackee.exceptions import InvalidVisibilityException
-from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 
-from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from ..enums import ActivityType
 from ..exceptions import InvalidWorkoutException
 from .base_object import BaseObject
@@ -18,40 +15,16 @@ class WorkoutObject(BaseObject):
     workout: 'Workout'
 
     def __init__(self, workout: 'Workout', activity_type: str) -> None:
-        if workout.workout_visibility in [
-            PrivacyLevel.PRIVATE,
-            PrivacyLevel.FOLLOWERS,
-        ]:
-            raise InvalidVisibilityException(
-                f"object visibility is: '{workout.workout_visibility.value}'"
-            )
+        self._check_visibility(workout.workout_visibility)
         self.workout = workout
+        self.visibility = workout.workout_visibility
         self.type = ActivityType(activity_type)
         self.actor = self.workout.user.actor
-        self.activity_id = (
-            f'{self.actor.activitypub_id}/workouts/{self.workout.short_id}'
-        )
-        self.published = self.workout.creation_date.strftime(DATE_FORMAT)
-        self.workout_url = (
-            f'https://{self.actor.domain.name}/'
-            f'workouts/{self.workout.short_id}'
-        )
+        self.activity_id = self.workout.ap_id
+        self.published = self._get_published_date(self.workout.creation_date)
+        self.object_url = self.workout.remote_url
         self.activity_dict = self._init_activity_dict()
 
-    def _init_activity_dict(self) -> Dict:
-        return {
-            '@context': AP_CTX,
-            'type': self.type.value,
-            'actor': self.actor.activitypub_id,
-            'published': self.published,
-            'object': {
-                'id': self.activity_id,
-                'published': self.published,
-                'url': self.workout_url,
-                'attributedTo': self.actor.activitypub_id,
-            },
-        }
-
     def _get_note_content(self) -> str:
         # TODO:
         # handle translation and imperial units depending on user preferences
@@ -60,22 +33,9 @@ def _get_note_content(self) -> str:
             workout_title=self.workout.title,
             workout_distance=self.workout.distance,
             workout_duration=self.workout.duration,
-            workout_url=self.workout_url,
+            workout_url=self.object_url,
         )
 
-    def _update_activity_recipients(self, activity: Dict) -> Dict:
-        if self.workout.workout_visibility == PrivacyLevel.PUBLIC:
-            activity['to'] = [PUBLIC_STREAM]
-            activity['cc'] = [self.actor.followers_url]
-            activity['object']['to'] = [PUBLIC_STREAM]
-            activity['object']['cc'] = [self.actor.followers_url]
-        else:
-            activity['to'] = [self.actor.followers_url]
-            activity['cc'] = []
-            activity['object']['to'] = [self.actor.followers_url]
-            activity['object']['cc'] = []
-        return activity
-
     def get_activity(self, is_note: bool = False) -> Dict:
         activity = self.activity_dict.copy()
         # for non-FitTrackee instances (like Mastodon)
@@ -85,7 +45,6 @@ def get_activity(self, is_note: bool = False) -> Dict:
             activity['object']['content'] = self._get_note_content()
         # for FitTrackee instances
         else:
-            activity['id'] = f'{self.activity_id}/activity'
             activity['object'] = {
                 **activity['object'],
                 **{
@@ -103,7 +62,7 @@ def get_activity(self, is_note: bool = False) -> Dict:
                     'workout_visibility': self.workout.workout_visibility,
                 },
             }
-        return self._update_activity_recipients(activity)
+        return activity
 
 
 def convert_duration_string_to_seconds(duration_str: str) -> int:
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index b902ff486..b09c2fb7a 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -18,13 +18,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 
-class WorkoutObjectTestCase(RandomMixin):
-    @staticmethod
-    def expected_url(user: User, workout: Workout) -> str:
-        return f'https://{user.actor.domain.name}/workouts/{workout.short_id}'
-
-
-class TestWorkoutObject(WorkoutObjectTestCase):
+class TestWorkoutObject(RandomMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
@@ -78,23 +72,17 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
 
         assert serialized_workout == {
             '@context': AP_CTX,
-            'id': (
-                f'{user_1.actor.activitypub_id}/workouts/'
-                f'{workout_cycling_user_1.short_id}/activity'
-            ),
+            'id': f'{workout_cycling_user_1.ap_id}/activity',
             'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
             'cc': [],
             'object': {
-                'id': (
-                    f'{user_1.actor.activitypub_id}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
-                ),
+                'id': workout_cycling_user_1.ap_id,
                 'type': 'Workout',
                 'published': published,
-                'url': self.expected_url(user_1, workout_cycling_user_1),
+                'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
                 'cc': [],
@@ -132,23 +120,17 @@ def test_it_generates_create_activity_when_visibility_is_public(
 
         assert serialized_workout == {
             '@context': AP_CTX,
-            'id': (
-                f'{user_1.actor.activitypub_id}/workouts/'
-                f'{workout_cycling_user_1.short_id}/activity'
-            ),
+            'id': f'{workout_cycling_user_1.ap_id}/activity',
             'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': ['https://www.w3.org/ns/activitystreams#Public'],
             'cc': [user_1.actor.followers_url],
             'object': {
-                'id': (
-                    f'{user_1.actor.activitypub_id}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
-                ),
+                'id': workout_cycling_user_1.ap_id,
                 'type': 'Workout',
                 'published': published,
-                'url': self.expected_url(user_1, workout_cycling_user_1),
+                'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
@@ -169,7 +151,7 @@ def test_it_generates_create_activity_when_visibility_is_public(
         }
 
 
-class TestWorkoutNoteObject(WorkoutObjectTestCase):
+class TestWorkoutNoteObject(RandomMixin):
     @staticmethod
     def expected_workout_note(workout: Workout, expected_url: str) -> str:
         return f"""<p>New workout: <a href="{expected_url}" target="_blank" rel="noopener noreferrer">{workout.title}</a> ({workout.sport.label})
@@ -191,32 +173,25 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
         )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1, 'Create')
-        expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
         serialized_workout_note = workout.get_activity(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
-            'id': (
-                f'{user_1.actor.activitypub_id}/workouts/'
-                f'{workout_cycling_user_1.short_id}/note/activity'
-            ),
+            'id': f'{workout_cycling_user_1.ap_id}/note/activity',
             'type': 'Create',
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
             'cc': [],
             'object': {
-                'id': (
-                    f'{user_1.actor.activitypub_id}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
-                ),
+                'id': workout_cycling_user_1.ap_id,
                 'type': 'Note',
                 'published': published,
-                'url': expected_url,
+                'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'content': self.expected_workout_note(
-                    workout_cycling_user_1, expected_url
+                    workout_cycling_user_1, workout_cycling_user_1.remote_url
                 ),
                 'to': [user_1.actor.followers_url],
                 'cc': [],
@@ -234,32 +209,25 @@ def test_it_returns_note_activity_when_visibility_is_public(
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         workout = WorkoutObject(workout_cycling_user_1, 'Create')
-        expected_url = self.expected_url(user_1, workout_cycling_user_1)
 
         serialized_workout_note = workout.get_activity(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
-            'id': (
-                f'{user_1.actor.activitypub_id}/workouts/'
-                f'{workout_cycling_user_1.short_id}/note/activity'
-            ),
+            'id': f'{workout_cycling_user_1.ap_id}/note/activity',
             'type': 'Create',
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': ['https://www.w3.org/ns/activitystreams#Public'],
             'cc': [user_1.actor.followers_url],
             'object': {
-                'id': (
-                    f'{user_1.actor.activitypub_id}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
-                ),
+                'id': workout_cycling_user_1.ap_id,
                 'type': 'Note',
                 'published': published,
-                'url': expected_url,
+                'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'content': self.expected_workout_note(
-                    workout_cycling_user_1, expected_url
+                    workout_cycling_user_1, workout_cycling_user_1.remote_url
                 ),
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
new file mode 100644
index 000000000..7e917ad8d
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -0,0 +1,135 @@
+import pytest
+from flask import Flask
+
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
+from fittrackee.federation.objects.comments import WorkoutCommentObject
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.workouts.utils import WorkoutCommentMixin
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Sport, Workout
+
+
+class TestWorkoutCommentObject(WorkoutCommentMixin):
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_when_visibility_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2, workout_cycling_user_1, text_visibility=input_visibility
+        )
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=f"object visibility is: '{input_visibility.value}'",
+        ):
+            WorkoutCommentObject(workout_comment, 'Create')
+
+    def test_it_raises_error_when_activity_type_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
+        )
+        invalid_activity_type = self.random_string()
+        with pytest.raises(
+            ValueError,
+            match=f"'{invalid_activity_type}' is not a valid ActivityType",
+        ):
+            WorkoutCommentObject(workout_comment, invalid_activity_type)
+
+    def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        published = workout_comment.created_at.strftime(DATE_FORMAT)
+        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+
+        serialized_comment = comment_object.get_activity()
+
+        assert serialized_comment == {
+            "@context": AP_CTX,
+            "id": f"{workout_comment.ap_id}/activity",
+            "type": "Create",
+            "actor": user_2.actor.activitypub_id,
+            "published": published,
+            "to": [user_2.actor.followers_url],
+            "cc": [],
+            "object": {
+                "id": workout_comment.ap_id,
+                "type": "Note",
+                "published": published,
+                "url": workout_comment.remote_url,
+                "attributedTo": user_2.actor.activitypub_id,
+                "inReplyTo": workout_cycling_user_1.ap_id,
+                "content": workout_comment.text,
+                "to": [user_2.actor.followers_url],
+                "cc": [],
+            },
+        }
+
+    def test_it_generates_activity_when_visibility_is_public(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        published = workout_comment.created_at.strftime(DATE_FORMAT)
+        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+
+        serialized_comment = comment_object.get_activity()
+
+        assert serialized_comment == {
+            "@context": AP_CTX,
+            "id": f"{workout_comment.ap_id}/activity",
+            "type": "Create",
+            "actor": user_2.actor.activitypub_id,
+            "published": published,
+            "to": ["https://www.w3.org/ns/activitystreams#Public"],
+            "cc": [user_2.actor.followers_url],
+            "object": {
+                "id": workout_comment.ap_id,
+                "type": "Note",
+                "published": published,
+                "url": workout_comment.remote_url,
+                "attributedTo": user_2.actor.activitypub_id,
+                "inReplyTo": workout_cycling_user_1.ap_id,
+                "content": workout_comment.text,
+                "to": ["https://www.w3.org/ns/activitystreams#Public"],
+                "cc": [user_2.actor.followers_url],
+            },
+        }
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
index d9c4741ed..dcc397b59 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -10,7 +10,7 @@
 from fittrackee.tests.utils import generate_follow_request
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
-from fittrackee.workouts.models import Sport
+from fittrackee.workouts.models import Sport, Workout
 
 from ...mixins import ApiTestCaseMixin
 
@@ -206,6 +206,41 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
 
+    def test_workout_ap_id_and_remote_url_are_saved_when_activity_is_sent(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts/no_gpx',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    sport_id=1,
+                    duration=3600,
+                    workout_date='2018-05-15 14:05',
+                    distance=10,
+                    workout_visibility=PrivacyLevel.PUBLIC,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        workout = Workout.query.first()
+        assert workout.ap_id == (
+            f'{user_1.actor.activitypub_id}/workouts/{workout.short_id}'
+        )
+        assert workout.remote_url == (
+            f'https://{user_1.actor.domain.name}/'
+            f'workouts/{workout.short_id}'
+        )
+
 
 @patch('fittrackee.workouts.workouts.send_to_remote_inbox')
 class TestFederationPostWorkoutWithGpx(ApiTestCaseMixin):
@@ -393,6 +428,44 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
 
+    def test_workout_ap_id_and_remote_url_are_saved_when_activity_is_sent(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            '/api/workouts',
+            data=dict(
+                file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
+                data=(
+                    f'{{"sport_id": 1, "map_visibility": '
+                    f'"{PrivacyLevel.PRIVATE.value}", '
+                    f'"workout_visibility": '
+                    f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                ),
+            ),
+            headers=dict(
+                content_type='multipart/form-data',
+                Authorization=f'Bearer {auth_token}',
+            ),
+        )
+
+        workout = Workout.query.first()
+        assert workout.ap_id == (
+            f'{user_1.actor.activitypub_id}/workouts/{workout.short_id}'
+        )
+        assert workout.remote_url == (
+            f'https://{user_1.actor.domain.name}/'
+            f'workouts/{workout.short_id}'
+        )
+
 
 @patch('fittrackee.workouts.workouts.send_to_remote_inbox')
 class TestFederationPostWorkoutWithZipArchive(ApiTestCaseMixin):
@@ -550,3 +623,55 @@ def test_it_calls_sent_to_inbox_for_latest_workouts(
                 send_to_remote_inbox_mock.send.call_count
                 == max_workouts_to_send
             )
+
+    def test_workout_ap_id_and_remote_url_are_saved_when_activity_is_sent(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        # 'gpx_test.zip' contains 3 gpx files (same data) and 1 non-gpx file
+        file_path = os.path.join(
+            app_with_federation.root_path, 'tests/files/gpx_test.zip'
+        )
+        max_workouts_to_send = 2
+
+        with open(file_path, 'rb') as zip_file:
+            client, auth_token = self.get_test_client_and_auth_token(
+                app_with_federation, user_1.email
+            )
+
+            with patch(
+                'fittrackee.workouts.workouts.MAX_WORKOUTS_TO_SEND',
+                max_workouts_to_send,
+            ):
+                client.post(
+                    '/api/workouts',
+                    data=dict(
+                        file=(zip_file, 'gpx_test.zip'),
+                        data=(
+                            f'{{"sport_id": 1, "map_visibility": '
+                            f'"{PrivacyLevel.PRIVATE.value}", '
+                            f'"workout_visibility": '
+                            f'"{PrivacyLevel.FOLLOWERS_AND_REMOTE.value}"}}'
+                        ),
+                    ),
+                    headers=dict(
+                        content_type='multipart/form-data',
+                        Authorization=f'Bearer {auth_token}',
+                    ),
+                )
+
+        workouts = Workout.query.all()
+        for workout in workouts[:max_workouts_to_send]:
+            assert workout.ap_id == (
+                f'{user_1.actor.activitypub_id}/workouts/{workout.short_id}'
+            )
+            assert workout.remote_url == (
+                f'https://{user_1.actor.domain.name}/'
+                f'workouts/{workout.short_id}'
+            )
+        for workout in workouts[max_workouts_to_send:]:
+            assert workout.ap_id is None
+            assert workout.remote_url is None
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index bbfb69072..07208198d 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -137,8 +137,11 @@ def create_workout(
         duration=duration,
     )
     new_workout.notes = workout_data.get('notes')
+
+    # for remote workout
     new_workout.ap_id = workout_data.get('id')
     new_workout.remote_url = workout_data.get('url')
+
     new_workout.workout_visibility = PrivacyLevel(
         workout_data.get('workout_visibility', user.workouts_visibility.value)
     )
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index aa0518bc6..fed0b5256 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -65,7 +65,13 @@
 
 
 def handle_workout_activities(workout: Workout, activity_type: str) -> None:
-    sender_id = workout.user.actor.id
+    actor = workout.user.actor
+    if activity_type == 'Create':
+        workout.ap_id = f'{actor.activitypub_id}/workouts/{workout.short_id}'
+        workout.remote_url = (
+            f'https://{actor.domain.name}/' f'workouts/{workout.short_id}'
+        )
+        db.session.commit()
     workout_activity, note_activity = workout.get_activities(
         activity_type=activity_type
     )
@@ -73,13 +79,13 @@ def handle_workout_activities(workout: Workout, activity_type: str) -> None:
 
     if recipients['fittrackee']:
         send_to_remote_inbox.send(
-            sender_id=sender_id,
+            sender_id=actor.id,
             activity=workout_activity,
             recipients=list(recipients['fittrackee']),
         )
     if recipients['others']:
         send_to_remote_inbox.send(
-            sender_id=sender_id,
+            sender_id=actor.id,
             activity=note_activity,
             recipients=list(recipients['others']),
         )

From c4d2420516dc825ece16cf89ace99527cd21fe70 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 8 Jan 2023 18:39:20 +0100
Subject: [PATCH 168/238] API - fix visibility check

---
 fittrackee/federation/objects/base_object.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index 9a719ee85..f6016e098 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -28,7 +28,7 @@ def _check_visibility(visibility: PrivacyLevel) -> None:
             PrivacyLevel.FOLLOWERS,
         ]:
             raise InvalidVisibilityException(
-                f"object visibility is: '{visibility}'"
+                f"object visibility is: '{visibility.value}'"
             )
 
     def _init_activity_dict(self) -> Dict:

From 4b6e30cb621ead87a9df8ce53759b7b87f29864d Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 Jan 2023 17:17:49 +0100
Subject: [PATCH 169/238] API - refacto (get workout visibility from 'to' and
 'cc' fields)

---
 .../federation/activities/activities.py       | 24 ++++-
 fittrackee/federation/objects/workout.py      |  1 -
 .../test_federation_activities_activities.py  | 89 +++++++++++++++----
 .../test_federation_objects_workout.py        |  6 --
 4 files changed, 95 insertions(+), 25 deletions(-)

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 3b55d153c..c23eb65b0 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -3,6 +3,7 @@
 from typing import Dict, Tuple
 
 from fittrackee import appLog, db
+from fittrackee.federation.constants import PUBLIC_STREAM
 from fittrackee.federation.exceptions import (
     ActivityException,
     ActorNotFoundException,
@@ -16,6 +17,7 @@
     create_remote_user,
     get_or_create_remote_domain_from_url,
 )
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
@@ -87,6 +89,19 @@ def get_actors(
             )
         return actor, object_actor
 
+    @staticmethod
+    def _get_visibility(activity_object: Dict, actor: Actor) -> PrivacyLevel:
+        recipients = activity_object.get("cc", []) + activity_object.get(
+            "to", []
+        )
+        if PUBLIC_STREAM in recipients:
+            return PrivacyLevel.PUBLIC
+        elif actor.followers_url in recipients:
+            return PrivacyLevel.FOLLOWERS_AND_REMOTE
+        # TODO:
+        # For comments only (only visible to mentioned users)
+        return PrivacyLevel.PRIVATE
+
 
 class FollowBaseActivity(AbstractActivity):
     @abstractmethod
@@ -169,6 +184,9 @@ def create_remote_workout(self, actor: Actor) -> None:
         sport = Sport.query.filter_by(id=sport_id).first()
         if not sport:
             raise SportNotFoundException()
+        workout_data['workout_visibility'] = self._get_visibility(
+            workout_data, actor
+        )
         new_workout = create_workout(
             actor.user, convert_workout_activity(workout_data)
         )
@@ -248,9 +266,9 @@ def update_remote_workout(self, actor: Actor) -> None:
             workout_to_update.workout_date = datetime.strptime(
                 workout_data['workout_date'], WORKOUT_DATE_FORMAT
             )
-            workout_to_update.workout_visibility = workout_data[
-                'workout_visibility'
-            ]
+            workout_to_update.workout_visibility = self._get_visibility(
+                workout_data, actor
+            )
             db.session.commit()
         except Exception as e:
             raise ActivityException(
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index 3c4dde5dc..8851a88d1 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -59,7 +59,6 @@ def get_activity(self, is_note: bool = False) -> Dict:
                     'workout_date': self.workout.workout_date.strftime(
                         WORKOUT_DATE_FORMAT
                     ),
-                    'workout_visibility': self.workout.workout_visibility,
                 },
             }
         return activity
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index a29c86d21..7ae5dc08e 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -508,6 +508,7 @@ def generate_random_object(
         remote_actor: Union[RandomActor, Actor],
         sport_id: int,
         activity_type: str,
+        visibility: PrivacyLevel,
     ) -> Dict:
         remote_domain = (
             remote_actor.domain
@@ -519,7 +520,7 @@ def generate_random_object(
         workout_short_id = self.random_short_id()
         workout_url = f'{remote_domain}/workouts/{workout_short_id}'
         published = datetime.utcnow().strftime(DATE_FORMAT)
-        return {
+        activity: Dict = {
             "@context": AP_CTX,
             "id": (
                 f"{remote_actor.activitypub_id}/workouts/"
@@ -528,7 +529,7 @@ def generate_random_object(
             "type": activity_type,
             "actor": remote_actor.activitypub_id,
             "published": published,
-            "to": [remote_actor.followers_url],
+            "to": [],
             "cc": [],
             "object": {
                 "id": (
@@ -539,7 +540,7 @@ def generate_random_object(
                 "published": published,
                 "url": workout_url,
                 "attributedTo": remote_actor.activitypub_id,
-                "to": [remote_actor.followers_url],
+                "to": [],
                 "cc": [],
                 "ave_speed": workout_distance,
                 "distance": workout_distance,
@@ -549,14 +550,29 @@ def generate_random_object(
                 "sport_id": sport_id,
                 "title": self.random_string(),
                 "workout_date": workout_date,
-                "workout_visibility": PrivacyLevel.FOLLOWERS.value,
             },
         }
+        if visibility == PrivacyLevel.PUBLIC:
+            activity['to'] = [PUBLIC_STREAM]
+            activity['cc'] = [remote_actor.followers_url]
+            activity['object']['to'] = [PUBLIC_STREAM]
+            activity['object']['cc'] = [remote_actor.followers_url]
+        else:
+            activity['to'] = [remote_actor.followers_url]
+            activity['cc'] = []
+            activity['object']['to'] = [remote_actor.followers_url]
+            activity['object']['cc'] = []
+        return activity
 
     def generate_workout_create_activity(
-        self, remote_actor: Union[RandomActor, Actor], sport_id: int
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        sport_id: int,
+        visibility: PrivacyLevel = PrivacyLevel.PUBLIC,
     ) -> Dict:
-        return self.generate_random_object(remote_actor, sport_id, 'Create')
+        return self.generate_random_object(
+            remote_actor, sport_id, 'Create', visibility
+        )
 
     def generate_workout_update_activity(
         self,
@@ -581,7 +597,7 @@ def generate_workout_update_activity(
                 "type": "Update",
                 "actor": actor.activitypub_id,
                 "published": published,
-                "to": [actor.followers_url],
+                "to": [],
                 "cc": [],
                 "object": {
                     "id": workout.ap_id,
@@ -589,7 +605,7 @@ def generate_workout_update_activity(
                     "published": published,
                     "url": f"{remote_domain}/workouts/{workout.short_id}",
                     "attributedTo": actor.activitypub_id,
-                    "to": [actor.followers_url],
+                    "to": [],
                     "cc": [],
                     "ave_speed": workout.ave_speed,
                     "distance": workout.distance,
@@ -601,12 +617,26 @@ def generate_workout_update_activity(
                     "workout_date": datetime.utcnow().strftime(
                         WORKOUT_DATE_FORMAT
                     ),
-                    "workout_visibility": PrivacyLevel.FOLLOWERS.value,
                 },
             }
+            if "workout_visibility" in updates:
+                workout_visibility = updates["workout_visibility"]
+                del updates["workout_visibility"]
+            else:
+                workout_visibility = workout.workout_visibility
+            if workout_visibility == PrivacyLevel.PUBLIC:
+                activity['to'] = [PUBLIC_STREAM]
+                activity['cc'] = [actor.followers_url]
+                activity['object']['to'] = [PUBLIC_STREAM]
+                activity['object']['cc'] = [actor.followers_url]
+            else:
+                activity['to'] = [actor.followers_url]
+                activity['cc'] = []
+                activity['object']['to'] = [actor.followers_url]
+                activity['object']['cc'] = []
         elif remote_actor and remote_actor and sport_id:
             activity = self.generate_random_object(
-                remote_actor, sport_id, 'Update'
+                remote_actor, sport_id, 'Update', PrivacyLevel.PUBLIC
             )
         activity["object"] = {**activity["object"], **updates}
         return activity
@@ -676,14 +706,16 @@ def test_it_raises_error_if_sport_does_not_exist(
         with pytest.raises(SportNotFoundException):
             activity.process_activity()
 
-    def test_it_creates_remote_workout_without_gpx(
+    def test_it_creates_remote_workout_without_gpx_with_public_visibility(
         self,
         app_with_federation: Flask,
         remote_user: User,
         sport_1_cycling: Sport,
     ) -> None:
         workout_activity = self.generate_workout_create_activity(
-            remote_actor=remote_user.actor, sport_id=sport_1_cycling.id
+            remote_actor=remote_user.actor,
+            sport_id=sport_1_cycling.id,
+            visibility=PrivacyLevel.PUBLIC,
         )
         activity = get_activity_instance({'type': workout_activity['type']})(
             activity_dict=workout_activity
@@ -699,9 +731,31 @@ def test_it_creates_remote_workout_without_gpx(
         assert (
             remote_workout.distance == workout_activity['object']['distance']
         )
+        assert remote_workout.workout_visibility == PrivacyLevel.PUBLIC
+
+    def test_it_creates_remote_workout_without_gpx_with_followers_visibility(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_activity = self.generate_workout_create_activity(
+            remote_actor=remote_user.actor,
+            sport_id=sport_1_cycling.id,
+            visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        activity = get_activity_instance({'type': workout_activity['type']})(
+            activity_dict=workout_activity
+        )
+
+        activity.process_activity()
+
+        remote_workout = Workout.query.filter_by(
+            user_id=remote_user.id, sport_id=sport_1_cycling.id
+        ).first()
         assert (
             remote_workout.workout_visibility
-            == workout_activity['object']['workout_visibility']
+            == PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
     def test_serializer_returns_remote_url(
@@ -712,7 +766,9 @@ def test_serializer_returns_remote_url(
         sport_1_cycling: Sport,
     ) -> None:
         workout_activity = self.generate_workout_create_activity(
-            remote_actor=remote_user.actor, sport_id=sport_1_cycling.id
+            remote_actor=remote_user.actor,
+            sport_id=sport_1_cycling.id,
+            visibility=PrivacyLevel.PUBLIC,
         )
         activity = get_activity_instance({'type': workout_activity['type']})(
             activity_dict=workout_activity
@@ -723,7 +779,7 @@ def test_serializer_returns_remote_url(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
         ).first()
         assert (
-            remote_workout.serialize(user_1)['remote_url']
+            remote_workout.serialize('remote_follower')['remote_url']
             == remote_workout.remote_url
         )
 
@@ -929,6 +985,9 @@ def test_it_updates_remote_workout(
         input_key: str,
         input_new_value: Union[str, int, float, PrivacyLevel],
     ) -> None:
+        remote_cycling_workout.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
         update_activity = self.generate_workout_update_activity(
             workout=remote_cycling_workout,
             updates={input_key: input_new_value},
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index b09c2fb7a..fe5220cae 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -96,9 +96,6 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
                     WORKOUT_DATE_FORMAT
                 ),
-                'workout_visibility': (
-                    workout_cycling_user_1.workout_visibility
-                ),
             },
         }
 
@@ -144,9 +141,6 @@ def test_it_generates_create_activity_when_visibility_is_public(
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
                     WORKOUT_DATE_FORMAT
                 ),
-                'workout_visibility': (
-                    workout_cycling_user_1.workout_visibility
-                ),
             },
         }
 

From 13d27ac9c88a4cbed554fce45cd17527795c2a3e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 Jan 2023 17:49:35 +0100
Subject: [PATCH 170/238] API - send Create activity when posting a comment on
 a workout

---
 .../workouts/test_workouts_comments_api.py    | 171 ++++++++++++++++++
 .../workouts/test_workouts_comments_models.py |  51 ++++++
 fittrackee/workouts/models.py                 |   9 +
 fittrackee/workouts/workouts.py               |  21 +++
 4 files changed, 252 insertions(+)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 9e9293310..4b110f628 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -1,4 +1,5 @@
 import json
+from unittest.mock import Mock, patch
 
 import pytest
 from flask import Flask
@@ -12,6 +13,7 @@
 from ...workouts.utils import WorkoutCommentMixin
 
 
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
 class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
     @pytest.mark.parametrize(
         'input_workout_visibility',
@@ -23,6 +25,7 @@ class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
     )
     def test_it_returns_404_when_user_can_not_access_workout(
         self,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -56,6 +59,7 @@ def test_it_returns_404_when_user_can_not_access_workout(
 
     def test_it_returns_404_when_follower_can_not_access_workout(
         self,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -90,6 +94,7 @@ def test_it_returns_404_when_follower_can_not_access_workout(
 
     def test_it_returns_201_when_comment_is_created(
         self,
+        send_to_remote_inbox_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -126,6 +131,172 @@ def test_it_returns_201_when_comment_is_created(
             user_id=user_1.id, workout_id=remote_cycling_workout.id
         ).first()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
+        assert new_comment.ap_id == (
+            f'{user_1.actor.activitypub_id}/'
+            f'workouts/{remote_cycling_workout.short_id}/'
+            f'comments/{new_comment.short_id}'
+        )
+        assert new_comment.remote_url == (
+            f'https://{user_1.actor.domain.name}/'
+            f'workouts/{remote_cycling_workout.short_id}/'
+            f'comments/{new_comment.short_id}'
+        )
+
+    def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        user_1.approves_follow_request_from(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        note_activity = WorkoutComment.query.first().get_activity(
+            activity_type='Create'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        remote_user_2.send_follow_request_to(user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        note_activity = WorkoutComment.query.first().get_activity(
+            activity_type='Create'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user_2.actor.shared_inbox_url],
+        )
 
 
 class TestGetWorkoutCommentAsUser(
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index 98d9c6e79..ac509d7aa 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -220,3 +220,54 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
 
         with pytest.raises(CommentForbiddenException):
             comment.serialize()
+
+
+class TestWorkoutCommentModelGetActivity(WorkoutCommentMixin):
+    activity_type = 'Create'
+
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_if_visibility_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_cycling_workout: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=remote_cycling_workout,
+            text_visibility=input_visibility,
+        )
+        with pytest.raises(InvalidVisibilityException):
+            comment.get_activity(activity_type=self.activity_type)
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_returns_activities_when_visibility_is_valid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_cycling_workout: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=remote_cycling_workout,
+            text_visibility=input_visibility,
+        )
+
+        note_activity = comment.get_activity(activity_type=self.activity_type)
+
+        assert note_activity['type'] == self.activity_type
+        assert note_activity['object']['type'] == 'Note'
+        assert note_activity['object']['id'] == comment.ap_id
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 2b575185a..c163e9a4a 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -15,6 +15,7 @@
 from fittrackee import BaseModel, appLog, db
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.decorators import federation_required
+from fittrackee.federation.objects.comments import WorkoutCommentObject
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
@@ -737,3 +738,11 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
             'text_visibility': self.text_visibility,
             'created_at': self.created_at,
         }
+
+    def get_activity(self, activity_type: str) -> Dict:
+        if activity_type == 'Create':
+            return WorkoutCommentObject(
+                self, activity_type=activity_type
+            ).get_activity()
+        # TODO: Update and Delete
+        return {}
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index fed0b5256..70b94847d 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1579,6 +1579,27 @@ def add_workout_comment(
             text_visibility=PrivacyLevel(comment_data['text_visibility']),
         )
         db.session.add(new_comment)
+        db.session.flush()
+        if sending_activities_allowed(new_comment.text_visibility):
+            new_comment.ap_id = (
+                f'{auth_user.actor.activitypub_id}/'
+                f'workouts/{workout.short_id}/'
+                f'comments/{new_comment.short_id}'
+            )
+            new_comment.remote_url = (
+                f'https://{auth_user.actor.domain.name}/'
+                f'workouts/{workout.short_id}/'
+                f'comments/{new_comment.short_id}'
+            )
+            note_activity = new_comment.get_activity(activity_type='Create')
+            recipients = auth_user.get_followers_shared_inboxes()
+            send_to_remote_inbox.send(
+                sender_id=auth_user.actor.id,
+                activity=note_activity,
+                recipients=(
+                    list(recipients['fittrackee']) + list(recipients['others'])
+                ),
+            )
         db.session.commit()
 
         return (

From 50aeeb32b4e279e9e259dcf4a21d4ecf719e2b9b Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 11 Jan 2023 18:49:56 +0100
Subject: [PATCH 171/238] API - init comment creation from activity (WIP)

---
 .../federation/activities/activities.py       |  23 ++-
 .../test_federation_activities_activities.py  | 162 +++++++++++++++++-
 2 files changed, 183 insertions(+), 2 deletions(-)

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index c23eb65b0..bcf7fb5c2 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -25,7 +25,7 @@
 )
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
 from fittrackee.workouts.utils.workouts import create_workout
 
 from ..objects.workout import convert_workout_activity
@@ -193,10 +193,31 @@ def create_remote_workout(self, actor: Actor) -> None:
         db.session.add(new_workout)
         db.session.commit()
 
+    def create_remote_note(self, actor: Actor) -> None:
+        note_data = self.activity["object"]
+        reply_to_object = note_data.get("inReplyTo")
+        workout = Workout.query.filter_by(ap_id=reply_to_object).first()
+        if not workout:
+            raise ObjectNotFoundException("workout", self.activity_name())
+
+        new_comment = WorkoutComment(
+            user_id=actor.user.id,
+            workout_id=workout.id,
+            workout_visibility=workout.workout_visibility,
+            text=note_data["content"],
+            text_visibility=self._get_visibility(note_data, actor),
+        )
+        new_comment.ap_id = note_data["id"]
+        new_comment.remote_url = note_data["url"]
+        db.session.add(new_comment)
+        db.session.commit()
+
     def process_activity(self) -> None:
         actor = self.get_actor()
         if self.activity['object']['type'] == 'Workout':
             self.create_remote_workout(actor=actor)
+        if self.activity['object']['type'] == 'Note':
+            self.create_remote_note(actor=actor)
 
 
 class DeleteActivity(AbstractActivity):
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 7ae5dc08e..928347d29 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -27,7 +27,7 @@
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.models import Sport, Workout, WorkoutComment
 
 from ...mixins import RandomMixin
 from ...utils import RandomActor
@@ -1102,3 +1102,163 @@ def test_it_raises_exception_when_activity_is_invalid(
         ):
 
             activity.process_activity()
+
+
+class WorkoutCommentActivitiesTestCase(RandomMixin):
+    def generate_random_object(
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        workout: Optional[Workout] = None,
+        visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
+    ) -> Dict:
+        remote_domain = (
+            remote_actor.domain
+            if isinstance(remote_actor, RandomActor)
+            else f'https://{remote_actor.domain.name}'
+        )
+        workout_short_id = (
+            workout.short_id if workout else self.random_short_id()
+        )
+        if not workout:
+            workout_api_id = (
+                f'{remote_domain}/federation/users/'
+                f'{remote_actor.name}/'
+                f'workouts/{workout_short_id}'
+            )
+        else:
+            workout_api_id = workout.ap_id
+
+        comment_short_id = self.random_short_id()
+        comment_ap_id = (
+            f"{remote_actor.activitypub_id}/workouts/{workout_short_id}"
+            f"/comments/{comment_short_id}"
+        )
+        comment_url = (
+            f'{remote_domain}/workouts/{workout_short_id}'
+            f'/comment/{comment_short_id}'
+        )
+        published = datetime.utcnow().strftime(DATE_FORMAT)
+        activity: Dict = {
+            "@context": AP_CTX,
+            "id": f"{comment_ap_id}/activity",
+            "type": "Create",
+            "actor": remote_actor.activitypub_id,
+            "published": published,
+            "to": [remote_actor.followers_url],
+            "cc": [],
+            "object": {
+                "id": comment_ap_id,
+                "type": "Note",
+                "published": published,
+                "url": comment_url,
+                "attributedTo": remote_actor.activitypub_id,
+                "inReplyTo": workout_api_id,
+                "content": self.random_string(),
+                "to": [remote_actor.followers_url],
+                "cc": [],
+            },
+        }
+        if visibility == PrivacyLevel.PUBLIC:
+            activity['to'] = [PUBLIC_STREAM]
+            activity['cc'] = [remote_actor.followers_url]
+            activity['object']['to'] = [PUBLIC_STREAM]
+            activity['object']['cc'] = [remote_actor.followers_url]
+        elif visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE:
+            activity['to'] = [remote_actor.followers_url]
+            activity['cc'] = []
+            activity['object']['to'] = [remote_actor.followers_url]
+            activity['object']['cc'] = []
+        elif workout:
+            activity['to'] = [workout.user.actor.followers_url]
+            activity['cc'] = []
+            activity['object']['to'] = [workout.user.actor.followers_url]
+            activity['object']['cc'] = []
+        return activity
+
+    def generate_workout_comment_create_activity(
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        workout: Optional[Workout] = None,
+        visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
+    ) -> Dict:
+        return self.generate_random_object(remote_actor, workout, visibility)
+
+
+class TestCreateActivityForWorkoutComment(WorkoutCommentActivitiesTestCase):
+    def test_it_raises_error_if_comment_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        random_actor: RandomActor,
+    ) -> None:
+
+        comment_activity = self.generate_workout_comment_create_activity(
+            remote_actor=random_actor
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for CreateActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_if_comment_workout_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        comment_activity = self.generate_workout_comment_create_activity(
+            remote_actor=remote_user.actor
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        with pytest.raises(
+            ObjectNotFoundException,
+            match='workout not found for CreateActivity',
+        ):
+            activity.process_activity()
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_creates_remote_workout_comment_with_expected_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_visibility
+        workout_cycling_user_1.api_id = (
+            f'{user_1.actor.domain}/federation/users/{user_1.username}/'
+            f'workouts/{workout_cycling_user_1.short_id}'
+        )
+        comment_activity = self.generate_workout_comment_create_activity(
+            remote_actor=remote_user.actor,
+            workout=workout_cycling_user_1,
+            visibility=input_visibility,
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        activity.process_activity()
+
+        remote_comment = WorkoutComment.query.filter_by(
+            user_id=remote_user.id
+        ).first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        assert remote_comment.remote_url == comment_activity['object']['url']
+        assert remote_comment.text == comment_activity['object']['content']
+        assert remote_comment.text_visibility == input_visibility

From 7186613fca08c5dec839d91f6f802a64ba3edafe Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 08:53:36 +0100
Subject: [PATCH 172/238] API - add route to get workout comments

---
 .../workouts/test_workouts_comments_api.py    | 302 ++++++++
 .../workouts/test_workouts_comments_models.py |   6 +-
 .../workouts/test_workouts_comments_api.py    | 651 ++++++++++++++++++
 .../workouts/test_workouts_comments_models.py |  12 +-
 fittrackee/users/utils/following.py           |  14 +
 fittrackee/workouts/models.py                 |   3 +-
 fittrackee/workouts/timeline.py               |  13 +-
 fittrackee/workouts/workouts.py               |  78 ++-
 8 files changed, 1062 insertions(+), 17 deletions(-)
 create mode 100644 fittrackee/users/utils/following.py

diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 4b110f628..6cee7c722 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -10,6 +10,7 @@
 
 from ...mixins import ApiTestCaseMixin, BaseTestMixin
 from ...utils import jsonify_dict
+from ...workouts.test_workouts_comments_api import GetWorkoutCommentsTestCase
 from ...workouts.utils import WorkoutCommentMixin
 
 
@@ -487,3 +488,304 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
             response,
             f"workout comment not found (id: {workout_comment.short_id})",
         )
+
+
+class TestGetWorkoutCommentsAsUser(GetWorkoutCommentsTestCase):
+    def test_it_does_not_return_comment_when_for_followers_and_remote(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+
+class TestGetWorkoutCommentsAsFollower(GetWorkoutCommentsTestCase):
+    def test_it_does_not_return_comment_when_visibility_does_not_allow_it(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_2.approves_follow_request_from(user_3)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+    @pytest.mark.parametrize(
+        'input_text_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PUBLIC,
+        ],
+    )
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(
+            response,
+            expected_comments=[
+                jsonify_dict(workout_comment.serialize(user_1))
+            ],
+        )
+
+
+class TestGetWorkoutCommentsAsOwner(GetWorkoutCommentsTestCase):
+    def test_it_returns_comment_when_for_followers_and_remote(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(
+            response,
+            expected_comments=[
+                jsonify_dict(workout_comment.serialize(user_1))
+            ],
+        )
+
+
+class TestGetWorkoutCommentsAsUnauthenticatedUser(GetWorkoutCommentsTestCase):
+    def test_it_does_not_return_comment_when_for_followers_and_remote(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client = app_with_federation.test_client()
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+
+class TestGetWorkoutCommentsPagination(GetWorkoutCommentsTestCase):
+    def test_it_returns_only_comments_user_can_access(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        # remote user 2
+        visible_comments = [
+            self.create_comment(
+                remote_user_2,
+                workout_cycling_user_2,
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+        ]
+
+        for privacy_levels in [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ]:
+            self.create_comment(
+                remote_user_2,
+                workout_cycling_user_2,
+                text_visibility=privacy_levels,
+            )
+        # remote user followed by user 1
+        for privacy_levels in [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        ]:
+            visible_comments.append(
+                self.create_comment(
+                    remote_user,
+                    workout_cycling_user_2,
+                    text_visibility=privacy_levels,
+                )
+            )
+        self.create_comment(
+            remote_user,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        # user 3
+        visible_comments.append(
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+        )
+        for privacy_levels in [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ]:
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=privacy_levels,
+            )
+        # user 2 followed by user 1
+        for privacy_levels in [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+        ]:
+            visible_comments.append(
+                self.create_comment(
+                    user_2,
+                    workout_cycling_user_2,
+                    text_visibility=privacy_levels,
+                )
+            )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        # user 1
+        for privacy_levels in [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PUBLIC,
+        ]:
+            visible_comments.append(
+                self.create_comment(
+                    user_1,
+                    workout_cycling_user_2,
+                    text_visibility=privacy_levels,
+                )
+            )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['data']['comments'] == [
+            jsonify_dict(comment.serialize(user_1))
+            for comment in visible_comments[:5]
+        ]
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 3,
+            'total': 11,
+        }
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index ac509d7aa..d789f0860 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -96,7 +96,8 @@ def test_it_serializes_owner_comment(
         serialized_comment = comment.serialize(user_1)
 
         assert serialized_comment == {
-            'user_id': user_1.id,
+            'id': comment.short_id,
+            'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
@@ -172,7 +173,8 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         serialized_comment = comment.serialize(user_1)
 
         assert serialized_comment == {
-            'user_id': remote_user.id,
+            'id': comment.short_id,
+            'user': remote_user.serialize(),
             'workout_id': remote_cycling_workout.id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index d546ad727..f8ecd85f8 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -1,7 +1,9 @@
 import json
+from typing import List
 
 import pytest
 from flask import Flask
+from werkzeug import Response
 
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
@@ -684,3 +686,652 @@ def test_expected_scopes_are_defined(
         )
 
         self.assert_response_scope(response, can_access)
+
+
+class GetWorkoutCommentsTestCase(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    @staticmethod
+    def assert_comments_response(
+        response: Response, expected_comments: List
+    ) -> None:
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert 'success' in data['status']
+        assert data['data']['comments'] == expected_comments
+
+
+class TestGetWorkoutCommentsAsUser(GetWorkoutCommentsTestCase):
+    def test_it_returns_404_when_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_short_id = self.random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_short_id})",
+        )
+
+    def test_it_returns_empty_list_when_no_comments(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        self.create_comment(
+            user_3,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+    @pytest.mark.parametrize(
+        'input_text_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
+    )
+    def test_it_does_not_return_comment_when_visibility_does_not_allow_it(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+    def test_it_returns_comment_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(
+            response,
+            expected_comments=[
+                jsonify_dict(workout_comment.serialize(user_1))
+            ],
+        )
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', True),
+            ('workouts:write', False),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {access_token}",
+            ),
+        )
+
+        self.assert_response_scope(response, can_access)
+
+
+class TestGetWorkoutCommentsAsFollower(GetWorkoutCommentsTestCase):
+    def test_it_does_not_return_comment_when_visibility_does_not_allow_it(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_2.approves_follow_request_from(user_3)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+    @pytest.mark.parametrize(
+        'input_text_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC]
+    )
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(
+            response,
+            expected_comments=[
+                jsonify_dict(workout_comment.serialize(user_1))
+            ],
+        )
+
+
+class TestGetWorkoutCommentsAsOwner(GetWorkoutCommentsTestCase):
+    @pytest.mark.parametrize(
+        'input_text_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC],
+    )
+    def test_it_returns_comment_when_visibility_allows_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_comments_response(
+            response,
+            expected_comments=[
+                jsonify_dict(workout_comment.serialize(user_1))
+            ],
+        )
+
+
+class TestGetWorkoutCommentsAsUnauthenticatedUser(GetWorkoutCommentsTestCase):
+    @pytest.mark.parametrize(
+        'input_text_visibility',
+        [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS],
+    )
+    def test_it_does_not_return_comment_when_visibility_does_not_allow_it(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        input_text_visibility: PrivacyLevel,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+        )
+
+        self.assert_comments_response(response, expected_comments=[])
+
+    def test_it_returns_comment_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+        )
+
+        self.assert_comments_response(
+            response,
+            expected_comments=[
+                jsonify_dict(workout_comment.serialize(user_1))
+            ],
+        )
+
+
+class TestGetWorkoutCommentsPagination(GetWorkoutCommentsTestCase):
+    def test_it_returns_pagination_when_no_comments(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert 'success' in data['status']
+        assert data['data']['comments'] == []
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
+    def test_it_returns_pagination_when_one_workout_returned(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['comments']) == 1
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 1,
+        }
+
+    def test_it_gets_first_page(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        for _ in range(7):
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['comments']) == 5
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 7,
+        }
+
+    def test_it_gets_second_page(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        for _ in range(7):
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments?page=2",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['comments']) == 2
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 2,
+            'pages': 2,
+            'total': 7,
+        }
+
+    def test_it_gets_empty_third_page(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        for _ in range(7):
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments?page=3",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert len(data['data']['comments']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': True,
+            'page': 3,
+            'pages': 2,
+            'total': 7,
+        }
+
+    def test_it_returns_only_comments_user_can_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        visible_comments = []
+        # user 3
+        visible_comments.append(
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+        )
+        for privacy_levels in [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]:
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=privacy_levels,
+            )
+        # user 2
+        for privacy_levels in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS]:
+            visible_comments.append(
+                self.create_comment(
+                    user_2,
+                    workout_cycling_user_2,
+                    text_visibility=privacy_levels,
+                )
+            )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        # user 1
+        for privacy_levels in [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PUBLIC,
+        ]:
+            visible_comments.append(
+                self.create_comment(
+                    user_1,
+                    workout_cycling_user_2,
+                    text_visibility=privacy_levels,
+                )
+            )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert data['data']['comments'] == [
+            jsonify_dict(comment.serialize(user_1))
+            for comment in visible_comments[:5]
+        ]
+        assert data['pagination'] == {
+            'has_next': True,
+            'has_prev': False,
+            'page': 1,
+            'pages': 2,
+            'total': 6,
+        }
+
+    def test_it_returns_comments_ordered_by_creation_date_ascending(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comments = []
+        for _ in range(7):
+            comments.append(
+                self.create_comment(
+                    user_3,
+                    workout_cycling_user_2,
+                    text_visibility=PrivacyLevel.PUBLIC,
+                )
+            )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['data']['comments'][0]['id'] == comments[0].short_id
+        assert data['data']['comments'][4]['id'] == comments[4].short_id
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index 55b636f58..bb6838d3a 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -214,7 +214,8 @@ def test_it_serializes_owner_comment(
         serialized_comment = comment.serialize(user_1)
 
         assert serialized_comment == {
-            'user_id': user_1.id,
+            'id': comment.short_id,
+            'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
@@ -286,7 +287,8 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         serialized_comment = comment.serialize(user_2)
 
         assert serialized_comment == {
-            'user_id': user_1.id,
+            'id': comment.short_id,
+            'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
@@ -336,7 +338,8 @@ def test_it_serializes_comment_when_comment_is_public(
         serialized_comment = comment.serialize(user_2)
 
         assert serialized_comment == {
-            'user_id': user_1.id,
+            'id': comment.short_id,
+            'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
@@ -386,7 +389,8 @@ def test_it_serializes_comment_when_comment_is_public(
         serialized_comment = comment.serialize()
 
         assert serialized_comment == {
-            'user_id': user_1.id,
+            'id': comment.short_id,
+            'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
diff --git a/fittrackee/users/utils/following.py b/fittrackee/users/utils/following.py
new file mode 100644
index 000000000..33a55ee54
--- /dev/null
+++ b/fittrackee/users/utils/following.py
@@ -0,0 +1,14 @@
+from typing import List, Tuple
+
+from ..models import User
+
+
+def get_following(user: User) -> Tuple[List, List]:
+    local_following_ids = []
+    remote_following_ids = []
+    for following in user.following:
+        if following.is_remote is True:
+            remote_following_ids.append(following.id)
+        else:
+            local_following_ids.append(following.id)
+    return local_following_ids, remote_following_ids
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index c163e9a4a..a0e984372 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -732,7 +732,8 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
         if not can_view_workout_comment(self, user):
             raise CommentForbiddenException
         return {
-            'user_id': self.user_id,
+            'id': self.short_id,
+            'user': self.user.serialize(),
             'workout_id': self.workout_id,
             'text': self.text,
             'text_visibility': self.text_visibility,
diff --git a/fittrackee/workouts/timeline.py b/fittrackee/workouts/timeline.py
index f4041b303..80ce93c6c 100644
--- a/fittrackee/workouts/timeline.py
+++ b/fittrackee/workouts/timeline.py
@@ -7,6 +7,7 @@
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.responses import HttpResponse, handle_error_and_return_response
 from fittrackee.users.models import User
+from fittrackee.users.utils.following import get_following
 
 from .models import Workout
 from .utils.visibility import get_workout_user_status
@@ -22,19 +23,13 @@ def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
     try:
         params = request.args.copy()
         page = int(params.get('page', 1))
-        local_following_users_id = []
-        remote_following_users_id = []
-        for user in auth_user.following:
-            if user.is_remote is True:
-                remote_following_users_id.append(user.id)
-            else:
-                local_following_users_id.append(user.id)
+        local_following_ids, remote_following_ids = get_following(auth_user)
         workouts_pagination = (
             Workout.query.filter(
                 or_(
                     Workout.user_id == auth_user.id,
                     and_(
-                        Workout.user_id.in_(local_following_users_id),
+                        Workout.user_id.in_(local_following_ids),
                         Workout.workout_visibility.in_(
                             [
                                 PrivacyLevel.FOLLOWERS,
@@ -43,7 +38,7 @@ def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
                         ),
                     ),
                     and_(
-                        Workout.user_id.in_(remote_following_users_id),
+                        Workout.user_id.in_(remote_following_ids),
                         Workout.workout_visibility
                         == PrivacyLevel.FOLLOWERS_AND_REMOTE,
                     ),
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 70b94847d..4a4cc80a4 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -13,7 +13,7 @@
     request,
     send_from_directory,
 )
-from sqlalchemy import asc, desc, exc
+from sqlalchemy import and_, asc, desc, exc, or_
 from werkzeug.exceptions import NotFound, RequestEntityTooLarge
 from werkzeug.utils import secure_filename
 
@@ -36,6 +36,7 @@
     handle_error_and_return_response,
 )
 from fittrackee.users.models import User
+from fittrackee.users.utils.following import get_following
 from fittrackee.utils import decode_short_id
 
 from .models import Workout, WorkoutComment
@@ -62,6 +63,7 @@
 DEFAULT_WORKOUTS_PER_PAGE = 5
 MAX_WORKOUTS_PER_PAGE = 100
 MAX_WORKOUTS_TO_SEND = 5
+DEFAULT_COMMENTS_PER_PAGE = 5
 
 
 def handle_workout_activities(workout: Workout, activity_type: str) -> None:
@@ -1656,3 +1658,77 @@ def get_workout_comment(
         },
         200,
     )
+
+
+@workouts_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments", methods=["GET"]
+)
+@require_auth(scopes=['workouts:read'], optional_auth_user=True)
+def get_workout_comments(
+    auth_user: Optional[User], workout_short_id: str
+) -> Union[Dict, HttpResponse]:
+    workout_uuid = decode_short_id(workout_short_id)
+    workout = Workout.query.filter_by(uuid=workout_uuid).first()
+    if not workout:
+        return NotFoundErrorResponse(
+            f"workout not found (id: {workout_short_id})"
+        )
+
+    try:
+        params = request.args.copy()
+        page = int(params.get('page', 1))
+        if not auth_user:
+            comments_filter = WorkoutComment.query.filter(
+                WorkoutComment.workout_id == workout.id,
+                WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+            )
+        else:
+            local_following_ids, remote_following_ids = get_following(
+                auth_user
+            )
+            comments_filter = WorkoutComment.query.filter(
+                WorkoutComment.workout_id == workout.id,
+                or_(
+                    WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+                    or_(
+                        WorkoutComment.user_id == auth_user.id,
+                        and_(
+                            WorkoutComment.user_id.in_(local_following_ids),
+                            WorkoutComment.text_visibility.in_(
+                                [
+                                    PrivacyLevel.FOLLOWERS,
+                                    PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                                ]
+                            ),
+                        ),
+                        and_(
+                            WorkoutComment.user_id.in_(remote_following_ids),
+                            WorkoutComment.text_visibility
+                            == PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                        ),
+                    ),
+                ),
+            )
+        comments_pagination = comments_filter.order_by(
+            WorkoutComment.created_at.asc()
+        ).paginate(
+            page=page, per_page=DEFAULT_COMMENTS_PER_PAGE, error_out=False
+        )
+        comments = comments_pagination.items
+        return {
+            'status': 'success',
+            'data': {
+                'comments': [
+                    comment.serialize(auth_user) for comment in comments
+                ]
+            },
+            'pagination': {
+                'has_next': comments_pagination.has_next,
+                'has_prev': comments_pagination.has_prev,
+                'page': comments_pagination.page,
+                'pages': comments_pagination.pages,
+                'total': comments_pagination.total,
+            },
+        }
+    except Exception as e:
+        return handle_error_and_return_response(e)

From 8e93a4fa7f1325eb3a6e6bbce0c25b4d118418ac Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 09:31:42 +0100
Subject: [PATCH 173/238] Client - fix access to User profile when
 unauthenticated

---
 .../src/components/User/ProfileDisplay/UserInfos.vue     | 9 +++++----
 fittrackee_client/src/router/index.ts                    | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index 4c6fd8950..a8dce4f32 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -161,13 +161,14 @@
   const language: ComputedRef<string> = computed(
     () => store.getters[ROOT_STORE.GETTERS.LANGUAGE]
   )
+  const resolvedTimezone = Intl.DateTimeFormat().resolvedOptions().timeZone
   const registrationDate = computed(() =>
     props.user.created_at
       ? formatDate(
           props.user.created_at,
-          authUser?.value ? authUser.value.timezone : 'Europe/Paris',
-          authUser?.value ? authUser.value.date_format : 'MM/dd/yyyy'
-        )
+          authUser?.value && authUser.value.timezone ? authUser.value.timezone : resolvedTimezone,
+          authUser?.value && authUser.value.date_format ? authUser.value.date_format : 'MM/dd/yyyy'
+      )
       : ''
   )
   const birthDate = computed(() =>
@@ -175,7 +176,7 @@
       ? format(
           new Date(props.user.birth_date),
           `${getDateFormat(
-            authUser?.value ? authUser.value.date_format : 'MM/dd/yyyy',
+            authUser?.value && authUser.value.date_format ? authUser.value.date_format : 'MM/dd/yyyy',
             language.value
           )}`,
           { locale: localeFromLanguage[language.value] }
diff --git a/fittrackee_client/src/router/index.ts b/fittrackee_client/src/router/index.ts
index dabbf69f1..c3c758790 100644
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@@ -382,13 +382,13 @@ const pathsWithoutAuthentication = [
   '/account-confirmation/email-sent',
 ]
 
-const pathsWithoutChecks = ['/email-update', '/about', '/users']
+const pathNamesWithoutChecks = ['EmailUpdate', 'About', 'User']
 
 router.beforeEach((to, from, next) => {
   store
     .dispatch(AUTH_USER_STORE.ACTIONS.CHECK_AUTH_USER)
     .then(() => {
-      if (pathsWithoutChecks.includes(to.path)) {
+      if (to.name && pathNamesWithoutChecks.includes(to.name.toString())) {
         return next()
       }
 

From 49297550d4146e26b19f378e3feb8d819a0b72a1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 09:59:04 +0100
Subject: [PATCH 174/238] API - get sports when unauthenticated

---
 fittrackee/tests/workouts/test_sports_api.py | 15 +++++++++++++--
 fittrackee/workouts/sports.py                |  6 +++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/fittrackee/tests/workouts/test_sports_api.py b/fittrackee/tests/workouts/test_sports_api.py
index 40c034343..525d49a36 100644
--- a/fittrackee/tests/workouts/test_sports_api.py
+++ b/fittrackee/tests/workouts/test_sports_api.py
@@ -12,15 +12,26 @@
 
 
 class TestGetSports(ApiTestCaseMixin):
-    def test_it_returns_error_if_user_is_not_authenticated(
+    def test_test_it_gets_all_sports_when_not_authenticated(
         self,
         app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
     ) -> None:
         client = app.test_client()
 
         response = client.get('/api/sports')
 
-        self.assert_401(response)
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert 'success' in data['status']
+        assert len(data['data']['sports']) == 2
+        assert data['data']['sports'][0] == jsonify_dict(
+            sport_1_cycling.serialize()
+        )
+        assert data['data']['sports'][1] == jsonify_dict(
+            sport_2_running.serialize()
+        )
 
     def test_it_gets_all_sports(
         self,
diff --git a/fittrackee/workouts/sports.py b/fittrackee/workouts/sports.py
index 63443b74a..4a1d8d391 100644
--- a/fittrackee/workouts/sports.py
+++ b/fittrackee/workouts/sports.py
@@ -19,7 +19,7 @@
 
 
 @sports_blueprint.route('/sports', methods=['GET'])
-@require_auth(scopes=['workouts:read'])
+@require_auth(scopes=['workouts:read'], optional_auth_user=True)
 def get_sports(auth_user: User) -> Dict:
     """
     Get all sports
@@ -181,10 +181,10 @@ def get_sports(auth_user: User) -> Dict:
     for sport in sports:
         sport_preferences = UserSportPreference.query.filter_by(
             user_id=auth_user.id, sport_id=sport.id
-        ).first()
+        ).first() if auth_user else None
         sports_data.append(
             sport.serialize(
-                is_admin=auth_user.admin,
+                is_admin=auth_user.admin if auth_user else False,
                 sport_preferences=sport_preferences.serialize()
                 if sport_preferences
                 else None,

From 6fafc1c5632b9c928a87c03fa31f87728da5c5ce Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 09:59:47 +0100
Subject: [PATCH 175/238] Client - display public workout when unauthenticated

---
 .../Workout/WorkoutDetail/index.vue           | 27 ++++++++++++++-----
 fittrackee_client/src/router/index.ts         |  2 +-
 .../src/views/workouts/Workout.vue            |  5 +++-
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index cd4b902a1..fa8eebb66 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -24,14 +24,14 @@
           />
           <WorkoutData
             :workoutObject="workoutObject"
-            :useImperialUnits="authUser.imperial_units"
-            :displayHARecord="authUser.display_ascent"
+            :useImperialUnits="useImperialUnits"
+            :displayHARecord="displayHARecord"
           />
         </div>
         <WorkoutVisibility
           :workoutObject="workoutObject"
-          :useImperialUnits="authUser.imperial_units"
-          :displayHARecord="authUser.display_ascent"
+          :useImperialUnits="useImperialUnits"
+          :displayHARecord="displayHARecord"
           v-if="workoutObject.workoutVisibility"
         />
       </template>
@@ -69,7 +69,7 @@
   import { formatWorkoutDate, getDateWithTZ } from '@/utils/dates'
 
   interface Props {
-    authUser: IAuthUserProfile
+    authUser?: IAuthUserProfile
     displaySegment: boolean
     sports: ISport[]
     workoutData: IWorkoutData
@@ -104,6 +104,19 @@
         )
       : {}
   )
+  const useImperialUnits = computed(
+    () => authUser?.value?.imperial_units == undefined
+      ? false
+      : authUser.value.imperial_units
+  )
+  const displayHARecord = computed(
+    () => authUser?.value?.display_ascent == undefined
+      ? true
+      : authUser.value.display_ascent
+  )
+  const resolvedTimezone = Intl.DateTimeFormat().resolvedOptions().timeZone
+  const timezone = authUser?.value && authUser.value.timezone ? authUser.value.timezone : resolvedTimezone
+  const dateFormat = authUser?.value && authUser.value.date_format ? authUser.value.date_format : 'MM/dd/yyyy'
   const workoutObject = computed(() =>
     getWorkoutObject(workout.value, segment.value)
   )
@@ -142,9 +155,9 @@
     const workoutDate = formatWorkoutDate(
       getDateWithTZ(
         props.workoutData.workout.workout_date,
-        props.authUser.timezone
+        timezone
       ),
-      props.authUser.date_format
+      dateFormat
     )
     return {
       ascent: segment ? segment.ascent : workout.ascent,
diff --git a/fittrackee_client/src/router/index.ts b/fittrackee_client/src/router/index.ts
index c3c758790..bb795f684 100644
--- a/fittrackee_client/src/router/index.ts
+++ b/fittrackee_client/src/router/index.ts
@@ -382,7 +382,7 @@ const pathsWithoutAuthentication = [
   '/account-confirmation/email-sent',
 ]
 
-const pathNamesWithoutChecks = ['EmailUpdate', 'About', 'User']
+const pathNamesWithoutChecks = ['EmailUpdate', 'About', 'User', 'Workout']
 
 router.beforeEach((to, from, next) => {
   store
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index 61dec3476..dee56e6c2 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -24,7 +24,7 @@
           <WorkoutSegments
             v-if="!displaySegment && workoutData.workout.segments.length > 1"
             :segments="workoutData.workout.segments"
-            :useImperialUnits="authUser.imperial_units"
+            :useImperialUnits="authUser ? authUser.imperial_units : false"
           />
           <WorkoutNotes
             v-if="!displaySegment && isWorkoutOwner"
@@ -104,6 +104,9 @@
       payload.segmentId = route.params.segmentId
     }
     store.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_DATA, payload)
+    if (sports.value.length === 0) {
+      store.dispatch(SPORTS_STORE.ACTIONS.GET_SPORTS)
+    }
   })
 
   onUnmounted(() => {

From dbe0f1cfd892d51fb66985bfa1b8de4010787430 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 11:01:23 +0100
Subject: [PATCH 176/238] Client - refacto

---
 .../User/ProfileDisplay/UserInfos.vue         | 12 ++++---
 .../Workout/WorkoutDetail/index.vue           | 31 +++++++------------
 .../src/store/modules/authUser/actions.ts     |  8 +++++
 .../src/store/modules/root/enums.ts           |  2 ++
 .../src/store/modules/root/getters.ts         |  3 ++
 .../src/store/modules/root/mutations.ts       | 13 ++++++++
 .../src/store/modules/root/state.ts           |  8 +++++
 .../src/store/modules/root/types.ts           |  7 +++++
 fittrackee_client/src/types/application.ts    |  7 +++++
 9 files changed, 66 insertions(+), 25 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index a8dce4f32..a1142097e 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -139,7 +139,7 @@
 
   import UserRelationshipActions from '@/components/User/UserRelationshipActions.vue'
   import { ROOT_STORE, USERS_STORE } from '@/store/constants'
-  import { TAppConfig } from '@/types/application'
+  import { IDisplayOptions, TAppConfig } from '@/types/application'
   import { IAuthUserProfile, IUserProfile } from '@/types/user'
   import { useStore } from '@/use/useStore'
   import { formatDate, getDateFormat } from '@/utils/dates'
@@ -161,13 +161,15 @@
   const language: ComputedRef<string> = computed(
     () => store.getters[ROOT_STORE.GETTERS.LANGUAGE]
   )
-  const resolvedTimezone = Intl.DateTimeFormat().resolvedOptions().timeZone
+  const displayOptions: ComputedRef<IDisplayOptions> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
+  )
   const registrationDate = computed(() =>
     props.user.created_at
       ? formatDate(
           props.user.created_at,
-          authUser?.value && authUser.value.timezone ? authUser.value.timezone : resolvedTimezone,
-          authUser?.value && authUser.value.date_format ? authUser.value.date_format : 'MM/dd/yyyy'
+          displayOptions.value.timezone,
+          displayOptions.value.dateFormat
       )
       : ''
   )
@@ -176,7 +178,7 @@
       ? format(
           new Date(props.user.birth_date),
           `${getDateFormat(
-            authUser?.value && authUser.value.date_format ? authUser.value.date_format : 'MM/dd/yyyy',
+            displayOptions.value.dateFormat,
             language.value
           )}`,
           { locale: localeFromLanguage[language.value] }
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index fa8eebb66..2c50d0694 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -24,14 +24,14 @@
           />
           <WorkoutData
             :workoutObject="workoutObject"
-            :useImperialUnits="useImperialUnits"
-            :displayHARecord="displayHARecord"
+            :useImperialUnits="displayOptions.useImperialUnits"
+            :displayHARecord="displayOptions.displayAscent"
           />
         </div>
         <WorkoutVisibility
           :workoutObject="workoutObject"
-          :useImperialUnits="useImperialUnits"
-          :displayHARecord="displayHARecord"
+          :useImperialUnits="displayOptions.useImperialUnits"
+          :displayHARecord="displayOptions.displayAscent"
           v-if="workoutObject.workoutVisibility"
         />
       </template>
@@ -55,7 +55,8 @@
   import WorkoutData from '@/components/Workout/WorkoutDetail/WorkoutData.vue'
   import WorkoutMap from '@/components/Workout/WorkoutDetail/WorkoutMap/index.vue'
   import WorkoutVisibility from '@/components/Workout/WorkoutDetail/WorkoutVisibility.vue'
-  import { WORKOUTS_STORE } from '@/store/constants'
+  import { ROOT_STORE, WORKOUTS_STORE } from '@/store/constants'
+  import { IDisplayOptions } from "@/types/application";
   import { ISport } from '@/types/sports'
   import { IAuthUserProfile } from '@/types/user'
   import {
@@ -83,7 +84,7 @@
   const route = useRoute()
   const store = useStore()
 
-  const { authUser, isWorkoutOwner, markerCoordinates, workoutData } =
+  const { isWorkoutOwner, markerCoordinates, workoutData } =
     toRefs(props)
   const workout: ComputedRef<IWorkout> = computed(
     () => props.workoutData.workout
@@ -104,19 +105,9 @@
         )
       : {}
   )
-  const useImperialUnits = computed(
-    () => authUser?.value?.imperial_units == undefined
-      ? false
-      : authUser.value.imperial_units
+  const displayOptions: ComputedRef<IDisplayOptions> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
   )
-  const displayHARecord = computed(
-    () => authUser?.value?.display_ascent == undefined
-      ? true
-      : authUser.value.display_ascent
-  )
-  const resolvedTimezone = Intl.DateTimeFormat().resolvedOptions().timeZone
-  const timezone = authUser?.value && authUser.value.timezone ? authUser.value.timezone : resolvedTimezone
-  const dateFormat = authUser?.value && authUser.value.date_format ? authUser.value.date_format : 'MM/dd/yyyy'
   const workoutObject = computed(() =>
     getWorkoutObject(workout.value, segment.value)
   )
@@ -155,9 +146,9 @@
     const workoutDate = formatWorkoutDate(
       getDateWithTZ(
         props.workoutData.workout.workout_date,
-        timezone
+        displayOptions.value.timezone
       ),
-      dateFormat
+      displayOptions.value.dateFormat
     )
     return {
       ascent: segment ? segment.ascent : workout.ascent,
diff --git a/fittrackee_client/src/store/modules/authUser/actions.ts b/fittrackee_client/src/store/modules/authUser/actions.ts
index 114564226..292c87567 100644
--- a/fittrackee_client/src/store/modules/authUser/actions.ts
+++ b/fittrackee_client/src/store/modules/authUser/actions.ts
@@ -142,6 +142,10 @@ export const actions: ActionTree<IAuthUserState, IRootState> &
               res.data.data.language
             )
           }
+          context.commit(
+            ROOT_STORE.MUTATIONS.UPDATE_DISPLAY_OPTIONS,
+            res.data.data
+          )
           context.dispatch(SPORTS_STORE.ACTIONS.GET_SPORTS)
         } else {
           handleError(context, null)
@@ -325,6 +329,10 @@ export const actions: ActionTree<IAuthUserState, IRootState> &
             AUTH_USER_STORE.MUTATIONS.UPDATE_AUTH_USER_PROFILE,
             res.data.data
           )
+          context.commit(
+            ROOT_STORE.MUTATIONS.UPDATE_DISPLAY_OPTIONS,
+            res.data.data
+          )
           context
             .dispatch(
               ROOT_STORE.ACTIONS.UPDATE_APPLICATION_LANGUAGE,
diff --git a/fittrackee_client/src/store/modules/root/enums.ts b/fittrackee_client/src/store/modules/root/enums.ts
index c1513867c..5e5ef1b38 100644
--- a/fittrackee_client/src/store/modules/root/enums.ts
+++ b/fittrackee_client/src/store/modules/root/enums.ts
@@ -12,6 +12,7 @@ export enum RootGetters {
   ERROR_MESSAGES = 'ERROR_MESSAGES',
   LANGUAGE = 'LANGUAGE',
   LOCALE = 'LOCALE', // date-fns
+  DISPLAY_OPTIONS = 'DISPLAY_OPTIONS',
 }
 
 export enum RootMutations {
@@ -21,4 +22,5 @@ export enum RootMutations {
   UPDATE_APPLICATION_LOADING = 'UPDATE_APPLICATION_LOADING',
   UPDATE_APPLICATION_STATS = 'UPDATE_APPLICATION_STATS',
   UPDATE_LANG = 'UPDATE_LANG',
+  UPDATE_DISPLAY_OPTIONS = 'UPDATE_DISPLAY_OPTIONS',
 }
diff --git a/fittrackee_client/src/store/modules/root/getters.ts b/fittrackee_client/src/store/modules/root/getters.ts
index f1e3e0ff4..18f6ca78e 100644
--- a/fittrackee_client/src/store/modules/root/getters.ts
+++ b/fittrackee_client/src/store/modules/root/getters.ts
@@ -22,4 +22,7 @@ export const getters: GetterTree<IRootState, IRootState> & IRootGetters = {
   [ROOT_STORE.GETTERS.LOCALE]: (state: IRootState) => {
     return state.locale
   },
+  [ROOT_STORE.GETTERS.DISPLAY_OPTIONS]: (state: IRootState) => {
+    return state.application.displayOptions
+  },
 }
diff --git a/fittrackee_client/src/store/modules/root/mutations.ts b/fittrackee_client/src/store/modules/root/mutations.ts
index 8913aa080..809a6932b 100644
--- a/fittrackee_client/src/store/modules/root/mutations.ts
+++ b/fittrackee_client/src/store/modules/root/mutations.ts
@@ -3,6 +3,7 @@ import { MutationTree } from 'vuex'
 import { ROOT_STORE } from '@/store/constants'
 import { IRootState, TRootMutations } from '@/store/modules/root/types'
 import { TAppConfig, IAppStatistics } from '@/types/application'
+import { IAuthUserProfile } from '@/types/user'
 import { localeFromLanguage } from '@/utils/locales'
 
 export const mutations: MutationTree<IRootState> & TRootMutations = {
@@ -37,4 +38,16 @@ export const mutations: MutationTree<IRootState> & TRootMutations = {
     state.language = language
     state.locale = localeFromLanguage[language]
   },
+  [ROOT_STORE.MUTATIONS.UPDATE_DISPLAY_OPTIONS](
+    state: IRootState,
+    authUser: IAuthUserProfile
+  ) {
+    state.application.displayOptions = {
+      ...state.application.displayOptions,
+      dateFormat: authUser.date_format,
+      displayAscent: authUser.display_ascent,
+      timezone: authUser.timezone,
+      useImperialUnits: authUser.imperial_units,
+    }
+  },
 }
diff --git a/fittrackee_client/src/store/modules/root/state.ts b/fittrackee_client/src/store/modules/root/state.ts
index 912ee8378..11770e2c0 100644
--- a/fittrackee_client/src/store/modules/root/state.ts
+++ b/fittrackee_client/src/store/modules/root/state.ts
@@ -15,6 +15,14 @@ export const state: IRootState = {
       users: 0,
       workouts: 0,
     },
+    displayOptions: {
+      dateFormat: 'MM/dd/yyyy',
+      displayAscent: true,
+      timezone: Intl.DateTimeFormat().resolvedOptions().timeZone
+        ? Intl.DateTimeFormat().resolvedOptions().timeZone
+        : 'Europe/Paris',
+      useImperialUnits: false,
+    },
   },
   appLoading: false,
 }
diff --git a/fittrackee_client/src/store/modules/root/types.ts b/fittrackee_client/src/store/modules/root/types.ts
index 145a0cfac..b105cd8ef 100644
--- a/fittrackee_client/src/store/modules/root/types.ts
+++ b/fittrackee_client/src/store/modules/root/types.ts
@@ -12,7 +12,9 @@ import {
   IApplication,
   IAppStatistics,
   TAppConfigForm,
+  IDisplayOptions,
 } from '@/types/application'
+import { IAuthUserProfile } from '@/types/user'
 
 export interface IRootState {
   root: boolean
@@ -54,6 +56,7 @@ export interface IRootGetters {
   [ROOT_STORE.GETTERS.LANGUAGE](state: IRootState): string
 
   [ROOT_STORE.GETTERS.LOCALE](state: IRootState): Locale
+  [ROOT_STORE.GETTERS.DISPLAY_OPTIONS](state: IRootState): IDisplayOptions
 }
 
 export type TRootMutations<S = IRootState> = {
@@ -75,6 +78,10 @@ export type TRootMutations<S = IRootState> = {
     statistics: IAppStatistics
   ): void
   [ROOT_STORE.MUTATIONS.UPDATE_LANG](state: S, language: string): void
+  [ROOT_STORE.MUTATIONS.UPDATE_DISPLAY_OPTIONS](
+    state: S,
+    authUser: IAuthUserProfile
+  ): void
 }
 
 export type TRootStoreModule<S = IRootState> = Omit<
diff --git a/fittrackee_client/src/types/application.ts b/fittrackee_client/src/types/application.ts
index ff6d36075..d586280db 100644
--- a/fittrackee_client/src/types/application.ts
+++ b/fittrackee_client/src/types/application.ts
@@ -20,9 +20,16 @@ export type TAppConfig = {
   weather_provider: string | null
 }
 
+export interface IDisplayOptions {
+  dateFormat: string
+  displayAscent: boolean
+  timezone: string
+  useImperialUnits: boolean
+}
 export interface IApplication {
   statistics: IAppStatistics
   config: TAppConfig
+  displayOptions: IDisplayOptions
 }
 
 export type TAppConfigForm = {

From 0bed7e47ba10051308228e62648d959a06365ee1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 11:19:03 +0100
Subject: [PATCH 177/238] Client - update ESLint config

---
 fittrackee_client/package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fittrackee_client/package.json b/fittrackee_client/package.json
index 8656ae338..c15f2a2cb 100644
--- a/fittrackee_client/package.json
+++ b/fittrackee_client/package.json
@@ -103,6 +103,7 @@
           }
         }
       ],
+      "object-curly-spacing": [ "error", "always" ],
       "vue/multi-word-component-names": "off"
     },
     "overrides": [

From b0ef5f19538523a11eb60e3f8c094874ae22fa04 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 12:15:05 +0100
Subject: [PATCH 178/238] Client - add comments in workout detail (WIP)

---
 .../src/components/Common/VisibilityIcon.vue  |  35 +++++
 .../src/components/User/Username.vue          |  45 ++++++
 .../src/components/Workout/WorkoutCard.vue    |  27 +---
 .../WorkoutDetail/WorkoutAddComment.vue       | 123 +++++++++++++++++
 .../Workout/WorkoutDetail/WorkoutComments.vue | 129 ++++++++++++++++++
 fittrackee_client/src/custom-components.ts    |   2 +
 .../src/locales/en/workouts.json              |   4 +
 .../src/locales/fr/workouts.json              |   4 +
 .../src/store/modules/workouts/actions.ts     |  55 ++++++++
 .../src/store/modules/workouts/enums.ts       |   4 +
 .../src/store/modules/workouts/mutations.ts   |  15 +-
 .../src/store/modules/workouts/state.ts       |   1 +
 .../src/store/modules/workouts/types.ts       |  19 +++
 fittrackee_client/src/types/workouts.ts       |  17 +++
 .../src/views/workouts/Workout.vue            |   2 +
 15 files changed, 456 insertions(+), 26 deletions(-)
 create mode 100644 fittrackee_client/src/components/Common/VisibilityIcon.vue
 create mode 100644 fittrackee_client/src/components/User/Username.vue
 create mode 100644 fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
 create mode 100644 fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue

diff --git a/fittrackee_client/src/components/Common/VisibilityIcon.vue b/fittrackee_client/src/components/Common/VisibilityIcon.vue
new file mode 100644
index 000000000..31ea04930
--- /dev/null
+++ b/fittrackee_client/src/components/Common/VisibilityIcon.vue
@@ -0,0 +1,35 @@
+<template>
+  <div class="visibility">
+    <i
+      :class="`fa fa-${getPrivacyIcon(visibility)}`"
+      aria-hidden="true"
+      :title="$t(`privacy.LEVELS.${visibility}`)"
+    />
+  </div>
+</template>
+
+<script setup lang="ts">
+import { toRefs } from 'vue'
+
+import { TPrivacyLevels } from "@/types/user";
+
+interface Props {
+  visibility: TPrivacyLevels
+}
+
+const props = defineProps<Props>()
+const { visibility } = toRefs(props)
+
+function getPrivacyIcon(privacyLevel: TPrivacyLevels): string {
+  switch (privacyLevel) {
+    case 'public':
+      return 'globe'
+    case 'followers_and_remote_only':
+    case 'followers_only':
+      return 'users'
+    default:
+    case 'private':
+      return 'lock'
+  }
+}
+</script>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/User/Username.vue b/fittrackee_client/src/components/User/Username.vue
new file mode 100644
index 000000000..8daeb342a
--- /dev/null
+++ b/fittrackee_client/src/components/User/Username.vue
@@ -0,0 +1,45 @@
+<template>
+  <router-link
+    v-if="user.username"
+    class="user-name"
+    :to="{
+      name: 'User',
+      params: { username: getUserName(user) },
+    }"
+    :title="user.username"
+  >
+    {{ user.username }}
+  </router-link>
+</template>
+
+<script setup lang="ts">
+  import { toRefs } from 'vue'
+
+  import { IUserProfile } from "@/types/user"
+  import { getUserName } from '@/utils/user'
+
+  interface Props {
+    user: IUserProfile
+  }
+
+  const props = defineProps<Props>()
+  const { user } = toRefs(props)
+</script>
+
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+
+  .user-name {
+    padding-left: 5px;
+    max-width: 300px;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    @media screen and (max-width: $small-limit) {
+      max-width: fit-content;
+    }
+    @media screen and (max-width: $x-small-limit) {
+      max-width: 170px;
+    }
+  }
+</style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Workout/WorkoutCard.vue b/fittrackee_client/src/components/Workout/WorkoutCard.vue
index beba68276..424192545 100644
--- a/fittrackee_client/src/components/Workout/WorkoutCard.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutCard.vue
@@ -5,17 +5,7 @@
         <div class="workout-user-date">
           <div class="workout-user">
             <UserPicture :user="user" />
-            <router-link
-              v-if="user.username"
-              class="workout-user-name"
-              :to="{
-                name: 'User',
-                params: { username: getUserName(user) },
-              }"
-              :title="user.username"
-            >
-              {{ user.username }}
-            </router-link>
+            <Username :user="user" />
           </div>
           <router-link
             class="workout-title"
@@ -146,6 +136,7 @@
   import { ComputedRef, computed, toRefs, withDefaults } from 'vue'
 
   import StaticMap from '@/components/Common/StaticMap.vue'
+  import Username from '@/components/User/Username.vue'
   import UserPicture from '@/components/User/UserPicture.vue'
   import { ROOT_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
@@ -153,7 +144,6 @@
   import { IWorkout } from '@/types/workouts'
   import { useStore } from '@/use/useStore'
   import { formatDate } from '@/utils/dates'
-  import { getUserName } from '@/utils/user'
 
   interface Props {
     user: IUserProfile
@@ -210,19 +200,6 @@
               font-size: 1.5em;
             }
           }
-          .workout-user-name {
-            padding-left: 5px;
-            max-width: 300px;
-            white-space: nowrap;
-            overflow: hidden;
-            text-overflow: ellipsis;
-            @media screen and (max-width: $small-limit) {
-              max-width: fit-content;
-            }
-            @media screen and (max-width: $x-small-limit) {
-              max-width: 170px;
-            }
-          }
         }
         .workout-date {
           font-size: 0.85em;
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
new file mode 100644
index 000000000..c864c4a2b
--- /dev/null
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
@@ -0,0 +1,123 @@
+<template>
+  <div class="add-comment">
+    <form :class="{ errors: formErrors }" @submit.prevent="submitComment">
+      <div class="form-items">
+        <div class="form-item">
+          <label> {{ $t('workouts.COMMENTS.ADD') }}: </label>
+          <CustomTextArea
+              class="comment"
+              name="text"
+              :value="commentForm.text"
+              @updateValue="updateText"
+          />
+        </div>
+      </div>
+      <div class="form-select-buttons">
+        <div class="form-item text-visibility">
+          <label> {{ $t('privacy.VISIBILITY') }}: </label>
+          <select
+            id="text_visibility"
+            v-model="commentForm.textVisibility"
+          >
+            <option
+              v-for="level in privacyLevels"
+              :value="level"
+              :key="level"
+            >
+              {{
+                $t(
+                  `privacy.LEVELS.${getPrivacyLevelForLabel(
+                    level,
+                    appConfig.federation_enabled
+                  )}`
+                )
+              }}
+            </option>
+          </select>
+        </div>
+        <div class="spacer" />
+        <button class="confirm" type="submit">
+          {{ $t('buttons.SUBMIT') }}
+        </button>
+        <button class="cancel">
+          {{ $t('buttons.CANCEL') }}
+        </button>
+      </div>
+      <ErrorMessage :message="errorMessages" v-if="errorMessages"/>
+    </form>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { ComputedRef, computed, reactive, ref, toRefs } from 'vue'
+
+  import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
+  import { TAppConfig } from "@/types/application"
+  import { ICommentForm, IWorkout } from "@/types/workouts"
+  import { useStore } from "@/use/useStore"
+  import { getPrivacyLevels, getPrivacyLevelForLabel } from "@/utils/privacy"
+
+  interface Props {
+    workout: IWorkout
+  }
+
+  const props = defineProps<Props>()
+  const { workout }  = toRefs(props)
+
+  const store = useStore()
+
+  const appConfig: ComputedRef<TAppConfig> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
+  )
+  const privacyLevels = computed(() =>
+    getPrivacyLevels(appConfig.value.federation_enabled)
+  )
+  const commentForm = reactive({
+    text: '',
+    textVisibility: workout.value.workout_visibility,
+  })
+  const errorMessages: ComputedRef<string | string[] | null> = computed(
+      () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
+  )
+  const formErrors = ref(false)
+
+  function updateText(value: string) {
+    commentForm.text = value
+  }
+  function submitComment() {
+    const payload: ICommentForm = {
+      text: commentForm.text,
+      textVisibility: commentForm.textVisibility,
+      workoutId: workout.value.id,
+    }
+    store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_COMMENT, payload)
+  }
+</script>
+
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+
+  .add-comment {
+    margin-top: $default-margin;
+    .comment {
+      padding: $default-padding 0;
+    }
+    .form-select-buttons {
+      display: flex;
+      gap: $default-padding;
+      flex-wrap: wrap;
+      .spacer {
+        flex-grow: 3;
+      }
+    }
+    .text-visibility {
+      display: flex;
+      gap: $default-padding;
+      align-items: center;
+      padding-top: $default-padding * 0.5;
+      select {
+        padding: $default-padding * 0.5 $default-padding;
+      }
+    }
+  }
+</style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
new file mode 100644
index 000000000..9fad09dc6
--- /dev/null
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -0,0 +1,129 @@
+<template>
+  <div class="workout-comments">
+    <Card>
+      <template #title>
+        {{ $t('workouts.COMMENTS.LABEL', 0) }}
+      </template>
+      <template #content>
+        <div
+          v-for="comment in workoutData.comments"
+          :key="comment.id"
+          class="workout-comment"
+        >
+          <UserPicture :user="comment.user" />
+          <div class="comment-detail">
+            <div class="comment-info">
+              <Username :user="comment.user"/>
+              <div class="spacer"/>
+              <div
+                class="comment-date"
+                :title="formatDate(
+                  comment.created_at,
+                  displayOptions.timezone,
+                  displayOptions.dateFormat
+                )"
+              >
+                {{
+                  formatDistance(new Date(comment.created_at), new Date(), {
+                    addSuffix: true,
+                    locale,
+                  })
+                }}
+              </div>
+              <VisibilityIcon :visibility="comment.text_visibility" />
+            </div>
+            <div class="comment-text">
+              {{ comment.text }}
+            </div>
+          </div>
+        </div>
+        <WorkoutAddComment :workout="workoutData.workout" />
+      </template>
+    </Card>
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { Locale, formatDistance } from 'date-fns'
+  import { ComputedRef, computed,  toRefs, withDefaults } from 'vue'
+
+  import Username from '@/components/User/Username.vue'
+  import UserPicture from '@/components/User/UserPicture.vue'
+  import WorkoutAddComment from "@/components/Workout/WorkoutDetail/WorkoutAddComment.vue"
+  import { ROOT_STORE } from "@/store/constants"
+  import { IDisplayOptions } from "@/types/application"
+  import { IAuthUserProfile } from "@/types/user"
+  import { IWorkoutData } from "@/types/workouts"
+  import { useStore } from "@/use/useStore"
+  import { formatDate } from "@/utils/dates";
+
+  interface Props {
+    workoutData: IWorkoutData
+    user?: IAuthUserProfile | null
+  }
+
+  const props = withDefaults(defineProps<Props>(), {
+    user: null,
+  })
+  const { workoutData } = toRefs(props)
+
+  const store = useStore()
+  const locale: ComputedRef<Locale> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.LOCALE]
+  )
+  const displayOptions: ComputedRef<IDisplayOptions> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
+  )
+</script>
+
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+
+  .workout-comments {
+    margin-top: $default-margin*2;
+    .workout-comment {
+      display: flex;
+      padding-bottom: $default-padding*2;
+
+      ::v-deep(.user-picture) {
+        min-width: min-content;
+        align-items: flex-start;
+        img {
+          height: 25px;
+          width: 25px;
+        }
+        .no-picture {
+          font-size: 1.5em;
+        }
+      }
+      .comment-detail {
+        display: flex;
+        flex-direction: column;
+        width: 100%;
+        .comment-info {
+          display: flex;
+          gap: $default-padding;
+          flex-wrap: wrap;
+          align-items: flex-end;
+          .user-name {
+            font-weight: bold;
+            padding-left: $default-padding;
+          }
+          .spacer {
+            flex-grow: 3;
+          }
+          .comment-date {
+            font-size: 0.85em;
+            font-style: italic;
+            white-space: nowrap;
+          }
+        }
+        .comment-text {
+          border-radius: 5px;
+          margin: $default-margin 0;
+          padding-left: $default-padding ;
+        }
+      }
+    }
+  }
+</style>
\ No newline at end of file
diff --git a/fittrackee_client/src/custom-components.ts b/fittrackee_client/src/custom-components.ts
index 9bd2e27c1..bbe342378 100644
--- a/fittrackee_client/src/custom-components.ts
+++ b/fittrackee_client/src/custom-components.ts
@@ -7,6 +7,7 @@ import ErrorMessage from '@/components/Common/ErrorMessage.vue'
 import SportImage from '@/components/Common/Images/SportImage/index.vue'
 import Loader from '@/components/Common/Loader.vue'
 import Modal from '@/components/Common/Modal.vue'
+import VisibilityIcon from '@/components/Common/VisibilityIcon.vue'
 
 export const customComponents = [
   { target: AlertMessage, name: 'AlertMessage' },
@@ -18,4 +19,5 @@ export const customComponents = [
   { target: Loader, name: 'Loader' },
   { target: Modal, name: 'Modal' },
   { target: SportImage, name: 'SportImage' },
+  { target: VisibilityIcon, name: 'VisibilityIcon' },
 ]
diff --git a/fittrackee_client/src/locales/en/workouts.json b/fittrackee_client/src/locales/en/workouts.json
index c0a1fe892..bd11d45fc 100644
--- a/fittrackee_client/src/locales/en/workouts.json
+++ b/fittrackee_client/src/locales/en/workouts.json
@@ -5,6 +5,10 @@
     "AVERAGE_SPEED": "average speed",
     "AVE_SPEED": "ave. speed",
     "BACK_TO_WORKOUT": "back to workout",
+    "COMMENTS": {
+        "ADD": "add a comment",
+        "LABEL": "comment | comments"
+    },
     "DATE": "date",
     "DESCENT": "descent",
     "DISPLAY_FILTERS": "display filters",
diff --git a/fittrackee_client/src/locales/fr/workouts.json b/fittrackee_client/src/locales/fr/workouts.json
index eca1b71ed..30f4d60a5 100644
--- a/fittrackee_client/src/locales/fr/workouts.json
+++ b/fittrackee_client/src/locales/fr/workouts.json
@@ -5,6 +5,10 @@
     "AVERAGE_SPEED": "vitesse moyenne",
     "AVE_SPEED": "vitesse moy.",
     "BACK_TO_WORKOUT": "revenir à la séance",
+    "COMMENTS": {
+        "ADD": "ajouter un commentaire ",
+        "LABEL": "commentaire | commentaires"
+    },
     "DATE": "date",
     "DESCENT": "dénivelé négatif",
     "DISPLAY_FILTERS": "afficher les filtres",
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 89a3b7db6..33eb71dfb 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -10,9 +10,11 @@ import {
   IWorkoutsState,
 } from '@/store/modules/workouts/types'
 import {
+  ICommentForm,
   IWorkout,
   IWorkoutForm,
   IWorkoutPayload,
+  TCommentsPayload,
   TWorkoutsPayload,
 } from '@/types/workouts'
 import { handleError } from '@/utils'
@@ -115,6 +117,10 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
                 }
               })
           }
+          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
+            workoutId: res.data.data.workouts[0].id,
+            page: 1,
+          })
         } else {
           context.commit(WORKOUTS_STORE.MUTATIONS.EMPTY_WORKOUT)
           handleError(context, null)
@@ -240,4 +246,53 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
         context.commit(WORKOUTS_STORE.MUTATIONS.SET_WORKOUT_LOADING, false)
       )
   },
+  [WORKOUTS_STORE.ACTIONS.ADD_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: ICommentForm
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    authApi
+      .post(`/workouts/${payload.workoutId}/comments`, {
+        text: payload.text,
+        text_visibility: payload.textVisibility,
+      })
+      .then((res) => {
+        if (res.data.status === 'created') {
+          context.commit(
+            WORKOUTS_STORE.MUTATIONS.ADD_WORKOUT_COMMENT,
+            res.data.comment
+          )
+        } else {
+          handleError(context, null)
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
+  [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: TCommentsPayload
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    authApi
+      .get(`/workouts/${payload.workoutId}/comments`, {
+        params: {
+          page: payload.page,
+        },
+      })
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.commit(
+            WORKOUTS_STORE.MUTATIONS.SET_WORKOUT_COMMENTS,
+            res.data.data.comments
+          )
+        } else {
+          handleError(context, null)
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/enums.ts b/fittrackee_client/src/store/modules/workouts/enums.ts
index d6c0345a8..f5066599b 100644
--- a/fittrackee_client/src/store/modules/workouts/enums.ts
+++ b/fittrackee_client/src/store/modules/workouts/enums.ts
@@ -1,4 +1,5 @@
 export enum WorkoutsActions {
+  ADD_COMMENT = 'ADD_COMMENT',
   ADD_WORKOUT = 'ADD_WORKOUT',
   ADD_WORKOUT_WITHOUT_GPX = 'ADD_WORKOUT_WITHOUT_GPX',
   DELETE_WORKOUT = 'DELETE_WORKOUT',
@@ -8,6 +9,7 @@ export enum WorkoutsActions {
   GET_TIMELINE_WORKOUTS = 'GET_TIMELINE_WORKOUTS',
   GET_MORE_TIMELINE_WORKOUTS = 'GET_MORE_TIMELINE_WORKOUTS',
   GET_WORKOUT_DATA = 'GET_WORKOUT_DATA',
+  GET_WORKOUT_COMMENTS = 'GET_WORKOUT_COMMENTS',
 }
 
 export enum WorkoutsGetters {
@@ -31,4 +33,6 @@ export enum WorkoutsMutations {
   SET_WORKOUT_CHART_DATA = 'SET_WORKOUT_CHART_DATA',
   SET_WORKOUT_LOADING = 'SET_WORKOUT_LOADING',
   SET_WORKOUTS_PAGINATION = 'SET_WORKOUTS_PAGINATION',
+  ADD_WORKOUT_COMMENT = 'ADD_WORKOUT_COMMENT',
+  SET_WORKOUT_COMMENTS = 'SET_WORKOUT_COMMENTS',
 }
diff --git a/fittrackee_client/src/store/modules/workouts/mutations.ts b/fittrackee_client/src/store/modules/workouts/mutations.ts
index c5187f235..baff22ba6 100644
--- a/fittrackee_client/src/store/modules/workouts/mutations.ts
+++ b/fittrackee_client/src/store/modules/workouts/mutations.ts
@@ -6,7 +6,7 @@ import {
   TWorkoutsMutations,
 } from '@/store/modules/workouts/types'
 import { IPagination } from '@/types/api'
-import { IWorkout, IWorkoutApiChartData } from '@/types/workouts'
+import { IComment, IWorkout, IWorkoutApiChartData } from '@/types/workouts'
 
 export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
   [WORKOUTS_STORE.MUTATIONS.ADD_TIMELINE_WORKOUTS](
@@ -77,6 +77,19 @@ export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
       loading: false,
       workout: <IWorkout>{},
       chartData: [],
+      comments: [],
     }
   },
+  [WORKOUTS_STORE.MUTATIONS.SET_WORKOUT_COMMENTS](
+    state: IWorkoutsState,
+    comments: IComment[]
+  ) {
+    state.workoutData.comments = state.workoutData.comments.concat(comments)
+  },
+  [WORKOUTS_STORE.MUTATIONS.ADD_WORKOUT_COMMENT](
+    state: IWorkoutsState,
+    comment: IComment
+  ) {
+    state.workoutData.comments.push(comment)
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/state.ts b/fittrackee_client/src/store/modules/workouts/state.ts
index dd43dd979..00ca0d65b 100644
--- a/fittrackee_client/src/store/modules/workouts/state.ts
+++ b/fittrackee_client/src/store/modules/workouts/state.ts
@@ -12,5 +12,6 @@ export const workoutsState: IWorkoutsState = {
     loading: false,
     workout: <IWorkout>{},
     chartData: [],
+    comments: [],
   },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 6b20cb5df..5ff107d7d 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -9,12 +9,15 @@ import { WORKOUTS_STORE } from '@/store/constants'
 import { IRootState } from '@/store/modules/root/types'
 import { IPagination } from '@/types/api'
 import {
+  ICommentForm,
   IWorkout,
   IWorkoutApiChartData,
   TWorkoutsPayload,
   IWorkoutData,
   IWorkoutPayload,
   IWorkoutForm,
+  TCommentsPayload,
+  IComment,
 } from '@/types/workouts'
 
 export interface IWorkoutsState {
@@ -62,6 +65,14 @@ export interface IWorkoutsActions {
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: IWorkoutForm
   ): void
+  [WORKOUTS_STORE.ACTIONS.ADD_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: ICommentForm
+  ): void
+  [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: TCommentsPayload
+  ): void
 }
 
 export interface IWorkoutsGetters {
@@ -108,6 +119,14 @@ export type TWorkoutsMutations<S = IWorkoutsState> = {
   [WORKOUTS_STORE.MUTATIONS.EMPTY_CALENDAR_WORKOUTS](state: S): void
   [WORKOUTS_STORE.MUTATIONS.EMPTY_WORKOUTS](state: S): void
   [WORKOUTS_STORE.MUTATIONS.EMPTY_WORKOUT](state: S): void
+  [WORKOUTS_STORE.MUTATIONS.SET_WORKOUT_COMMENTS](
+    state: S,
+    comments: IComment[]
+  ): void
+  [WORKOUTS_STORE.MUTATIONS.ADD_WORKOUT_COMMENT](
+    state: S,
+    comment: IComment
+  ): void
 }
 
 export type TWorkoutsStoreModule<S = IWorkoutsState> = Omit<
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 4e340aa9e..8c60cd77e 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -164,6 +164,7 @@ export interface IWorkoutData {
   loading: boolean
   workout: IWorkout
   chartData: IWorkoutApiChartData[]
+  comments: IComment[]
 }
 
 export type TWorkoutDatasetKeys = 'speed' | 'elevation'
@@ -184,3 +185,19 @@ export interface IWorkoutChartData {
   datasets: TWorkoutDatasets
   coordinates: TCoordinates[]
 }
+
+export interface ICommentForm {
+  text: string
+  textVisibility: TPrivacyLevels
+  workoutId: string
+}
+
+export interface IComment extends ICommentForm {
+  id: string
+}
+
+export interface TCommentsPayload {
+  workoutId: string
+
+  page: number
+}
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index dee56e6c2..e1b9eaaca 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -30,6 +30,7 @@
             v-if="!displaySegment && isWorkoutOwner"
             :notes="workoutData.workout.notes"
           />
+          <WorkoutComments :workoutData="workoutData" />
           <div id="bottom" />
         </div>
         <div v-else>
@@ -56,6 +57,7 @@
   import NotFound from '@/components/Common/NotFound.vue'
   import WorkoutDetail from '@/components/Workout/WorkoutDetail/index.vue'
   import WorkoutChart from '@/components/Workout/WorkoutDetail/WorkoutChart/index.vue'
+  import WorkoutComments from '@/components/Workout/WorkoutDetail/WorkoutComments.vue'
   import WorkoutNotes from '@/components/Workout/WorkoutDetail/WorkoutNotes.vue'
   import WorkoutSegments from '@/components/Workout/WorkoutDetail/WorkoutSegments.vue'
   import WorkoutUser from '@/components/Workout/WorkoutDetail/WorkoutUser.vue'

From 41b574ed24723f5858d6a6aef2aadd3ae36c0858 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 12:15:40 +0100
Subject: [PATCH 179/238] API - lint fix

---
 fittrackee/workouts/sports.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/fittrackee/workouts/sports.py b/fittrackee/workouts/sports.py
index 4a1d8d391..692e455e3 100644
--- a/fittrackee/workouts/sports.py
+++ b/fittrackee/workouts/sports.py
@@ -179,9 +179,13 @@ def get_sports(auth_user: User) -> Dict:
     sports = Sport.query.order_by(Sport.id).all()
     sports_data = []
     for sport in sports:
-        sport_preferences = UserSportPreference.query.filter_by(
-            user_id=auth_user.id, sport_id=sport.id
-        ).first() if auth_user else None
+        sport_preferences = (
+            UserSportPreference.query.filter_by(
+                user_id=auth_user.id, sport_id=sport.id
+            ).first()
+            if auth_user
+            else None
+        )
         sports_data.append(
             sport.serialize(
                 is_admin=auth_user.admin if auth_user else False,

From ccf24a0ee3cfcf8246ccd40743ee5722ff3897ef Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 12:17:15 +0100
Subject: [PATCH 180/238] Client - update button on User profile

---
 .../src/components/User/ProfileDisplay/UserInfos.vue           | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
index a1142097e..d857ac55a 100644
--- a/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
+++ b/fittrackee_client/src/components/User/ProfileDisplay/UserInfos.vue
@@ -116,10 +116,9 @@
         >
           {{ $t('user.PROFILE.EDIT') }}
         </button>
-        <button @click="$router.push('/')">{{ $t('common.HOME') }}</button>
+        <button @click="$router.go(-1)">{{ $t('buttons.BACK') }}</button>
       </div>
     </div>
-
     <ErrorMessage :message="errorMessages" v-if="errorMessages" />
   </div>
 </template>

From 102b1d7636777c3413d6b35660feb44ea38bcd2e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 15 Jan 2023 12:43:48 +0100
Subject: [PATCH 181/238] Client - display user fullname on comment if user is
 from remote instance

---
 .../src/components/Workout/WorkoutDetail/WorkoutComments.vue | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index 9fad09dc6..8c8704a58 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -14,6 +14,9 @@
           <div class="comment-detail">
             <div class="comment-info">
               <Username :user="comment.user"/>
+              <div v-if="comment.user.is_remote" class="user-remote-fullname">
+                {{ comment.user.fullname }}
+              </div>
               <div class="spacer"/>
               <div
                 class="comment-date"
@@ -112,7 +115,7 @@
           .spacer {
             flex-grow: 3;
           }
-          .comment-date {
+          .comment-date, .user-remote-fullname {
             font-size: 0.85em;
             font-style: italic;
             white-space: nowrap;

From 9bf9f18db5f057e62349ffe70c8d45efe6fbdc45 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 18 Jan 2023 08:58:52 +0100
Subject: [PATCH 182/238] Client - sanitize comments

---
 .../Workout/WorkoutDetail/WorkoutComments.vue |  7 ++--
 fittrackee_client/src/utils/inputs.ts         |  3 +-
 .../tests/unit/utils/inputs.spec.ts           | 34 +++++++++++--------
 3 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index 8c8704a58..a82eea882 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -35,9 +35,7 @@
               </div>
               <VisibilityIcon :visibility="comment.text_visibility" />
             </div>
-            <div class="comment-text">
-              {{ comment.text }}
-            </div>
+            <span class="comment-text" v-html="linkifyAndClean(comment.text)"/>
           </div>
         </div>
         <WorkoutAddComment :workout="workoutData.workout" />
@@ -58,7 +56,8 @@
   import { IAuthUserProfile } from "@/types/user"
   import { IWorkoutData } from "@/types/workouts"
   import { useStore } from "@/use/useStore"
-  import { formatDate } from "@/utils/dates";
+  import { formatDate } from "@/utils/dates"
+  import { linkifyAndClean } from '@/utils/inputs'
 
   interface Props {
     workoutData: IWorkoutData
diff --git a/fittrackee_client/src/utils/inputs.ts b/fittrackee_client/src/utils/inputs.ts
index 7ff44a165..1add5875e 100644
--- a/fittrackee_client/src/utils/inputs.ts
+++ b/fittrackee_client/src/utils/inputs.ts
@@ -3,7 +3,6 @@ import sanitizeHtml from 'sanitize-html'
 
 export const linkifyAndClean = (input: string): string => {
   return sanitizeHtml(linkifyHtml(input, { target: '_blank' }), {
-    allowedTags: ['a'],
-    disallowedTagsMode: 'escape',
+    allowedTags: ['a', 'p', 'span'],
   })
 }
diff --git a/fittrackee_client/tests/unit/utils/inputs.spec.ts b/fittrackee_client/tests/unit/utils/inputs.spec.ts
index 509915c1b..301bbdf9a 100644
--- a/fittrackee_client/tests/unit/utils/inputs.spec.ts
+++ b/fittrackee_client/tests/unit/utils/inputs.spec.ts
@@ -28,35 +28,39 @@ describe('linkifyAndClean (URL is linkified)', () => {
 describe('linkifyAndClean (input sanitization)', () => {
   const testsParams = [
     {
-      description: 'it escapes "script" tags',
+      description: 'it removes "script" tags',
       inputString: "<script>alert('evil!')</script>",
-      expectedString: "&lt;script&gt;alert('evil!')&lt;/script&gt;",
+      expectedString: '',
     },
     {
-      description: 'it escapes nested tags',
-      inputString: '<p><b>test</b></p>',
-      expectedString: '&lt;p&gt;&lt;b&gt;test&lt;/b&gt;&lt;/p&gt;',
+      description: 'it removes nested tags',
+      inputString: '<div><b>test</b></div>',
+      expectedString: 'test',
     },
     {
-      description: 'it escapes single tag',
+      description: 'it removes single tag',
+      inputString: '<div>test',
+      expectedString: 'test',
+    },
+    {
+      description: 'it closes single tag',
       inputString: '<p>test',
-      expectedString: '&lt;p&gt;test&lt;/p&gt;',
+      expectedString: '<p>test</p>',
     },
     {
-      description: 'it removes css classe',
-      inputString: '<div class="active">test</div>',
-      expectedString: '&lt;div&gt;test&lt;/div&gt;',
+      description: 'it removes css class',
+      inputString: '<p class="active">test</p>',
+      expectedString: '<p>test</p>',
     },
     {
       description: 'it removes style attribute',
-      inputString: '<div style="display:none;">test</div>',
-      expectedString: '&lt;div&gt;test&lt;/div&gt;',
+      inputString: '<p style="display:none;">test</p>',
+      expectedString: '<p>test</p>',
     },
     {
       description: 'it keeps nested HTML link',
-      inputString: '<p><a href="http://www.example.com">example</a></p>',
-      expectedString:
-        '&lt;p&gt;<a href="http://www.example.com">example</a>&lt;/p&gt;',
+      inputString: '<div><a href="http://www.example.com">example</a></div>',
+      expectedString: '<a href="http://www.example.com">example</a>',
     },
   ]
 

From 8de79df14e46dfd59a12c23fcc88c5467df22e4e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 18 Jan 2023 09:09:43 +0100
Subject: [PATCH 183/238] Client - update comments style

---
 .../Workout/WorkoutDetail/WorkoutAddComment.vue        |  7 +++++--
 .../Workout/WorkoutDetail/WorkoutComments.vue          | 10 +++++++---
 fittrackee_client/src/locales/en/workouts.json         |  3 ++-
 fittrackee_client/src/locales/fr/workouts.json         |  3 ++-
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
index c864c4a2b..1066495e7 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
@@ -2,7 +2,7 @@
   <div class="add-comment">
     <form :class="{ errors: formErrors }" @submit.prevent="submitComment">
       <div class="form-items">
-        <div class="form-item">
+        <div class="form-item add-comment-label">
           <label> {{ $t('workouts.COMMENTS.ADD') }}: </label>
           <CustomTextArea
               class="comment"
@@ -98,7 +98,7 @@
   @import '~@/scss/vars.scss';
 
   .add-comment {
-    margin-top: $default-margin;
+    margin-top: $default-margin * 2;
     .comment {
       padding: $default-padding 0;
     }
@@ -119,5 +119,8 @@
         padding: $default-padding * 0.5 $default-padding;
       }
     }
+    .add-comment-label {
+      font-style: italic;
+    }
   }
 </style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index a82eea882..64d4110e8 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -38,6 +38,9 @@
             <span class="comment-text" v-html="linkifyAndClean(comment.text)"/>
           </div>
         </div>
+        <div class="no-comments" v-if="workoutData.comments.length === 0">
+          {{ $t('workouts.COMMENTS.NO_COMMENTS')}}
+        </div>
         <WorkoutAddComment :workout="workoutData.workout" />
       </template>
     </Card>
@@ -82,11 +85,8 @@
   @import '~@/scss/vars.scss';
 
   .workout-comments {
-    margin-top: $default-margin*2;
     .workout-comment {
       display: flex;
-      padding-bottom: $default-padding*2;
-
       ::v-deep(.user-picture) {
         min-width: min-content;
         align-items: flex-start;
@@ -127,5 +127,9 @@
         }
       }
     }
+
+    .no-comments {
+      font-style: italic;
+    }
   }
 </style>
\ No newline at end of file
diff --git a/fittrackee_client/src/locales/en/workouts.json b/fittrackee_client/src/locales/en/workouts.json
index bd11d45fc..5f80b03be 100644
--- a/fittrackee_client/src/locales/en/workouts.json
+++ b/fittrackee_client/src/locales/en/workouts.json
@@ -7,7 +7,8 @@
     "BACK_TO_WORKOUT": "back to workout",
     "COMMENTS": {
         "ADD": "add a comment",
-        "LABEL": "comment | comments"
+        "LABEL": "comment | comments",
+        "NO_COMMENTS": "No comments"
     },
     "DATE": "date",
     "DESCENT": "descent",
diff --git a/fittrackee_client/src/locales/fr/workouts.json b/fittrackee_client/src/locales/fr/workouts.json
index 30f4d60a5..4e805b07c 100644
--- a/fittrackee_client/src/locales/fr/workouts.json
+++ b/fittrackee_client/src/locales/fr/workouts.json
@@ -7,7 +7,8 @@
     "BACK_TO_WORKOUT": "revenir à la séance",
     "COMMENTS": {
         "ADD": "ajouter un commentaire ",
-        "LABEL": "commentaire | commentaires"
+        "LABEL": "commentaire | commentaires",
+        "NO_COMMENTS": "Pas de commentaires"
     },
     "DATE": "date",
     "DESCENT": "dénivelé négatif",

From a03b7f7bf5206817df12380b4240b22f874cc1b6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 18 Jan 2023 11:13:43 +0100
Subject: [PATCH 184/238] API - fix comment serializer

---
 .../federation/workouts/test_workouts_comments_models.py  | 4 ++--
 .../tests/workouts/test_workouts_comments_models.py       | 8 ++++----
 fittrackee/workouts/models.py                             | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index d789f0860..d19e71330 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -98,7 +98,7 @@ def test_it_serializes_owner_comment(
         assert serialized_comment == {
             'id': comment.short_id,
             'user': user_1.serialize(),
-            'workout_id': workout_cycling_user_1.id,
+            'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
@@ -175,7 +175,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         assert serialized_comment == {
             'id': comment.short_id,
             'user': remote_user.serialize(),
-            'workout_id': remote_cycling_workout.id,
+            'workout_id': remote_cycling_workout.short_id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index bb6838d3a..ce0a25851 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -216,7 +216,7 @@ def test_it_serializes_owner_comment(
         assert serialized_comment == {
             'id': comment.short_id,
             'user': user_1.serialize(),
-            'workout_id': workout_cycling_user_1.id,
+            'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
@@ -289,7 +289,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         assert serialized_comment == {
             'id': comment.short_id,
             'user': user_1.serialize(),
-            'workout_id': workout_cycling_user_1.id,
+            'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
@@ -340,7 +340,7 @@ def test_it_serializes_comment_when_comment_is_public(
         assert serialized_comment == {
             'id': comment.short_id,
             'user': user_1.serialize(),
-            'workout_id': workout_cycling_user_1.id,
+            'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
@@ -391,7 +391,7 @@ def test_it_serializes_comment_when_comment_is_public(
         assert serialized_comment == {
             'id': comment.short_id,
             'user': user_1.serialize(),
-            'workout_id': workout_cycling_user_1.id,
+            'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index a0e984372..a1782ee63 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -734,7 +734,7 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
         return {
             'id': self.short_id,
             'user': self.user.serialize(),
-            'workout_id': self.workout_id,
+            'workout_id': self.workout.short_id,
             'text': self.text,
             'text_visibility': self.text_visibility,
             'created_at': self.created_at,

From 382b931b753c668f2dee4bff602dbd52bb2dcd84 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 18 Jan 2023 12:43:05 +0100
Subject: [PATCH 185/238] API - add route to delete comment

---
 fittrackee/federation/objects/tombstone.py    |  27 ++-
 .../test_federation_objects_tombstone.py      | 112 +++++++++-
 .../federation/users/test_users_model.py      |  89 +++++++-
 .../workouts/test_workouts_comments_api.py    | 177 +++++++++++++++
 .../workouts/test_workouts_comments_models.py |  12 +-
 .../workouts/test_workouts_models.py          |   9 +-
 .../workouts/test_workouts_comments_api.py    | 206 ++++++++++++++++++
 fittrackee/tests/workouts/utils.py            |  10 +
 fittrackee/users/models.py                    |  26 ++-
 fittrackee/workouts/models.py                 |   7 +-
 fittrackee/workouts/workouts.py               |  76 ++++++-
 11 files changed, 699 insertions(+), 52 deletions(-)

diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
index 62021db76..f9fb3f68f 100644
--- a/fittrackee/federation/objects/tombstone.py
+++ b/fittrackee/federation/objects/tombstone.py
@@ -1,4 +1,4 @@
-from typing import TYPE_CHECKING, Dict
+from typing import TYPE_CHECKING, Dict, Union
 
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
@@ -8,45 +8,44 @@
 from .base_object import BaseObject
 
 if TYPE_CHECKING:
-    from fittrackee.workouts.models import Workout
+    from fittrackee.workouts.models import Workout, WorkoutComment
 
 
 class TombstoneObject(BaseObject):
     # WIP
-    # for now only tombstone for workouts is implemented
-    object_to_delete: 'Workout'
+    object_to_delete: Union['Workout', 'WorkoutComment']
 
-    def __init__(self, object_to_delete: 'Workout') -> None:
+    def __init__(
+        self, object_to_delete: Union['Workout', 'WorkoutComment']
+    ) -> None:
         self.object_to_delete = object_to_delete
+        self.object_to_delete_type = object_to_delete.__class__.__name__
         self.type = ActivityType.DELETE
         self.actor = self.object_to_delete.user.actor
         self.visibility = self._get_object_visibility()
+        # TODO: handle comments with mentions
         if self.visibility in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]:
             raise InvalidVisibilityException(
                 f"object visibility is: '{self.visibility.value}'"
             )
 
-    def _get_object_id(self) -> str:
-        return (
-            f'{self.actor.activitypub_id}/workouts/'
-            f'{self.object_to_delete.short_id}'
-        )
-
     def _get_object_visibility(self) -> PrivacyLevel:
+        if self.object_to_delete_type == 'WorkoutComment':
+            return self.object_to_delete.text_visibility
         return self.object_to_delete.workout_visibility
 
     def get_activity(self) -> Dict:
-        object_id = self._get_object_id()
         delete_activity = {
             "@context": AP_CTX,
-            "id": f'{object_id}/delete',
+            "id": f'{self.object_to_delete.ap_id}/delete',
             "type": "Delete",
             "actor": self.actor.activitypub_id,
             "object": {
                 "type": "Tombstone",
-                "id": object_id,
+                "id": self.object_to_delete.ap_id,
             },
         }
+        # TODO: handle comments with mentions
         if self.visibility == PrivacyLevel.PUBLIC:
             delete_activity['to'] = [PUBLIC_STREAM]
             delete_activity['cc'] = [self.actor.followers_url]
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
index a8cd60c64..a0617f8b5 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -5,6 +5,7 @@
 from fittrackee.federation.constants import AP_CTX, PUBLIC_STREAM
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
@@ -22,6 +23,10 @@ def test_it_raises_error_when_visibility_is_private(
         input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_visibility
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts'
+            f'/{workout_cycling_user_1.short_id}'
+        )
         with pytest.raises(
             InvalidVisibilityException,
             match=f"object visibility is: '{input_visibility.value}'",
@@ -36,15 +41,102 @@ def test_it_generates_delete_activity_for_workout_with_public_visibility(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts'
+            f'/{workout_cycling_user_1.short_id}'
+        )
         tombstone = TombstoneObject(workout_cycling_user_1)
 
         delete_activity = tombstone.get_activity()
 
+        assert delete_activity == {
+            "@context": AP_CTX,
+            "id": f'{workout_cycling_user_1.ap_id}/delete',
+            "type": "Delete",
+            "actor": user_1.actor.activitypub_id,
+            "object": {
+                "type": "Tombstone",
+                "id": workout_cycling_user_1.ap_id,
+            },
+            "to": [PUBLIC_STREAM],
+            "cc": [user_1.actor.followers_url],
+        }
+
+    def test_it_generates_delete_activity_for_workout_with_follower_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts'
+            f'/{workout_cycling_user_1.short_id}'
+        )
+        tombstone = TombstoneObject(workout_cycling_user_1)
+
+        delete_activity = tombstone.get_activity()
+
+        assert delete_activity == {
+            "@context": AP_CTX,
+            "id": f'{workout_cycling_user_1.ap_id}/delete',
+            "type": "Delete",
+            "actor": user_1.actor.activitypub_id,
+            "object": {
+                "type": "Tombstone",
+                "id": workout_cycling_user_1.ap_id,
+            },
+            "to": [user_1.actor.followers_url],
+            "cc": [],
+        }
+
+
+class TestTombstoneObjectForWorkoutComment(WorkoutCommentMixin):
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_when_visibility_is_private(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1, workout_cycling_user_1, text_visibility=input_visibility
+        )
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=f"object visibility is: '{input_visibility.value}'",
+        ):
+            TombstoneObject(comment)
+
+    def test_it_generates_delete_activity_for_comment_with_public_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
+        )
+        tombstone = TombstoneObject(comment)
+
+        delete_activity = tombstone.get_activity()
+
         assert delete_activity == {
             "@context": AP_CTX,
             "id": (
                 f'{user_1.actor.activitypub_id}/workouts/'
-                f'{workout_cycling_user_1.short_id}/delete'
+                f'{workout_cycling_user_1.short_id}/comments/'
+                f'{comment.short_id}/delete'
             ),
             "type": "Delete",
             "actor": user_1.actor.activitypub_id,
@@ -52,7 +144,8 @@ def test_it_generates_delete_activity_for_workout_with_public_visibility(
                 "type": "Tombstone",
                 "id": (
                     f'{user_1.actor.activitypub_id}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
+                    f'{workout_cycling_user_1.short_id}/comments/'
+                    f'{comment.short_id}'
                 ),
             },
             "to": [PUBLIC_STREAM],
@@ -66,10 +159,13 @@ def test_it_generates_delete_activity_for_workout_with_follower_visibility(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
-        workout_cycling_user_1.workout_visibility = (
-            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
-        tombstone = TombstoneObject(workout_cycling_user_1)
+        tombstone = TombstoneObject(comment)
 
         delete_activity = tombstone.get_activity()
 
@@ -77,7 +173,8 @@ def test_it_generates_delete_activity_for_workout_with_follower_visibility(
             "@context": AP_CTX,
             "id": (
                 f'{user_1.actor.activitypub_id}/workouts/'
-                f'{workout_cycling_user_1.short_id}/delete'
+                f'{workout_cycling_user_1.short_id}/comments/'
+                f'{comment.short_id}/delete'
             ),
             "type": "Delete",
             "actor": user_1.actor.activitypub_id,
@@ -85,7 +182,8 @@ def test_it_generates_delete_activity_for_workout_with_follower_visibility(
                 "type": "Tombstone",
                 "id": (
                     f'{user_1.actor.activitypub_id}/workouts/'
-                    f'{workout_cycling_user_1.short_id}'
+                    f'{workout_cycling_user_1.short_id}/comments/'
+                    f'{comment.short_id}'
                 ),
             },
             "to": [user_1.actor.followers_url],
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 6d0e6f189..8d09fa3fe 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -216,8 +216,8 @@ def test_it_returns_empty_set_if_not_followers(
         inboxes = user_1.get_followers_shared_inboxes()
 
         assert inboxes == {
-            'fittrackee': set(),
-            'others': set(),
+            'fittrackee': [],
+            'others': [],
         }
 
     def test_it_returns_empty_set_if_only_local_followers(
@@ -232,8 +232,8 @@ def test_it_returns_empty_set_if_only_local_followers(
         inboxes = user_1.get_followers_shared_inboxes()
 
         assert inboxes == {
-            'fittrackee': set(),
-            'others': set(),
+            'fittrackee': [],
+            'others': [],
         }
 
     def test_it_returns_shared_inbox_when_remote_followers_from_fittrackee_instance(  # noqa
@@ -248,8 +248,8 @@ def test_it_returns_shared_inbox_when_remote_followers_from_fittrackee_instance(
         inboxes = user_1.get_followers_shared_inboxes()
 
         assert inboxes == {
-            'fittrackee': {remote_user.actor.shared_inbox_url},
-            'others': set(),
+            'fittrackee': [remote_user.actor.shared_inbox_url],
+            'others': [],
         }
 
     def test_it_returns_shared_inbox_when_remote_followers_from_not_fittrackee_instance(  # noqa
@@ -264,8 +264,8 @@ def test_it_returns_shared_inbox_when_remote_followers_from_not_fittrackee_insta
         inboxes = user_1.get_followers_shared_inboxes()
 
         assert inboxes == {
-            'fittrackee': set(),
-            'others': {remote_user_2.actor.shared_inbox_url},
+            'fittrackee': [],
+            'others': [remote_user_2.actor.shared_inbox_url],
         }
 
     def test_it_returns_shared_inbox_from_several_remote_users(
@@ -283,6 +283,75 @@ def test_it_returns_shared_inbox_from_several_remote_users(
         inboxes = user_1.get_followers_shared_inboxes()
 
         assert inboxes == {
-            'fittrackee': {remote_user.actor.shared_inbox_url},
-            'others': {remote_user_2.actor.shared_inbox_url},
+            'fittrackee': [remote_user.actor.shared_inbox_url],
+            'others': [remote_user_2.actor.shared_inbox_url],
         }
+
+
+class TestUserGetRecipientsSharedInboxAsList:
+    def test_it_returns_empty_set_if_not_followers(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        inboxes = user_1.get_followers_shared_inboxes_as_list()
+
+        assert inboxes == []
+
+    def test_it_returns_empty_set_if_only_local_followers(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+
+        inboxes = user_1.get_followers_shared_inboxes_as_list()
+
+        assert inboxes == []
+
+    def test_it_returns_shared_inbox_when_remote_followers_from_fittrackee_instance(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+
+        inboxes = user_1.get_followers_shared_inboxes_as_list()
+
+        assert inboxes == [remote_user.actor.shared_inbox_url]
+
+    def test_it_returns_shared_inbox_when_remote_followers_from_not_fittrackee_instance(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user_2: User,
+    ) -> None:
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+
+        inboxes = user_1.get_followers_shared_inboxes_as_list()
+
+        assert inboxes == [remote_user_2.actor.shared_inbox_url]
+
+    def test_it_returns_shared_inbox_from_several_remote_users(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        remote_user_2: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        generate_follow_request(remote_user_2, user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+
+        inboxes = user_1.get_followers_shared_inboxes_as_list()
+
+        assert sorted(inboxes) == sorted(
+            [
+                remote_user.actor.shared_inbox_url,
+                remote_user_2.actor.shared_inbox_url,
+            ]
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 6cee7c722..dd656e23a 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -789,3 +789,180 @@ def test_it_returns_only_comments_user_can_access(
             'pages': 3,
             'total': 11,
         }
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestDeleteWorkoutComment(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_returns_404_if_comment_is_not_visible_to_user(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {comment.short_id})",
+        )
+
+    def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        note_activity = comment.get_activity(activity_type='Delete')
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        remote_user_2.send_follow_request_to(user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        note_activity = comment.get_activity(activity_type='Delete')
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user_2.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index d19e71330..341622151 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -224,8 +224,9 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
             comment.serialize()
 
 
-class TestWorkoutCommentModelGetActivity(WorkoutCommentMixin):
+class TestWorkoutCommentModelGetCreateActivity(WorkoutCommentMixin):
     activity_type = 'Create'
+    expected_object_type = 'Note'
 
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
@@ -271,5 +272,12 @@ def test_it_returns_activities_when_visibility_is_valid(
         note_activity = comment.get_activity(activity_type=self.activity_type)
 
         assert note_activity['type'] == self.activity_type
-        assert note_activity['object']['type'] == 'Note'
+        assert note_activity['object']['type'] == self.expected_object_type
         assert note_activity['object']['id'] == comment.ap_id
+
+
+class TestWorkoutCommentModelGetDeleteActivity(
+    TestWorkoutCommentModelGetCreateActivity
+):
+    activity_type = 'Delete'
+    expected_object_type = 'Tombstone'
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 4a3becf25..c40bdd12e 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -206,6 +206,10 @@ def test_it_returns_activities_when_visibility_is_valid(
         workout_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = workout_visibility
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
 
         delete_workout, _ = workout_cycling_user_1.get_activities(
             activity_type='Delete'
@@ -213,7 +217,4 @@ def test_it_returns_activities_when_visibility_is_valid(
 
         assert delete_workout['type'] == 'Delete'
         assert delete_workout['object']['type'] == 'Tombstone'
-        assert delete_workout['object']['id'] == (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        assert delete_workout['object']['id'] == workout_cycling_user_1.ap_id
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index f8ecd85f8..32da48e6d 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -1335,3 +1335,209 @@ def test_it_returns_comments_ordered_by_creation_date_ascending(
         assert 'success' in data['status']
         assert data['data']['comments'][0]['id'] == comments[0].short_id
         assert data['data']['comments'][4]['id'] == comments[4].short_id
+
+
+class TestDeleteWorkoutComment(
+    ApiTestCaseMixin, BaseTestMixin, WorkoutCommentMixin
+):
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client = app.test_client()
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_404_if_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_short_id = self.random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_short_id}"
+            f"/comments/{self.random_short_id()}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_short_id})",
+        )
+
+    def test_it_returns_404_if_comment_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment_short_id = self.random_short_id()
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment_short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {comment_short_id})",
+        )
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_returns_404_if_comment_is_not_visible_to_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=input_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {comment.short_id})",
+        )
+
+    def test_it_returns_403_if_user_is_not_comment_owner(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_403(response)
+
+    def test_it_deletes_workout_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 204
+        assert WorkoutComment.query.first() is None
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 2ab067706..65f83eef7 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -65,5 +65,15 @@ def create_comment(
             created_at=created_at,
         )
         db.session.add(comment)
+        db.session.flush()
+        actor = comment.user.actor
+        comment.ap_id = (
+            f'{actor.activitypub_id}/workouts/{workout.short_id}'
+            f'/comments/{comment.short_id}'
+        )
+        comment.remote_url = (
+            f'https://{actor.domain.name}/workouts/{workout.short_id}'
+            f'/comments/{comment.short_id}'
+        )
         db.session.commit()
         return comment
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index d965c5cc2..35d1c66d8 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -1,5 +1,5 @@
 from datetime import datetime
-from typing import Dict, Optional, Union
+from typing import Dict, List, Optional, Union
 
 import jwt
 from flask import current_app
@@ -405,7 +405,12 @@ def follows(self, user: 'User') -> str:
         return self.follow_request_status(follow_request)
 
     @federation_required
-    def get_followers_shared_inboxes(self) -> Dict:
+    def get_followers_shared_inboxes(self) -> Dict[str, List[str]]:
+        """
+        returns a dict with 2 distinct lists:
+        - followers for remote FitTrackee instances
+        - followers for remote non-FitTrackee instances
+        """
         fittrackee_shared_inboxes = set()
         other_shared_inboxes = set()
         for follower in self.followers.all():
@@ -417,10 +422,23 @@ def get_followers_shared_inboxes(self) -> Dict:
                 else:
                     other_shared_inboxes.add(follower.actor.shared_inbox_url)
         return {
-            'fittrackee': fittrackee_shared_inboxes,
-            'others': other_shared_inboxes,
+            'fittrackee': list(fittrackee_shared_inboxes),
+            'others': list(other_shared_inboxes),
         }
 
+    def get_followers_shared_inboxes_as_list(self) -> List[str]:
+        """
+        returns all remote followers regardless instances application
+        (FitTrackee or non-FitTrackee)
+        """
+        return list(
+            set(
+                follower.actor.shared_inbox_url
+                for follower in self.followers.all()
+                if follower.actor.is_remote
+            )
+        )
+
     def get_user_url(self) -> str:
         """Return user url on user interface"""
         return f"{current_app.config['UI_URL']}/users/{self.username}"
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index a1782ee63..9b58f0f36 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -741,9 +741,14 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
         }
 
     def get_activity(self, activity_type: str) -> Dict:
+        # TODO: Update
         if activity_type == 'Create':
             return WorkoutCommentObject(
                 self, activity_type=activity_type
             ).get_activity()
-        # TODO: Update and Delete
+        if activity_type == 'Delete':
+            tombstone_object = TombstoneObject(self)
+            delete_activity = tombstone_object.get_activity()
+            return delete_activity
+        # TODO: Update
         return {}
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 4a4cc80a4..ce53e93b6 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -83,13 +83,13 @@ def handle_workout_activities(workout: Workout, activity_type: str) -> None:
         send_to_remote_inbox.send(
             sender_id=actor.id,
             activity=workout_activity,
-            recipients=list(recipients['fittrackee']),
+            recipients=recipients['fittrackee'],
         )
     if recipients['others']:
         send_to_remote_inbox.send(
             sender_id=actor.id,
             activity=note_activity,
-            recipients=list(recipients['others']),
+            recipients=recipients['others'],
         )
 
 
@@ -1594,14 +1594,13 @@ def add_workout_comment(
                 f'comments/{new_comment.short_id}'
             )
             note_activity = new_comment.get_activity(activity_type='Create')
-            recipients = auth_user.get_followers_shared_inboxes()
-            send_to_remote_inbox.send(
-                sender_id=auth_user.actor.id,
-                activity=note_activity,
-                recipients=(
-                    list(recipients['fittrackee']) + list(recipients['others'])
-                ),
-            )
+            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            if recipients:
+                send_to_remote_inbox.send(
+                    sender_id=auth_user.actor.id,
+                    activity=note_activity,
+                    recipients=recipients,
+                )
         db.session.commit()
 
         return (
@@ -1732,3 +1731,60 @@ def get_workout_comments(
         }
     except Exception as e:
         return handle_error_and_return_response(e)
+
+
+@workouts_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
+    methods=["DELETE"],
+)
+@require_auth(scopes=['workouts:write'])
+def delete_workout_comment(
+    auth_user: User, workout_short_id: str, comment_short_id: str
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    try:
+        workout_uuid = decode_short_id(workout_short_id)
+        workout = Workout.query.filter_by(uuid=workout_uuid).first()
+        if not workout:
+            return NotFoundErrorResponse(
+                f"workout not found (id: {workout_short_id})"
+            )
+
+        workout_comment_uuid = decode_short_id(comment_short_id)
+        workout_comment = WorkoutComment.query.filter_by(
+            uuid=workout_comment_uuid
+        ).first()
+        if not workout_comment:
+            return NotFoundErrorResponse(
+                f"workout comment not found (id: {comment_short_id})"
+            )
+
+        if not can_view_workout_comment(workout_comment, auth_user):
+            return NotFoundErrorResponse(
+                f"workout comment not found (id: {comment_short_id})"
+            )
+
+        if auth_user.id != workout_comment.user.id:
+            return ForbiddenErrorResponse()
+
+        if sending_activities_allowed(workout_comment.text_visibility):
+            note_activity = workout_comment.get_activity(
+                activity_type='Delete'
+            )
+            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            if recipients:
+                send_to_remote_inbox.send(
+                    sender_id=auth_user.actor.id,
+                    activity=note_activity,
+                    recipients=recipients,
+                )
+
+        db.session.delete(workout_comment)
+        db.session.commit()
+        return {'status': 'no content'}, 204
+    except (
+        exc.IntegrityError,
+        exc.OperationalError,
+        ValueError,
+        OSError,
+    ) as e:
+        return handle_error_and_return_response(e, db=db)

From 095e767648eb2275f6d21e16d65afda29a401302 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 18 Jan 2023 18:30:40 +0100
Subject: [PATCH 186/238] Client - delete a comment (WIP)

---
 .../src/components/Common/CustomTextArea.vue  |  6 +++
 .../WorkoutDetail/WorkoutAddComment.vue       | 31 ++++++-----
 .../Workout/WorkoutDetail/WorkoutComments.vue | 53 ++++++++++++++++---
 .../src/locales/en/workouts.json              |  1 +
 .../src/locales/fr/workouts.json              |  3 +-
 .../src/store/modules/workouts/actions.ts     | 24 ++++++++-
 .../src/store/modules/workouts/enums.ts       |  1 +
 .../src/store/modules/workouts/mutations.ts   |  2 +-
 .../src/store/modules/workouts/types.ts       |  9 +++-
 fittrackee_client/src/types/workouts.ts       | 13 ++++-
 .../src/views/workouts/Workout.vue            |  2 +-
 11 files changed, 116 insertions(+), 29 deletions(-)

diff --git a/fittrackee_client/src/components/Common/CustomTextArea.vue b/fittrackee_client/src/components/Common/CustomTextArea.vue
index 70f75ab6b..f7debf821 100644
--- a/fittrackee_client/src/components/Common/CustomTextArea.vue
+++ b/fittrackee_client/src/components/Common/CustomTextArea.vue
@@ -5,6 +5,8 @@
       :name="name"
       :maxLenght="charLimit"
       :disabled="disabled"
+      :required="required"
+      :placeholder="placeholder"
       v-model="text"
       @input="updateText"
     />
@@ -22,11 +24,15 @@
     charLimit?: number
     disabled?: boolean
     input?: string | null
+    required?: boolean
+    placeholder? : string
   }
   const props = withDefaults(defineProps<Props>(), {
     charLimit: 500,
     disabled: false,
     input: '',
+    required: false,
+    placeholder: '',
   })
 
   const emit = defineEmits(['updateValue'])
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
index 1066495e7..0e34f6cc8 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
@@ -1,13 +1,14 @@
 <template>
   <div class="add-comment">
-    <form :class="{ errors: formErrors }" @submit.prevent="submitComment">
+    <form @submit.prevent="submitComment">
       <div class="form-items">
         <div class="form-item add-comment-label">
-          <label> {{ $t('workouts.COMMENTS.ADD') }}: </label>
           <CustomTextArea
               class="comment"
               name="text"
-              :value="commentForm.text"
+              :input="commentText"
+              :required="true"
+              :placeholder="$t('workouts.COMMENTS.ADD')"
               @updateValue="updateText"
           />
         </div>
@@ -17,7 +18,7 @@
           <label> {{ $t('privacy.VISIBILITY') }}: </label>
           <select
             id="text_visibility"
-            v-model="commentForm.textVisibility"
+            v-model="commentTextVisibility"
           >
             <option
               v-for="level in privacyLevels"
@@ -39,7 +40,7 @@
         <button class="confirm" type="submit">
           {{ $t('buttons.SUBMIT') }}
         </button>
-        <button class="cancel">
+        <button class="cancel" @click.prevent="onCancel">
           {{ $t('buttons.CANCEL') }}
         </button>
       </div>
@@ -49,10 +50,11 @@
 </template>
 
 <script setup lang="ts">
-  import { ComputedRef, computed, reactive, ref, toRefs } from 'vue'
+  import { ComputedRef, Ref, computed, ref, toRefs } from 'vue'
 
   import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
   import { TAppConfig } from "@/types/application"
+  import { TPrivacyLevels } from "@/types/user";
   import { ICommentForm, IWorkout } from "@/types/workouts"
   import { useStore } from "@/use/useStore"
   import { getPrivacyLevels, getPrivacyLevelForLabel } from "@/utils/privacy"
@@ -72,25 +74,26 @@
   const privacyLevels = computed(() =>
     getPrivacyLevels(appConfig.value.federation_enabled)
   )
-  const commentForm = reactive({
-    text: '',
-    textVisibility: workout.value.workout_visibility,
-  })
+  const commentText: Ref<string> = ref('')
+  const commentTextVisibility: Ref<TPrivacyLevels> = ref(workout.value.workout_visibility)
   const errorMessages: ComputedRef<string | string[] | null> = computed(
       () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
   )
-  const formErrors = ref(false)
 
   function updateText(value: string) {
-    commentForm.text = value
+    commentText.value = value
+  }
+  function onCancel() {
+    updateText('')
   }
   function submitComment() {
     const payload: ICommentForm = {
-      text: commentForm.text,
-      textVisibility: commentForm.textVisibility,
+      text: commentText.value,
+      textVisibility: commentTextVisibility.value,
       workoutId: workout.value.id,
     }
     store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_COMMENT, payload)
+    updateText('')
   }
 </script>
 
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index 64d4110e8..5a3887ef6 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -1,5 +1,12 @@
 <template>
   <div class="workout-comments">
+    <Modal
+      v-if="commentToDelete"
+      :title="$t('common.CONFIRMATION')"
+      :message="$t('workouts.COMMENTS.DELETION_CONFIRMATION')"
+      @confirmAction="deleteComment(commentToDelete)"
+      @cancelAction="() => commentToDelete = null"
+    />
     <Card>
       <template #title>
         {{ $t('workouts.COMMENTS.LABEL', 0) }}
@@ -34,6 +41,12 @@
                 }}
               </div>
               <VisibilityIcon :visibility="comment.text_visibility" />
+              <i
+                class="fa fa-trash"
+                v-if="isCommentOwner(authUser, comment.user)"
+                aria-hidden="true"
+                @click="() => commentToDelete = comment"
+              />
             </div>
             <span class="comment-text" v-html="linkifyAndClean(comment.text)"/>
           </div>
@@ -49,26 +62,27 @@
 
 <script setup lang="ts">
   import { Locale, formatDistance } from 'date-fns'
-  import { ComputedRef, computed,  toRefs, withDefaults } from 'vue'
+  import { ComputedRef, Ref, computed, ref, toRefs, watch } from 'vue'
 
   import Username from '@/components/User/Username.vue'
   import UserPicture from '@/components/User/UserPicture.vue'
   import WorkoutAddComment from "@/components/Workout/WorkoutDetail/WorkoutAddComment.vue"
-  import { ROOT_STORE } from "@/store/constants"
+  import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
   import { IDisplayOptions } from "@/types/application"
-  import { IAuthUserProfile } from "@/types/user"
-  import { IWorkoutData } from "@/types/workouts"
+  import { IAuthUserProfile, IUserProfile } from "@/types/user"
+  import { IComment, IWorkoutData } from "@/types/workouts"
   import { useStore } from "@/use/useStore"
   import { formatDate } from "@/utils/dates"
   import { linkifyAndClean } from '@/utils/inputs'
+  import { getUserName } from "@/utils/user"
 
   interface Props {
     workoutData: IWorkoutData
-    user?: IAuthUserProfile | null
+    authUser?: IAuthUserProfile | null
   }
 
   const props = withDefaults(defineProps<Props>(), {
-    user: null,
+    authUser: null,
   })
   const { workoutData } = toRefs(props)
 
@@ -79,6 +93,26 @@
   const displayOptions: ComputedRef<IDisplayOptions> = computed(
     () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
   )
+  const commentToDelete: Ref<IComment | null> = ref(null)
+
+  function isCommentOwner(authUser: IAuthUserProfile | null, commentUser: IUserProfile) {
+    return authUser && getUserName(authUser) === getUserName(commentUser)
+  }
+
+  function deleteComment(comment: IComment) {
+    store.dispatch(WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT, {
+      workoutId: comment.workout_id,
+      commentId: comment.id
+    })
+  }
+
+  watch(
+    () => workoutData.value.comments,
+    () => {
+      commentToDelete.value = null
+    }
+  )
+
 </script>
 
 <style scoped lang="scss">
@@ -119,6 +153,13 @@
             font-style: italic;
             white-space: nowrap;
           }
+          .fa-trash {
+            padding-bottom: 3px;
+          }
+
+          ::v-deep(.fa-users) {
+            font-size: .8em;
+          }
         }
         .comment-text {
           border-radius: 5px;
diff --git a/fittrackee_client/src/locales/en/workouts.json b/fittrackee_client/src/locales/en/workouts.json
index 5f80b03be..471d74a93 100644
--- a/fittrackee_client/src/locales/en/workouts.json
+++ b/fittrackee_client/src/locales/en/workouts.json
@@ -7,6 +7,7 @@
     "BACK_TO_WORKOUT": "back to workout",
     "COMMENTS": {
         "ADD": "add a comment",
+        "DELETION_CONFIRMATION": "Are you sure you want to delete this comment?",
         "LABEL": "comment | comments",
         "NO_COMMENTS": "No comments"
     },
diff --git a/fittrackee_client/src/locales/fr/workouts.json b/fittrackee_client/src/locales/fr/workouts.json
index 4e805b07c..a29de8fba 100644
--- a/fittrackee_client/src/locales/fr/workouts.json
+++ b/fittrackee_client/src/locales/fr/workouts.json
@@ -6,7 +6,8 @@
     "AVE_SPEED": "vitesse moy.",
     "BACK_TO_WORKOUT": "revenir à la séance",
     "COMMENTS": {
-        "ADD": "ajouter un commentaire ",
+        "ADD": "ajouter un commentaire",
+        "DELETION_CONFIRMATION": "Etes-vous sûr de vouloir supprimer ce commentaire ?",
         "LABEL": "commentaire | commentaires",
         "NO_COMMENTS": "Pas de commentaires"
     },
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 33eb71dfb..66257deca 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -14,8 +14,9 @@ import {
   IWorkout,
   IWorkoutForm,
   IWorkoutPayload,
-  TCommentsPayload,
+  ICommentsPayload,
   TWorkoutsPayload,
+  ICommentPayload,
 } from '@/types/workouts'
 import { handleError } from '@/utils'
 
@@ -272,7 +273,7 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
   },
   [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
     context: ActionContext<IWorkoutsState, IRootState>,
-    payload: TCommentsPayload
+    payload: ICommentsPayload
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     authApi
@@ -295,4 +296,23 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
         handleError(context, error)
       })
   },
+  [WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: ICommentPayload
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    authApi
+      .delete(`workouts/${payload.workoutId}/comments/${payload.commentId}`)
+      .then((res) => {
+        if (res.status === 204) {
+          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
+            workoutId: payload.workoutId,
+            page: 1,
+          })
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/enums.ts b/fittrackee_client/src/store/modules/workouts/enums.ts
index f5066599b..b293413e6 100644
--- a/fittrackee_client/src/store/modules/workouts/enums.ts
+++ b/fittrackee_client/src/store/modules/workouts/enums.ts
@@ -3,6 +3,7 @@ export enum WorkoutsActions {
   ADD_WORKOUT = 'ADD_WORKOUT',
   ADD_WORKOUT_WITHOUT_GPX = 'ADD_WORKOUT_WITHOUT_GPX',
   DELETE_WORKOUT = 'DELETE_WORKOUT',
+  DELETE_WORKOUT_COMMENT = 'DELETE_WORKOUT_COMMENT',
   EDIT_WORKOUT = 'EDIT_WORKOUT',
   GET_CALENDAR_WORKOUTS = 'GET_CALENDAR_WORKOUTS',
   GET_USER_WORKOUTS = 'GET_USER_WORKOUTS',
diff --git a/fittrackee_client/src/store/modules/workouts/mutations.ts b/fittrackee_client/src/store/modules/workouts/mutations.ts
index baff22ba6..f155e40ed 100644
--- a/fittrackee_client/src/store/modules/workouts/mutations.ts
+++ b/fittrackee_client/src/store/modules/workouts/mutations.ts
@@ -84,7 +84,7 @@ export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
     state: IWorkoutsState,
     comments: IComment[]
   ) {
-    state.workoutData.comments = state.workoutData.comments.concat(comments)
+    state.workoutData.comments = comments
   },
   [WORKOUTS_STORE.MUTATIONS.ADD_WORKOUT_COMMENT](
     state: IWorkoutsState,
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 5ff107d7d..8d2f96fe8 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -16,8 +16,9 @@ import {
   IWorkoutData,
   IWorkoutPayload,
   IWorkoutForm,
-  TCommentsPayload,
+  ICommentsPayload,
   IComment,
+  ICommentPayload,
 } from '@/types/workouts'
 
 export interface IWorkoutsState {
@@ -71,7 +72,11 @@ export interface IWorkoutsActions {
   ): void
   [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
     context: ActionContext<IWorkoutsState, IRootState>,
-    payload: TCommentsPayload
+    payload: ICommentsPayload
+  ): void
+  [WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: ICommentPayload
   ): void
 }
 
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 8c60cd77e..051727422 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -192,12 +192,21 @@ export interface ICommentForm {
   workoutId: string
 }
 
-export interface IComment extends ICommentForm {
+export interface IComment {
   id: string
+  text: string
+  text_visibility: TPrivacyLevels
+  workout_id: string
 }
 
-export interface TCommentsPayload {
+export interface ICommentsPayload {
   workoutId: string
 
   page: number
 }
+
+export interface ICommentPayload {
+  workoutId: string
+
+  commentId: string
+}
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index e1b9eaaca..dc24c2f62 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -30,7 +30,7 @@
             v-if="!displaySegment && isWorkoutOwner"
             :notes="workoutData.workout.notes"
           />
-          <WorkoutComments :workoutData="workoutData" />
+          <WorkoutComments :workoutData="workoutData" :auth-user="authUser"/>
           <div id="bottom" />
         </div>
         <div v-else>

From a92e8a62f88f95668eab1b372fd6326773950075 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 20 Jan 2023 10:21:15 +0100
Subject: [PATCH 187/238] API - add route to update a comment

+ fix on workout activities
---
 .../federation/activities/activities.py       |  32 ++-
 fittrackee/federation/objects/base_object.py  |  17 +-
 .../objects/{comments.py => comment.py}       |   5 +
 fittrackee/federation/objects/workout.py      |   9 +-
 .../30_8842c351a2d8_init_federation.py        |   1 +
 .../test_federation_activities_activities.py  | 210 +++++++++++++-
 .../test_federation_objects_workout.py        |  75 ++++-
 ...test_federation_objects_workout_comment.py | 148 +++++++++-
 .../workouts/test_workouts_comments_api.py    |  81 ++++++
 .../workouts/test_workouts_comments_models.py |   2 +
 .../workouts/test_workouts_comments_api.py    | 272 ++++++++++++++++++
 .../workouts/test_workouts_comments_models.py |   5 +
 fittrackee/workouts/decorators.py             |  42 +++
 fittrackee/workouts/models.py                 |   8 +-
 fittrackee/workouts/workouts.py               |  74 +++--
 15 files changed, 922 insertions(+), 59 deletions(-)
 rename fittrackee/federation/objects/{comments.py => comment.py} (84%)
 create mode 100644 fittrackee/workouts/decorators.py

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index bcf7fb5c2..f58f501be 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -297,7 +297,37 @@ def update_remote_workout(self, actor: Actor) -> None:
                 f'({e.__class__.__name__}: {e}).'
             )
 
+    def update_remote_workout_comment(self, actor: Actor) -> None:
+        note_data = self.activity['object']
+        comment_to_update = WorkoutComment.query.filter_by(
+            ap_id=note_data['id']
+        ).first()
+        if not comment_to_update:
+            raise ObjectNotFoundException('comment', self.activity_name())
+
+        if comment_to_update.user.actor.id != actor.id:
+            raise ActivityException(
+                f'{self.activity_name()}: activity actor does not '
+                f'match Note actor.'
+            )
+
+        try:
+            comment_to_update.text = note_data['content']
+            comment_to_update.text_visibility = self._get_visibility(
+                note_data, actor
+            )
+            comment_to_update.modification_date = datetime.utcnow()
+            db.session.commit()
+        except Exception as e:
+            raise ActivityException(
+                f'{self.activity_name()}: invalid Note activity '
+                f'({e.__class__.__name__}: {e}).'
+            )
+
     def process_activity(self) -> None:
         actor = self.get_actor()
-        if 'workout' in self.activity['id']:
+        if self.activity["object"]["type"] == "Workout":
             self.update_remote_workout(actor)
+        if self.activity["object"]["type"] == "Note":
+            # Workout comment
+            self.update_remote_workout_comment(actor)
diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index f6016e098..eccf97c2c 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -1,6 +1,6 @@
 from abc import ABC, abstractmethod
 from datetime import datetime
-from typing import TYPE_CHECKING, Dict
+from typing import TYPE_CHECKING, Dict, Union
 
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
@@ -8,6 +8,8 @@
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 
 if TYPE_CHECKING:
+    from fittrackee.workouts.models import Workout, WorkoutComment
+
     from ..enums import ActivityType
     from ..models import Actor
 
@@ -35,7 +37,7 @@ def _init_activity_dict(self) -> Dict:
         activity = {
             '@context': AP_CTX,
             'type': self.type.value,
-            'id': f"{self.activity_id}/activity",
+            'id': f"{self.activity_id}/{self.type.value.lower()}",
             'actor': self.actor.activitypub_id,
             'published': self.published,
             'object': {
@@ -45,6 +47,7 @@ def _init_activity_dict(self) -> Dict:
                 'attributedTo': self.actor.activitypub_id,
             },
         }
+        # TODO: handle mention and private visibility for comment
         if self.visibility == PrivacyLevel.PUBLIC:
             activity['to'] = [PUBLIC_STREAM]
             activity['cc'] = [self.actor.followers_url]
@@ -52,15 +55,21 @@ def _init_activity_dict(self) -> Dict:
             activity['object']['cc'] = [self.actor.followers_url]
         else:
             activity['to'] = [self.actor.followers_url]
-            activity['cc'] = []
+            activity['cc'] = [self.actor.activitypub_id]
             activity['object']['to'] = [self.actor.followers_url]
-            activity['object']['cc'] = []
+            activity['object']['cc'] = [self.actor.activitypub_id]
         return activity
 
     @staticmethod
     def _get_published_date(object_date: datetime) -> str:
         return object_date.strftime(DATE_FORMAT)
 
+    @staticmethod
+    def _get_modification_date(
+        activity_object: Union['Workout', 'WorkoutComment']
+    ) -> str:
+        return activity_object.modification_date.strftime(DATE_FORMAT)
+
     @abstractmethod
     def get_activity(self) -> Dict:
         pass
diff --git a/fittrackee/federation/objects/comments.py b/fittrackee/federation/objects/comment.py
similarity index 84%
rename from fittrackee/federation/objects/comments.py
rename to fittrackee/federation/objects/comment.py
index ecd182739..c8854c055 100644
--- a/fittrackee/federation/objects/comments.py
+++ b/fittrackee/federation/objects/comment.py
@@ -32,4 +32,9 @@ def get_activity(self) -> Dict:
         self.activity_dict['object']['type'] = 'Note'
         self.activity_dict['object']['content'] = self.workout_comment.text
         self.activity_dict['object']['inReplyTo'] = self.workout.ap_id
+        if self.type == ActivityType.UPDATE:
+            self.activity_dict['object'] = {
+                **self.activity_dict['object'],
+                'updated': self._get_modification_date(self.workout_comment),
+            }
         return self.activity_dict
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index 8851a88d1..5b4db81fe 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -40,7 +40,9 @@ def get_activity(self, is_note: bool = False) -> Dict:
         activity = self.activity_dict.copy()
         # for non-FitTrackee instances (like Mastodon)
         if is_note:
-            activity['id'] = f'{self.activity_id}/note/activity'
+            activity[
+                'id'
+            ] = f'{self.activity_id}/note/{self.type.value.lower()}'
             activity['object']['type'] = 'Note'
             activity['object']['content'] = self._get_note_content()
         # for FitTrackee instances
@@ -61,6 +63,11 @@ def get_activity(self, is_note: bool = False) -> Dict:
                     ),
                 },
             }
+        if self.type == ActivityType.UPDATE:
+            activity['object'] = {
+                **activity['object'],
+                'updated': self._get_modification_date(self.workout),
+            }
         return activity
 
 
diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
index a139cb750..3b09bb6a0 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
@@ -269,6 +269,7 @@ def upgrade():
     sa.Column('user_id', sa.Integer(), nullable=False),
     sa.Column('workout_id', sa.Integer(), nullable=False),
     sa.Column('created_at', sa.DateTime(), nullable=True),
+    sa.Column('modification_date', sa.DateTime(), nullable=True),
     sa.Column('text', sa.String(), nullable=False),
     sa.Column('reply_to', sa.Integer(), nullable=True),
     sa.Column('ap_id', sa.Text(), nullable=True),
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 928347d29..066c16531 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -19,6 +19,7 @@
 )
 from fittrackee.federation.tasks.activity import get_activity_instance
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
@@ -1107,6 +1108,7 @@ def test_it_raises_exception_when_activity_is_invalid(
 class WorkoutCommentActivitiesTestCase(RandomMixin):
     def generate_random_object(
         self,
+        activity_type: str,
         remote_actor: Union[RandomActor, Actor],
         workout: Optional[Workout] = None,
         visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
@@ -1141,7 +1143,7 @@ def generate_random_object(
         activity: Dict = {
             "@context": AP_CTX,
             "id": f"{comment_ap_id}/activity",
-            "type": "Create",
+            "type": activity_type,
             "actor": remote_actor.activitypub_id,
             "published": published,
             "to": [remote_actor.followers_url],
@@ -1181,7 +1183,19 @@ def generate_workout_comment_create_activity(
         workout: Optional[Workout] = None,
         visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
     ) -> Dict:
-        return self.generate_random_object(remote_actor, workout, visibility)
+        return self.generate_random_object(
+            "Create", remote_actor, workout, visibility
+        )
+
+    def generate_workout_comment_update_activity(
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        workout: Optional[Workout] = None,
+        visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
+    ) -> Dict:
+        return self.generate_random_object(
+            "Update", remote_actor, workout, visibility
+        )
 
 
 class TestCreateActivityForWorkoutComment(WorkoutCommentActivitiesTestCase):
@@ -1262,3 +1276,195 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         assert remote_comment.remote_url == comment_activity['object']['url']
         assert remote_comment.text == comment_activity['object']['content']
         assert remote_comment.text_visibility == input_visibility
+
+
+class TestUpdateActivityForWorkoutComment(
+    WorkoutCommentMixin, WorkoutCommentActivitiesTestCase
+):
+    def test_it_raises_error_if_remote_workout_comment_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment_activity = self.generate_workout_comment_update_activity(
+            remote_user.actor
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+        with pytest.raises(
+            ObjectNotFoundException,
+            match="comment not found for UpdateActivity",
+        ):
+
+            activity.process_activity()
+
+    def test_it_raises_error_if_workout_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        random_actor: Actor,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment_activity = self.generate_workout_comment_update_activity(
+            random_actor
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+        with pytest.raises(
+            ActorNotFoundException,
+            match="actor not found for UpdateActivity",
+        ):
+
+            activity.process_activity()
+
+    def test_it_raises_error_when_activity_actor_is_not_comment_actor(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        remote_user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        remote_comment.modification_date = datetime.utcnow()
+        comment_activity = {
+            **remote_comment.get_activity("Update"),
+            'actor': remote_user_2.actor.activitypub_id,
+        }
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        with pytest.raises(
+            ActivityException,
+            match=(
+                "UpdateActivity: activity actor does not match Note actor."
+            ),
+        ):
+
+            activity.process_activity()
+
+        assert remote_comment.user == remote_user
+
+    def test_it_updates_remote_workout_comment_text(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        remote_comment.modification_date = datetime.utcnow()
+        comment_activity = remote_comment.get_activity("Update")
+        comment_activity["object"]["content"] = self.random_string()
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        activity.process_activity()
+
+        assert remote_comment.text == comment_activity["object"]["content"]
+
+    def test_it_updates_remote_workout_modification_date(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        remote_comment.modification_date = datetime.utcnow()
+        comment_activity = remote_comment.get_activity("Update")
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        activity.process_activity()
+
+        assert remote_comment.modification_date is not None
+
+    def test_it_updates_remote_workout_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        remote_comment.modification_date = datetime.utcnow()
+        comment_activity = remote_comment.get_activity("Update")
+        comment_activity["to"] = [remote_user.actor.followers_url]
+        comment_activity["cc"] = [remote_user.actor.activitypub_id]
+        comment_activity["object"]["to"] = [remote_user.actor.followers_url]
+        comment_activity["object"]["cc"] = [remote_user.actor.activitypub_id]
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        activity.process_activity()
+
+        assert (
+            remote_comment.text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+
+    def test_it_raises_exception_when_activity_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        remote_comment.modification_date = datetime.utcnow()
+        comment_activity = remote_comment.get_activity("Update")
+        del comment_activity["object"]["content"]
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+        with pytest.raises(
+            ActivityException,
+            match=(
+                "UpdateActivity: invalid Note activity"
+                " \\(KeyError: 'content'\\)."
+            ),
+        ):
+
+            activity.process_activity()
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index fe5220cae..60f35cdaa 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -1,4 +1,5 @@
-from typing import Any
+from datetime import datetime
+from typing import Any, Dict
 
 import pytest
 from flask import Flask
@@ -18,7 +19,17 @@
 from fittrackee.workouts.models import Sport, Workout
 
 
-class TestWorkoutObject(RandomMixin):
+class WorkoutObjectTestCase(RandomMixin):
+    @staticmethod
+    def get_updated(workout: Workout, activity_type: str) -> Dict:
+        return (
+            {'updated': workout.modification_date.strftime(DATE_FORMAT)}
+            if activity_type == 'Update'
+            else {}
+        )
+
+
+class TestWorkoutObject(WorkoutObjectTestCase):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
@@ -65,19 +76,25 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
         workout_cycling_user_1.workout_visibility = (
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
+        workout_cycling_user_1.modification_date = (
+            datetime.utcnow() if input_activity_type == "Update" else None
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
+        updated = self.get_updated(workout_cycling_user_1, input_activity_type)
         workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
 
         serialized_workout = workout.get_activity()
 
         assert serialized_workout == {
             '@context': AP_CTX,
-            'id': f'{workout_cycling_user_1.ap_id}/activity',
+            'id': (
+                f'{workout_cycling_user_1.ap_id}/{input_activity_type.lower()}'
+            ),
             'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
-            'cc': [],
+            'cc': [user_1.actor.activitypub_id],
             'object': {
                 'id': workout_cycling_user_1.ap_id,
                 'type': 'Workout',
@@ -85,7 +102,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
-                'cc': [],
+                'cc': [user_1.actor.activitypub_id],
                 'ave_speed': float(workout_cycling_user_1.ave_speed),
                 'distance': float(workout_cycling_user_1.distance),
                 'duration': str(workout_cycling_user_1.duration),
@@ -96,6 +113,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
                     WORKOUT_DATE_FORMAT
                 ),
+                **updated,
             },
         }
 
@@ -110,14 +128,20 @@ def test_it_generates_create_activity_when_visibility_is_public(
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.modification_date = (
+            datetime.utcnow() if input_activity_type == "Update" else None
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
+        updated = self.get_updated(workout_cycling_user_1, input_activity_type)
         workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
 
         serialized_workout = workout.get_activity()
 
         assert serialized_workout == {
             '@context': AP_CTX,
-            'id': f'{workout_cycling_user_1.ap_id}/activity',
+            'id': (
+                f'{workout_cycling_user_1.ap_id}/{input_activity_type.lower()}'
+            ),
             'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
@@ -141,11 +165,12 @@ def test_it_generates_create_activity_when_visibility_is_public(
                 'workout_date': workout_cycling_user_1.workout_date.strftime(
                     WORKOUT_DATE_FORMAT
                 ),
+                **updated,
             },
         }
 
 
-class TestWorkoutNoteObject(RandomMixin):
+class TestWorkoutNoteObject(WorkoutObjectTestCase):
     @staticmethod
     def expected_workout_note(workout: Workout, expected_url: str) -> str:
         return f"""<p>New workout: <a href="{expected_url}" target="_blank" rel="noopener noreferrer">{workout.title}</a> ({workout.sport.label})
@@ -154,30 +179,39 @@ def expected_workout_note(workout: Workout, expected_url: str) -> str:
 Duration: {workout.duration}</p>
 """
 
+    @pytest.mark.parametrize('input_activity_type', ['Create', 'Update'])
     def test_it_returns_note_activity_when_visibility_is_followers_only(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_activity_type: str,
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = (
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
+        workout_cycling_user_1.modification_date = (
+            datetime.utcnow() if input_activity_type == "Update" else None
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
-        workout = WorkoutObject(workout_cycling_user_1, 'Create')
+        updated = self.get_updated(workout_cycling_user_1, input_activity_type)
+        workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
 
         serialized_workout_note = workout.get_activity(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
-            'id': f'{workout_cycling_user_1.ap_id}/note/activity',
-            'type': 'Create',
+            'id': (
+                f'{workout_cycling_user_1.ap_id}/'
+                f'note/{input_activity_type.lower()}'
+            ),
+            'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
-            'cc': [],
+            'cc': [user_1.actor.activitypub_id],
             'object': {
                 'id': workout_cycling_user_1.ap_id,
                 'type': 'Note',
@@ -188,28 +222,38 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
                     workout_cycling_user_1, workout_cycling_user_1.remote_url
                 ),
                 'to': [user_1.actor.followers_url],
-                'cc': [],
+                'cc': [user_1.actor.activitypub_id],
+                **updated,
             },
         }
 
+    @pytest.mark.parametrize('input_activity_type', ['Create', 'Update'])
     def test_it_returns_note_activity_when_visibility_is_public(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_activity_type: str,
     ) -> None:
         workout_cycling_user_1.title = self.random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.modification_date = (
+            datetime.utcnow() if input_activity_type == "Update" else None
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
-        workout = WorkoutObject(workout_cycling_user_1, 'Create')
+        updated = self.get_updated(workout_cycling_user_1, input_activity_type)
+        workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
 
         serialized_workout_note = workout.get_activity(is_note=True)
 
         assert serialized_workout_note == {
             '@context': AP_CTX,
-            'id': f'{workout_cycling_user_1.ap_id}/note/activity',
-            'type': 'Create',
+            'id': (
+                f'{workout_cycling_user_1.ap_id}/'
+                f'note/{input_activity_type.lower()}'
+            ),
+            'type': input_activity_type,
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': ['https://www.w3.org/ns/activitystreams#Public'],
@@ -225,6 +269,7 @@ def test_it_returns_note_activity_when_visibility_is_public(
                 ),
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
+                **updated,
             },
         }
 
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index 7e917ad8d..dba674cf4 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -1,16 +1,18 @@
+from datetime import datetime
+
 import pytest
 from flask import Flask
 
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
-from fittrackee.federation.objects.comments import WorkoutCommentObject
+from fittrackee.federation.objects.comment import WorkoutCommentObject
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
 
-class TestWorkoutCommentObject(WorkoutCommentMixin):
+class TestWorkoutCommentCreateObject(WorkoutCommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
@@ -74,12 +76,12 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/activity",
+            "id": f"{workout_comment.ap_id}/create",
             "type": "Create",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": [user_2.actor.followers_url],
-            "cc": [],
+            "cc": [user_2.actor.activitypub_id],
             "object": {
                 "id": workout_comment.ap_id,
                 "type": "Note",
@@ -89,7 +91,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 "inReplyTo": workout_cycling_user_1.ap_id,
                 "content": workout_comment.text,
                 "to": [user_2.actor.followers_url],
-                "cc": [],
+                "cc": [user_2.actor.activitypub_id],
             },
         }
 
@@ -115,7 +117,7 @@ def test_it_generates_activity_when_visibility_is_public(
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/activity",
+            "id": f"{workout_comment.ap_id}/create",
             "type": "Create",
             "actor": user_2.actor.activitypub_id,
             "published": published,
@@ -133,3 +135,137 @@ def test_it_generates_activity_when_visibility_is_public(
                 "cc": [user_2.actor.followers_url],
             },
         }
+
+
+class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_raises_error_when_visibility_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2, workout_cycling_user_1, text_visibility=input_visibility
+        )
+        with pytest.raises(
+            InvalidVisibilityException,
+            match=f"object visibility is: '{input_visibility.value}'",
+        ):
+            WorkoutCommentObject(workout_comment, 'Update')
+
+    def test_it_raises_error_when_activity_type_is_invalid(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
+        )
+        invalid_activity_type = self.random_string()
+        with pytest.raises(
+            ValueError,
+            match=f"'{invalid_activity_type}' is not a valid ActivityType",
+        ):
+            WorkoutCommentObject(workout_comment, invalid_activity_type)
+
+    def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        workout_comment.modification_date = datetime.utcnow()
+        published = workout_comment.created_at.strftime(DATE_FORMAT)
+        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+
+        serialized_comment = comment_object.get_activity()
+
+        assert serialized_comment == {
+            "@context": AP_CTX,
+            "id": f"{workout_comment.ap_id}/update",
+            "type": "Update",
+            "actor": user_2.actor.activitypub_id,
+            "published": published,
+            "to": [user_2.actor.followers_url],
+            "cc": [user_2.actor.activitypub_id],
+            "object": {
+                "id": workout_comment.ap_id,
+                "type": "Note",
+                "published": published,
+                "url": workout_comment.remote_url,
+                "attributedTo": user_2.actor.activitypub_id,
+                "inReplyTo": workout_cycling_user_1.ap_id,
+                "content": workout_comment.text,
+                "to": [user_2.actor.followers_url],
+                "cc": [user_2.actor.activitypub_id],
+                "updated": workout_comment.modification_date.strftime(
+                    DATE_FORMAT
+                ),
+            },
+        }
+
+    def test_it_generates_activity_when_visibility_is_public(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        workout_comment.modification_date = datetime.utcnow()
+        published = workout_comment.created_at.strftime(DATE_FORMAT)
+        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+
+        serialized_comment = comment_object.get_activity()
+
+        assert serialized_comment == {
+            "@context": AP_CTX,
+            "id": f"{workout_comment.ap_id}/update",
+            "type": "Update",
+            "actor": user_2.actor.activitypub_id,
+            "published": published,
+            "to": ["https://www.w3.org/ns/activitystreams#Public"],
+            "cc": [user_2.actor.followers_url],
+            "object": {
+                "id": workout_comment.ap_id,
+                "type": "Note",
+                "published": published,
+                "url": workout_comment.remote_url,
+                "attributedTo": user_2.actor.activitypub_id,
+                "inReplyTo": workout_cycling_user_1.ap_id,
+                "content": workout_comment.text,
+                "to": ["https://www.w3.org/ns/activitystreams#Public"],
+                "cc": [user_2.actor.followers_url],
+                "updated": workout_comment.modification_date.strftime(
+                    DATE_FORMAT
+                ),
+            },
+        }
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index dd656e23a..28bca4ddd 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -966,3 +966,84 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             activity=note_activity,
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
+
+
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+class TestPatchWorkoutComment(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_does_not_call_sent_to_inbox_when_comment_is_local(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=self.random_string())),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    @pytest.mark.parametrize(
+        'text_visibility',
+        [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
+    )
+    def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_instance(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+        text_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(remote_user)
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=self.random_string())),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        update_comment_activity = comment.get_activity(activity_type='Update')
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=update_comment_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index 341622151..a9df8000b 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -102,6 +102,7 @@ def test_it_serializes_owner_comment(
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
         }
 
 
@@ -179,6 +180,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
         }
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index 32da48e6d..4b6ca92cc 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -1541,3 +1541,275 @@ def test_expected_scopes_are_defined(
         )
 
         self.assert_response_scope(response, can_access)
+
+
+class TestPatchWorkoutComment(
+    ApiTestCaseMixin, BaseTestMixin, WorkoutCommentMixin
+):
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client = app.test_client()
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_404_if_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+    ) -> None:
+        workout_short_id = self.random_short_id()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_short_id}"
+            f"/comments/{self.random_short_id()}",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_short_id})",
+        )
+
+    def test_it_returns_404_if_comment_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment_short_id = self.random_short_id()
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment_short_id}",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {comment_short_id})",
+        )
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_returns_404_if_comment_is_not_visible_to_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=input_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {comment.short_id})",
+        )
+
+    def test_it_returns_403_if_user_is_not_comment_owner(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_403(response)
+
+    def test_it_returns_400_when_text_is_missing(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps({}),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(response)
+
+    def test_it_updates_workout_comment_text(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        updated_text = self.random_string()
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=updated_text)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        assert comment.text == updated_text
+        assert comment.text_visibility == PrivacyLevel.PUBLIC
+        assert comment.modification_date is not None
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index ce0a25851..8cb4a05fa 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -35,6 +35,7 @@ def test_comment_model(
         assert comment.workout_id == workout_cycling_user_1.id
         assert comment.text == text
         assert comment.created_at == created_at
+        assert comment.modification_date is None
 
     def test_created_date_is_initialized_on_creation_when_not_provided(
         self,
@@ -220,6 +221,7 @@ def test_it_serializes_owner_comment(
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
         }
 
 
@@ -293,6 +295,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
         }
 
 
@@ -344,6 +347,7 @@ def test_it_serializes_comment_when_comment_is_public(
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
         }
 
 
@@ -395,4 +399,5 @@ def test_it_serializes_comment_when_comment_is_public(
             'text': comment.text,
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
         }
diff --git a/fittrackee/workouts/decorators.py b/fittrackee/workouts/decorators.py
new file mode 100644
index 000000000..5f18d1735
--- /dev/null
+++ b/fittrackee/workouts/decorators.py
@@ -0,0 +1,42 @@
+from functools import wraps
+from typing import Any, Callable
+
+from fittrackee.responses import ForbiddenErrorResponse, NotFoundErrorResponse
+from fittrackee.utils import decode_short_id
+from fittrackee.workouts.models import Workout, WorkoutComment
+
+from .utils.comment_visibility import can_view_workout_comment
+
+
+def check_workout_comment(f: Callable) -> Callable:
+    @wraps(f)
+    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
+        auth_user = args[0]
+        workout_short_id = kwargs["workout_short_id"]
+        comment_short_id = kwargs["comment_short_id"]
+        workout_uuid = decode_short_id(workout_short_id)
+        workout = Workout.query.filter_by(uuid=workout_uuid).first()
+        if not workout:
+            return NotFoundErrorResponse(
+                f"workout not found (id: {workout_short_id})"
+            )
+
+        workout_comment_uuid = decode_short_id(comment_short_id)
+        workout_comment = WorkoutComment.query.filter_by(
+            uuid=workout_comment_uuid
+        ).first()
+        if not workout_comment:
+            return NotFoundErrorResponse(
+                f"workout comment not found (id: {comment_short_id})"
+            )
+
+        if not can_view_workout_comment(workout_comment, auth_user):
+            return NotFoundErrorResponse(
+                f"workout comment not found (id: {comment_short_id})"
+            )
+
+        if auth_user.id != workout_comment.user.id:
+            return ForbiddenErrorResponse()
+        return f(auth_user, workout_comment)
+
+    return decorated_function
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 9b58f0f36..0df74b611 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -15,7 +15,7 @@
 from fittrackee import BaseModel, appLog, db
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.decorators import federation_required
-from fittrackee.federation.objects.comments import WorkoutCommentObject
+from fittrackee.federation.objects.comment import WorkoutCommentObject
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
@@ -657,6 +657,7 @@ class WorkoutComment(BaseModel):
         db.Integer, db.ForeignKey('workouts.id'), nullable=False
     )
     created_at = db.Column(db.DateTime, default=datetime.datetime.utcnow)
+    modification_date = db.Column(db.DateTime, nullable=True)
     text = db.Column(db.String(), nullable=False)
     text_visibility = db.Column(
         Enum(PrivacyLevel, name='privacy_levels'),
@@ -738,11 +739,11 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
             'text': self.text,
             'text_visibility': self.text_visibility,
             'created_at': self.created_at,
+            'modification_date': self.modification_date,
         }
 
     def get_activity(self, activity_type: str) -> Dict:
-        # TODO: Update
-        if activity_type == 'Create':
+        if activity_type in ['Create', 'Update']:
             return WorkoutCommentObject(
                 self, activity_type=activity_type
             ).get_activity()
@@ -750,5 +751,4 @@ def get_activity(self, activity_type: str) -> Dict:
             tombstone_object = TombstoneObject(self)
             delete_activity = tombstone_object.get_activity()
             return delete_activity
-        # TODO: Update
         return {}
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index ce53e93b6..677a7142f 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -2,7 +2,7 @@
 import os
 import shutil
 from copy import copy
-from datetime import timedelta
+from datetime import datetime, timedelta
 from typing import Dict, List, Optional, Tuple, Union
 
 import requests
@@ -39,6 +39,7 @@
 from fittrackee.users.utils.following import get_following
 from fittrackee.utils import decode_short_id
 
+from .decorators import check_workout_comment
 from .models import Workout, WorkoutComment
 from .utils.comment_visibility import can_view_workout_comment
 from .utils.convert import convert_in_duration
@@ -1738,34 +1739,11 @@ def get_workout_comments(
     methods=["DELETE"],
 )
 @require_auth(scopes=['workouts:write'])
+@check_workout_comment
 def delete_workout_comment(
-    auth_user: User, workout_short_id: str, comment_short_id: str
+    auth_user: User, workout_comment: WorkoutComment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     try:
-        workout_uuid = decode_short_id(workout_short_id)
-        workout = Workout.query.filter_by(uuid=workout_uuid).first()
-        if not workout:
-            return NotFoundErrorResponse(
-                f"workout not found (id: {workout_short_id})"
-            )
-
-        workout_comment_uuid = decode_short_id(comment_short_id)
-        workout_comment = WorkoutComment.query.filter_by(
-            uuid=workout_comment_uuid
-        ).first()
-        if not workout_comment:
-            return NotFoundErrorResponse(
-                f"workout comment not found (id: {comment_short_id})"
-            )
-
-        if not can_view_workout_comment(workout_comment, auth_user):
-            return NotFoundErrorResponse(
-                f"workout comment not found (id: {comment_short_id})"
-            )
-
-        if auth_user.id != workout_comment.user.id:
-            return ForbiddenErrorResponse()
-
         if sending_activities_allowed(workout_comment.text_visibility):
             note_activity = workout_comment.get_activity(
                 activity_type='Delete'
@@ -1788,3 +1766,47 @@ def delete_workout_comment(
         OSError,
     ) as e:
         return handle_error_and_return_response(e, db=db)
+
+
+@workouts_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
+    methods=['PATCH'],
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout_comment
+def update_workout_comment(
+    auth_user: User, workout_comment: WorkoutComment
+) -> Union[Dict, HttpResponse]:
+    comment_data = request.get_json()
+    if not comment_data or not comment_data.get('text'):
+        return InvalidPayloadErrorResponse()
+
+    try:
+        workout_comment.text = comment_data.get('text')
+        workout_comment.modification_date = datetime.utcnow()
+        db.session.commit()
+
+        if current_app.config[
+            'federation_enabled'
+        ] and workout_comment.text_visibility in (
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        ):
+            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            if recipients:
+                note_activity = workout_comment.get_activity(
+                    activity_type='Update'
+                )
+                send_to_remote_inbox.send(
+                    sender_id=auth_user.actor.id,
+                    activity=note_activity,
+                    recipients=recipients,
+                )
+
+        return {
+            'status': 'success',
+            'comment': workout_comment.serialize(auth_user),
+        }
+
+    except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
+        return handle_error_and_return_response(e)

From e791946be86a8732aaf57059037363987a698183 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 20 Jan 2023 10:29:35 +0100
Subject: [PATCH 188/238] Client - update a comment

---
 .../src/components/Common/CustomTextArea.vue  |  2 +-
 ...dComment.vue => WorkoutCommentEdition.vue} | 38 +++++++++++------
 .../Workout/WorkoutDetail/WorkoutComments.vue | 41 ++++++++++++++++---
 fittrackee_client/src/locales/en/common.json  |  1 +
 fittrackee_client/src/locales/fr/common.json  |  1 +
 .../src/store/modules/workouts/actions.ts     | 25 ++++++++++-
 .../src/store/modules/workouts/enums.ts       |  2 +
 .../src/store/modules/workouts/mutations.ts   | 11 +++++
 .../src/store/modules/workouts/types.ts       |  8 ++++
 fittrackee_client/src/types/workouts.ts       | 16 +++++---
 10 files changed, 118 insertions(+), 27 deletions(-)
 rename fittrackee_client/src/components/Workout/WorkoutDetail/{WorkoutAddComment.vue => WorkoutCommentEdition.vue} (73%)

diff --git a/fittrackee_client/src/components/Common/CustomTextArea.vue b/fittrackee_client/src/components/Common/CustomTextArea.vue
index f7debf821..4a7d5f9d9 100644
--- a/fittrackee_client/src/components/Common/CustomTextArea.vue
+++ b/fittrackee_client/src/components/Common/CustomTextArea.vue
@@ -37,7 +37,7 @@
 
   const emit = defineEmits(['updateValue'])
 
-  const text = ref('')
+  const text = ref(props.input)
 
   function updateText(event: Event & { target: HTMLInputElement }) {
     emit('updateValue', event.target.value)
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
similarity index 73%
rename from fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
rename to fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
index 0e34f6cc8..cbadb29ef 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutAddComment.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
@@ -14,7 +14,7 @@
         </div>
       </div>
       <div class="form-select-buttons">
-        <div class="form-item text-visibility">
+        <div class="form-item text-visibility" v-if="!comment">
           <label> {{ $t('privacy.VISIBILITY') }}: </label>
           <select
             id="text_visibility"
@@ -55,27 +55,30 @@
   import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
   import { TAppConfig } from "@/types/application"
   import { TPrivacyLevels } from "@/types/user";
-  import { ICommentForm, IWorkout } from "@/types/workouts"
+  import { IComment, ICommentForm, IWorkout } from "@/types/workouts"
   import { useStore } from "@/use/useStore"
   import { getPrivacyLevels, getPrivacyLevelForLabel } from "@/utils/privacy"
 
   interface Props {
     workout: IWorkout
+    comment?: IComment
   }
 
   const props = defineProps<Props>()
-  const { workout }  = toRefs(props)
+  const { workout, comment }  = toRefs(props)
 
   const store = useStore()
 
+  const emit = defineEmits(['closeEdition'])
+
   const appConfig: ComputedRef<TAppConfig> = computed(
     () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
   )
   const privacyLevels = computed(() =>
     getPrivacyLevels(appConfig.value.federation_enabled)
   )
-  const commentText: Ref<string> = ref('')
-  const commentTextVisibility: Ref<TPrivacyLevels> = ref(workout.value.workout_visibility)
+  const commentText: Ref<string> = ref(comment?.value ? comment.value.text : '')
+  const commentTextVisibility: Ref<TPrivacyLevels> = ref(comment?.value ? comment.value.text_visibility : workout.value.workout_visibility)
   const errorMessages: ComputedRef<string | string[] | null> = computed(
       () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
   )
@@ -85,15 +88,26 @@
   }
   function onCancel() {
     updateText('')
+    emit('closeEdition')
   }
   function submitComment() {
-    const payload: ICommentForm = {
-      text: commentText.value,
-      textVisibility: commentTextVisibility.value,
-      workoutId: workout.value.id,
+    if (comment?.value && comment.value.id) {
+      const payload: ICommentForm = {
+        id: comment.value.id,
+        text: commentText.value,
+        workout_id: workout.value.id,
+      }
+      store.dispatch(WORKOUTS_STORE.ACTIONS.EDIT_WORKOUT_COMMENT, payload)
+      emit('closeEdition')
+    } else {
+      const payload: ICommentForm = {
+        text: commentText.value,
+        text_visibility: commentTextVisibility.value,
+        workout_id: workout.value.id,
+      }
+      store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_COMMENT, payload)
+      updateText('')
     }
-    store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_COMMENT, payload)
-    updateText('')
   }
 </script>
 
@@ -101,7 +115,7 @@
   @import '~@/scss/vars.scss';
 
   .add-comment {
-    margin-top: $default-margin * 2;
+    margin: $default-margin * 2 0;
     .comment {
       padding: $default-padding 0;
     }
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index 5a3887ef6..fe4403746 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -40,7 +40,24 @@
                   })
                 }}
               </div>
+              <div
+                class="comment-edited"
+                v-if="comment.modification_date"
+                :title="formatDate(
+                  comment.modification_date,
+                  displayOptions.timezone,
+                  displayOptions.dateFormat
+                )"
+              >
+                ({{ $t('common.EDITED') }})
+              </div>
               <VisibilityIcon :visibility="comment.text_visibility" />
+              <i
+                class="fa fa-edit"
+                v-if="isCommentOwner(authUser, comment.user)"
+                aria-hidden="true"
+                @click="() => commentToEdit = comment"
+              />
               <i
                 class="fa fa-trash"
                 v-if="isCommentOwner(authUser, comment.user)"
@@ -48,13 +65,22 @@
                 @click="() => commentToDelete = comment"
               />
             </div>
-            <span class="comment-text" v-html="linkifyAndClean(comment.text)"/>
+            <span
+              v-if="commentToEdit !== comment"
+              class="comment-text"
+              v-html="linkifyAndClean(comment.text)"
+            />
+            <WorkoutCommentEdition
+              v-else :workout="workoutData.workout"
+              :comment="comment"
+              @closeEdition="() => commentToEdit = null"
+            />
           </div>
         </div>
         <div class="no-comments" v-if="workoutData.comments.length === 0">
           {{ $t('workouts.COMMENTS.NO_COMMENTS')}}
         </div>
-        <WorkoutAddComment :workout="workoutData.workout" />
+        <WorkoutCommentEdition :workout="workoutData.workout" />
       </template>
     </Card>
   </div>
@@ -66,7 +92,7 @@
 
   import Username from '@/components/User/Username.vue'
   import UserPicture from '@/components/User/UserPicture.vue'
-  import WorkoutAddComment from "@/components/Workout/WorkoutDetail/WorkoutAddComment.vue"
+  import WorkoutCommentEdition from "@/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue"
   import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
   import { IDisplayOptions } from "@/types/application"
   import { IAuthUserProfile, IUserProfile } from "@/types/user"
@@ -94,6 +120,7 @@
     () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
   )
   const commentToDelete: Ref<IComment | null> = ref(null)
+  const commentToEdit: Ref<IComment | null> = ref(null)
 
   function isCommentOwner(authUser: IAuthUserProfile | null, commentUser: IUserProfile) {
     return authUser && getUserName(authUser) === getUserName(commentUser)
@@ -119,6 +146,7 @@
   @import '~@/scss/vars.scss';
 
   .workout-comments {
+    padding-bottom: $default-padding * 2;
     .workout-comment {
       display: flex;
       ::v-deep(.user-picture) {
@@ -148,7 +176,7 @@
           .spacer {
             flex-grow: 3;
           }
-          .comment-date, .user-remote-fullname {
+          .comment-date, .user-remote-fullname, .comment-edited {
             font-size: 0.85em;
             font-style: italic;
             white-space: nowrap;
@@ -156,7 +184,9 @@
           .fa-trash {
             padding-bottom: 3px;
           }
-
+          .fa-edit {
+            padding-bottom: 2px;
+          }
           ::v-deep(.fa-users) {
             font-size: .8em;
           }
@@ -168,7 +198,6 @@
         }
       }
     }
-
     .no-comments {
       font-style: italic;
     }
diff --git a/fittrackee_client/src/locales/en/common.json b/fittrackee_client/src/locales/en/common.json
index cabb3ffef..358040b5d 100644
--- a/fittrackee_client/src/locales/en/common.json
+++ b/fittrackee_client/src/locales/en/common.json
@@ -5,6 +5,7 @@
     "DAY": "day | days",
     "DISPLAYED": "Displayed",
     "DOCUMENTATION": "documentation",
+    "EDITED": "edited",
     "HERE": "here",
     "HIDDEN": "Hidden",
     "HOME": "Home",
diff --git a/fittrackee_client/src/locales/fr/common.json b/fittrackee_client/src/locales/fr/common.json
index b60ec9d11..fb9329aca 100644
--- a/fittrackee_client/src/locales/fr/common.json
+++ b/fittrackee_client/src/locales/fr/common.json
@@ -5,6 +5,7 @@
     "DAY": "jour | jours",
     "DISPLAYED": "Affiché",
     "DOCUMENTATION": "documentation (en)",
+    "EDITED": "édité",
     "HERE": "ici",
     "HIDDEN": "Masqué",
     "HOME": "Accueil",
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 66257deca..a865e012d 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -253,9 +253,9 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     authApi
-      .post(`/workouts/${payload.workoutId}/comments`, {
+      .post(`/workouts/${payload.workout_id}/comments`, {
         text: payload.text,
-        text_visibility: payload.textVisibility,
+        text_visibility: payload.text_visibility,
       })
       .then((res) => {
         if (res.data.status === 'created') {
@@ -315,4 +315,25 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
         handleError(context, error)
       })
   },
+  [WORKOUTS_STORE.ACTIONS.EDIT_WORKOUT_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: ICommentForm
+  ): void {
+    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    authApi
+      .patch(`workouts/${payload.workout_id}/comments/${payload.id}`, {
+        text: payload.text,
+      })
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.commit(
+            WORKOUTS_STORE.MUTATIONS.UPDATE_WORKOUT_COMMENT,
+            res.data.comment
+          )
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/enums.ts b/fittrackee_client/src/store/modules/workouts/enums.ts
index b293413e6..c65721bc9 100644
--- a/fittrackee_client/src/store/modules/workouts/enums.ts
+++ b/fittrackee_client/src/store/modules/workouts/enums.ts
@@ -5,6 +5,7 @@ export enum WorkoutsActions {
   DELETE_WORKOUT = 'DELETE_WORKOUT',
   DELETE_WORKOUT_COMMENT = 'DELETE_WORKOUT_COMMENT',
   EDIT_WORKOUT = 'EDIT_WORKOUT',
+  EDIT_WORKOUT_COMMENT = 'EDIT_WORKOUT_COMMENT',
   GET_CALENDAR_WORKOUTS = 'GET_CALENDAR_WORKOUTS',
   GET_USER_WORKOUTS = 'GET_USER_WORKOUTS',
   GET_TIMELINE_WORKOUTS = 'GET_TIMELINE_WORKOUTS',
@@ -36,4 +37,5 @@ export enum WorkoutsMutations {
   SET_WORKOUTS_PAGINATION = 'SET_WORKOUTS_PAGINATION',
   ADD_WORKOUT_COMMENT = 'ADD_WORKOUT_COMMENT',
   SET_WORKOUT_COMMENTS = 'SET_WORKOUT_COMMENTS',
+  UPDATE_WORKOUT_COMMENT = 'UPDATE_WORKOUT_COMMENT',
 }
diff --git a/fittrackee_client/src/store/modules/workouts/mutations.ts b/fittrackee_client/src/store/modules/workouts/mutations.ts
index f155e40ed..0a421401d 100644
--- a/fittrackee_client/src/store/modules/workouts/mutations.ts
+++ b/fittrackee_client/src/store/modules/workouts/mutations.ts
@@ -92,4 +92,15 @@ export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
   ) {
     state.workoutData.comments.push(comment)
   },
+  [WORKOUTS_STORE.MUTATIONS.UPDATE_WORKOUT_COMMENT](
+    state: IWorkoutsState,
+    comment: IComment
+  ) {
+    state.workoutData.comments = state.workoutData.comments.map((c) => {
+      if (c.id === comment.id) {
+        return comment
+      }
+      return c
+    })
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 8d2f96fe8..368917ad8 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -78,6 +78,10 @@ export interface IWorkoutsActions {
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: ICommentPayload
   ): void
+  [WORKOUTS_STORE.ACTIONS.EDIT_WORKOUT_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    payload: ICommentForm
+  ): void
 }
 
 export interface IWorkoutsGetters {
@@ -132,6 +136,10 @@ export type TWorkoutsMutations<S = IWorkoutsState> = {
     state: S,
     comment: IComment
   ): void
+  [WORKOUTS_STORE.MUTATIONS.UPDATE_WORKOUT_COMMENT](
+    state: S,
+    comment: IComment
+  ): void
 }
 
 export type TWorkoutsStoreModule<S = IWorkoutsState> = Omit<
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 051727422..8c4c52979 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -186,16 +186,20 @@ export interface IWorkoutChartData {
   coordinates: TCoordinates[]
 }
 
-export interface ICommentForm {
-  text: string
-  textVisibility: TPrivacyLevels
-  workoutId: string
-}
-
 export interface IComment {
+  created_at: string
   id: string
+  modification_date: string | null
   text: string
   text_visibility: TPrivacyLevels
+  user: IUserProfile
+  workout_id: string
+}
+
+export interface ICommentForm {
+  id?: string
+  text: string
+  text_visibility?: TPrivacyLevels
   workout_id: string
 }
 

From c25551c2543e2c3d73f590e3acff2f966c38f69b Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 20 Jan 2023 10:32:39 +0100
Subject: [PATCH 189/238] API - fix migration

---
 ...federation.py => 30_8842c351a2d8_init_social_features.py} | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename fittrackee/migrations/versions/{30_8842c351a2d8_init_federation.py => 30_8842c351a2d8_init_social_features.py} (99%)

diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
similarity index 99%
rename from fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
rename to fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index 3b09bb6a0..831000420 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -1,4 +1,4 @@
-"""init federation with ActivityPub Actor
+"""init social features
 
 Revision ID: 8842c351a2d8
 Revises: 4e8597c50064
@@ -263,6 +263,7 @@ def upgrade():
     op.alter_column('workouts', 'workout_visibility', nullable=False)
     op.alter_column('workouts', 'map_visibility', nullable=False)
 
+    privacy_levels.create(op.get_bind())
     op.create_table('workout_comments',
     sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
     sa.Column('uuid', UUID(as_uuid=True), nullable=False),
@@ -285,7 +286,7 @@ def upgrade():
             'text_visibility',
             privacy_levels,
             server_default='PRIVATE',
-            nullable=True
+            nullable=False
         )
     )
     with op.batch_alter_table('workout_comments', schema=None) as batch_op:

From 2e9a7eb60c72adde808ba920f3c976f119918c05 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 20 Jan 2023 10:53:24 +0100
Subject: [PATCH 190/238] API - refacto workouts and comments routes

---
 fittrackee/privacy_levels.py                  |  38 ++++
 .../test_federation_activities_activities.py  |   9 +-
 .../test_federation_objects_workout.py        |   2 +-
 .../tests/federation/users/test_users_api.py  |   4 +-
 .../workouts/test_workouts_models.py          |  27 ++-
 .../test_workouts_utils_visibility.py         |  68 +++---
 .../test_workouts_api_0_get_workout.py        |   2 +-
 .../tests/workouts/test_workouts_model.py     | 208 ++++++++++++++----
 .../test_workouts_utils_visibility.py         | 123 ++++-------
 fittrackee/tests/workouts/utils.py            |   5 +
 fittrackee/workouts/decorators.py             | 108 ++++++---
 fittrackee/workouts/models.py                 |  62 ++----
 fittrackee/workouts/timeline.py               |   6 +-
 .../workouts/utils/comment_visibility.py      |  38 ----
 fittrackee/workouts/utils/visibility.py       |  69 ------
 fittrackee/workouts/workouts.py               | 124 +++--------
 16 files changed, 434 insertions(+), 459 deletions(-)
 delete mode 100644 fittrackee/workouts/utils/comment_visibility.py
 delete mode 100644 fittrackee/workouts/utils/visibility.py

diff --git a/fittrackee/privacy_levels.py b/fittrackee/privacy_levels.py
index a40fa76ec..e28ef3c4b 100644
--- a/fittrackee/privacy_levels.py
+++ b/fittrackee/privacy_levels.py
@@ -1,4 +1,9 @@
 from enum import Enum
+from typing import TYPE_CHECKING, Optional, Union
+
+if TYPE_CHECKING:
+    from fittrackee.users.models import User
+    from fittrackee.workouts.models import Workout, WorkoutComment
 
 
 class PrivacyLevel(str, Enum):  # to make enum serializable
@@ -26,3 +31,36 @@ def get_map_visibility(
     ):
         return workout_visibility
     return map_visibility
+
+
+def can_view(
+    target_object: Union['Workout', 'WorkoutComment'],
+    visibility: str,
+    user: Optional['User'] = None,
+) -> bool:
+    # TODO: handle mentions and private visibility for comments
+    if (
+        target_object.__getattribute__(visibility) == PrivacyLevel.PUBLIC
+        or user == target_object.user
+    ):
+        return True
+
+    if not user:
+        return False
+
+    if (
+        target_object.__getattribute__(visibility) == PrivacyLevel.FOLLOWERS
+        and user in target_object.user.followers
+        and user.is_remote is False
+        and target_object.user.is_remote is False
+    ):
+        return True
+
+    if (
+        target_object.__getattribute__(visibility)
+        == PrivacyLevel.FOLLOWERS_AND_REMOTE
+        and user in target_object.user.followers
+    ):
+        return True
+
+    return False
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 066c16531..ca1c1b35a 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -780,7 +780,7 @@ def test_serializer_returns_remote_url(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
         ).first()
         assert (
-            remote_workout.serialize('remote_follower')['remote_url']
+            remote_workout.serialize(remote_user)['remote_url']
             == remote_workout.remote_url
         )
 
@@ -949,10 +949,7 @@ def test_it_raises_error_when_activity_actor_is_not_workout_actor(
         activity = get_activity_instance({'type': update_activity['type']})(
             activity_dict=update_activity
         )
-        serialize_workout = remote_cycling_workout.serialize(
-            user_status='owner'
-        )
-
+        serialize_workout = remote_cycling_workout.serialize(remote_user)
         with pytest.raises(
             ActivityException,
             match=(
@@ -963,7 +960,7 @@ def test_it_raises_error_when_activity_actor_is_not_workout_actor(
             activity.process_activity()
 
         workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
-        assert workout.serialize('owner') == serialize_workout
+        assert workout.serialize(remote_user) == serialize_workout
 
     @pytest.mark.parametrize(
         "input_key, input_new_value",
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index 60f35cdaa..48f612e4b 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -311,7 +311,7 @@ def test_it_raises_exception_if_duration_is_invalid(
 class TestWorkoutConvertWorkoutActivity(RandomMixin):
     def test_it_convert_workout_data_from_activity(
         self,
-        app: Flask,
+        app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index daa79d48f..67201e9dc 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -47,7 +47,7 @@ def test_it_gets_users_list(
     )
     def test_it_returns_empty_users_list_filtering_on_username(
         self,
-        app: Flask,
+        app_with_federation: Flask,
         user_1_admin: User,
         user_2: User,
         user_3: User,
@@ -55,7 +55,7 @@ def test_it_returns_empty_users_list_filtering_on_username(
         input_username: str,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1_admin.email
+            app_with_federation, user_1_admin.email
         )
 
         response = client.get(
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index c40bdd12e..f95cb1d95 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -4,6 +4,7 @@
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.test_workouts_model import WorkoutModelTestCase
+from fittrackee.tests.workouts.utils import add_follower
 from fittrackee.users.models import User
 from fittrackee.workouts.exceptions import WorkoutForbiddenException
 from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
@@ -14,31 +15,33 @@
 
 
 class TestWorkoutModelAsRemoteFollower(WorkoutModelTestCase):
-    user_status = 'remote_follower'
-
     def test_it_raises_exception_when_workout_visibility_is_private(
         self,
-        app: Flask,
+        app_with_federation: Flask,
         sport_1_cycling: Sport,
         user_1: User,
         workout_cycling_user_1: Workout,
+        remote_user: User,
     ) -> None:
+        add_follower(user_1, remote_user)
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PRIVATE
 
         with pytest.raises(WorkoutForbiddenException):
-            workout_cycling_user_1.serialize(user_status=self.user_status)
+            workout_cycling_user_1.serialize(remote_user)
 
     def test_it_raises_exception_when_workout_visibility_is_local_follower_only(  # noqa
         self,
-        app: Flask,
+        app_with_federation: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        remote_user: User,
         workout_cycling_user_1: Workout,
     ) -> None:
+        add_follower(user_1, remote_user)
         workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
 
         with pytest.raises(WorkoutForbiddenException):
-            workout_cycling_user_1.serialize(user_status=self.user_status)
+            workout_cycling_user_1.serialize(remote_user)
 
     @pytest.mark.parametrize(
         'input_map_visibility,input_workout_visibility',
@@ -61,19 +64,21 @@ def test_serializer_returns_map_related_data(
         self,
         input_map_visibility: PrivacyLevel,
         input_workout_visibility: PrivacyLevel,
-        app: Flask,
+        app_with_federation: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        remote_user: User,
         workout_cycling_user_1: Workout,
         workout_cycling_user_1_segment: WorkoutSegment,
     ) -> None:
+        add_follower(user_1, remote_user)
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
         workout = self.update_workout(
             workout_cycling_user_1, map_id=random_string()
         )
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(remote_user)
 
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
@@ -104,17 +109,19 @@ def test_serializer_does_not_return_map_related_data(
         self,
         input_map_visibility: PrivacyLevel,
         input_workout_visibility: PrivacyLevel,
-        app: Flask,
+        app_with_federation: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        remote_user: User,
         workout_cycling_user_1: Workout,
         workout_cycling_user_1_segment: WorkoutSegment,
     ) -> None:
+        add_follower(user_1, remote_user)
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
         workout = self.update_workout(workout_cycling_user_1)
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(remote_user)
 
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
diff --git a/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py
index ee88b044e..64a2836ef 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_utils_visibility.py
@@ -1,10 +1,9 @@
 import pytest
 from flask import Flask
 
-from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.privacy_levels import PrivacyLevel, can_view
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
-from fittrackee.workouts.utils.visibility import can_view_workout
 
 
 class TestFederationCanViewWorkout:
@@ -19,9 +18,10 @@ def test_workout_owner_can_view_his_workout(
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
-        assert can_view_workout(
-            workout_cycling_user_1, 'workout_visibility', user_1
-        ) == (True, 'owner')
+        assert (
+            can_view(workout_cycling_user_1, 'workout_visibility', user_1)
+            is True
+        )
 
     @pytest.mark.parametrize(
         'input_workout_visibility',
@@ -43,9 +43,10 @@ def test_remote_follower_can_not_view_workout_when_visibility_does_not_allow_it(
         remote_user.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = input_workout_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (False, 'remote_follower')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is False
+        )
 
     @pytest.mark.parametrize(
         'input_workout_visibility',
@@ -67,9 +68,10 @@ def test_remote_follower_can_view_workout_when_visibility_allows_it(
         remote_user.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = input_workout_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (True, 'remote_follower')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is True
+        )
 
     def test_local_follower_can_view_workout_when_follower_and_remote_only(
         self,
@@ -85,9 +87,10 @@ def test_local_follower_can_view_workout_when_follower_and_remote_only(
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (True, 'follower')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is True
+        )
 
     def test_another_user_can_not_view_workout_when_follower_and_remote_only(
         self,
@@ -101,9 +104,10 @@ def test_another_user_can_not_view_workout_when_follower_and_remote_only(
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (False, 'other')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is False
+        )
 
 
 class TestFederationCanViewWorkoutMap:
@@ -118,9 +122,9 @@ def test_workout_owner_can_view_his_workout_map(
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
-        assert can_view_workout(
-            workout_cycling_user_1, 'map_visibility', user_1
-        ) == (True, 'owner')
+        assert (
+            can_view(workout_cycling_user_1, 'map_visibility', user_1) is True
+        )
 
     @pytest.mark.parametrize(
         'input_map_visibility',
@@ -143,9 +147,9 @@ def test_remote_follower_can_not_view_workout_map_when_visibility_does_not_allow
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_2.map_visibility = input_map_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (False, 'remote_follower')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is False
+        )
 
     @pytest.mark.parametrize(
         'input_map_visibility',
@@ -168,9 +172,9 @@ def test_remote_follower_can_view_workout_map_when_visibility_allows_it(
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_2.map_visibility = input_map_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (True, 'remote_follower')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is True
+        )
 
     def test_local_follower_can_not_view_workout_map_when_follower_and_remote_only(  # noqa
         self,
@@ -187,9 +191,9 @@ def test_local_follower_can_not_view_workout_map_when_follower_and_remote_only(
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (True, 'follower')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is True
+        )
 
     def test_another_user_can_not_view_workout_map_when_follower_and_remote_only(  # noqa
         self,
@@ -204,6 +208,6 @@ def test_another_user_can_not_view_workout_map_when_follower_and_remote_only(  #
             PrivacyLevel.FOLLOWERS_AND_REMOTE
         )
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (False, 'other')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is False
+        )
diff --git a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
index e22c36744..13d61bfc5 100644
--- a/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
+++ b/fittrackee/tests/workouts/test_workouts_api_0_get_workout.py
@@ -61,7 +61,7 @@ def test_it_gets_owner_workout(
         assert 'success' in data['status']
         assert len(data['data']['workouts']) == 1
         assert data['data']['workouts'][0] == jsonify_dict(
-            workout_cycling_user_1.serialize(user_status='owner')
+            workout_cycling_user_1.serialize(user_1)
         )
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 1f9b477a2..87c6ad63b 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -13,6 +13,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ..utils import random_string
+from .utils import add_follower
 
 
 class WorkoutModelTestCase:
@@ -32,8 +33,6 @@ def update_workout(
 
 
 class TestWorkoutModelForOwner(WorkoutModelTestCase):
-    user_status = 'owner'
-
     def test_sport_label_and_date_are_in_string_value(
         self,
         app: Flask,
@@ -67,7 +66,7 @@ def test_serialize_for_workout_without_gpx(
     ) -> None:
         workout = workout_cycling_user_1
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_1)
         assert serialized_workout['ascent'] is None
         assert serialized_workout['ave_speed'] == float(workout.ave_speed)
         assert serialized_workout['bounds'] == []
@@ -110,7 +109,7 @@ def test_serialize_for_workout_without_gpx_and_with_ascent_and_descent(
         workout.ascent = 0
         workout.descent = 10
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_1)
         assert serialized_workout['ascent'] == workout.ascent
         assert serialized_workout['ave_speed'] == float(workout.ave_speed)
         assert serialized_workout['bounds'] == []
@@ -151,7 +150,7 @@ def test_serialize_for_workout_with_gpx(
     ) -> None:
         workout = self.update_workout(workout_cycling_user_1)
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_1)
         assert serialized_workout['ascent'] is None
         assert serialized_workout['ave_speed'] == float(workout.ave_speed)
         assert serialized_workout['bounds'] == [
@@ -198,7 +197,7 @@ def test_serializer_returns_map_related_data(
             workout_cycling_user_1, map_id=random_string()
         )
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_1)
 
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
@@ -272,9 +271,7 @@ def test_workout_visibility_overrides_map_visibility_when_stricter(
             workout_cycling_user_1.calculated_map_visibility
             == expected_map_visibility
         )
-        serialized_workout = workout_cycling_user_1.serialize(
-            user_status=self.user_status
-        )
+        serialized_workout = workout_cycling_user_1.serialize(user_1)
         assert (
             serialized_workout['map_visibility']
             == expected_map_visibility.value
@@ -303,7 +300,7 @@ def test_it_returns_previous_workout(
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        serialized_workout = workout_running_user_1.serialize(self.user_status)
+        serialized_workout = workout_running_user_1.serialize(user_1)
 
         assert (
             serialized_workout['previous_workout']
@@ -319,7 +316,7 @@ def test_it_returns_next_workout(
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
-        serialized_workout = workout_cycling_user_1.serialize(self.user_status)
+        serialized_workout = workout_cycling_user_1.serialize(user_1)
 
         assert (
             serialized_workout['next_workout']
@@ -328,32 +325,32 @@ def test_it_returns_next_workout(
 
 
 class TestWorkoutModelAsFollower(WorkoutModelTestCase):
-    user_status = 'follower'
-
     def test_it_raises_exception_when_workout_visibility_is_private(
         self,
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PRIVATE
+        add_follower(user_1, user_2)
 
         with pytest.raises(WorkoutForbiddenException):
-            workout_cycling_user_1.serialize(user_status=self.user_status)
+            workout_cycling_user_1.serialize(user_2)
 
     def test_serializer_does_not_return_notes(
         self,
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.notes = random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
-        serialized_workout = workout_cycling_user_1.serialize(
-            user_status=self.user_status
-        )
+        add_follower(user_1, user_2)
+        serialized_workout = workout_cycling_user_1.serialize(user_2)
 
         assert serialized_workout['notes'] is None
 
@@ -381,15 +378,17 @@ def test_serializer_returns_map_related_data(
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
+        add_follower(user_1, user_2)
         workout = self.update_workout(
             workout_cycling_user_1, map_id=random_string()
         )
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_2)
 
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
@@ -421,13 +420,15 @@ def test_serializer_does_not_return_map_related_data(
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
+        add_follower(user_1, user_2)
         workout = self.update_workout(workout_cycling_user_1)
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_2)
 
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
@@ -447,11 +448,11 @@ def test_serializer_does_not_return_next_workout(
         user_1: User,
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
+        user_2: User,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
-        serialized_workout = workout_cycling_user_1.serialize(
-            user_status=self.user_status
-        )
+        add_follower(user_1, user_2)
+        serialized_workout = workout_cycling_user_1.serialize(user_2)
 
         assert serialized_workout['next_workout'] is None
 
@@ -461,20 +462,19 @@ def test_serializer_does_not_return_previous_workout(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
         workout_running_user_1.workout_visibility = PrivacyLevel.FOLLOWERS
-        serialized_workout = workout_running_user_1.serialize(
-            user_status=self.user_status
-        )
+        add_follower(user_1, user_2)
 
-        assert serialized_workout['previous_workout'] is None
+        serialized_workout = workout_running_user_1.serialize(user_2)
 
+        assert serialized_workout['previous_workout'] is None
 
-class TestWorkoutModelAsOther(WorkoutModelTestCase):
-    user_status = 'other'
 
+class TestWorkoutModelAsUser(WorkoutModelTestCase):
     @pytest.mark.parametrize(
         'input_desc, input_workout_visibility',
         [
@@ -489,25 +489,26 @@ def test_it_raises_exception_when_workout_visibility_is_not_public(
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
 
         with pytest.raises(WorkoutForbiddenException):
-            workout_cycling_user_1.serialize(user_status=self.user_status)
+            workout_cycling_user_1.serialize(user_2)
 
     def test_serializer_does_not_return_notes(
         self,
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.notes = random_string()
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        serialized_workout = workout_cycling_user_1.serialize(
-            user_status=self.user_status
-        )
+
+        serialized_workout = workout_cycling_user_1.serialize(user_2)
 
         assert serialized_workout['notes'] is None
 
@@ -516,6 +517,7 @@ def test_serializer_returns_map_related_data_when_visibility_is_public(
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
@@ -524,7 +526,7 @@ def test_serializer_returns_map_related_data_when_visibility_is_public(
             workout_cycling_user_1, map_id=random_string()
         )
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_2)
 
         assert serialized_workout['map'] == workout.map
         assert serialized_workout['bounds'] == workout.bounds
@@ -553,13 +555,14 @@ def test_serializer_does_not_return_map_related_data(
         app: Flask,
         sport_1_cycling: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
         workout_cycling_user_1.map_visibility = input_map_visibility
         workout = self.update_workout(workout_cycling_user_1)
 
-        serialized_workout = workout.serialize(user_status=self.user_status)
+        serialized_workout = workout.serialize(user_2)
 
         assert serialized_workout['map'] is None
         assert serialized_workout['bounds'] == []
@@ -577,13 +580,13 @@ def test_serializer_does_not_return_next_workout(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        serialized_workout = workout_cycling_user_1.serialize(
-            user_status=self.user_status
-        )
+
+        serialized_workout = workout_cycling_user_1.serialize(user_2)
 
         assert serialized_workout['next_workout'] is None
 
@@ -593,13 +596,140 @@ def test_serializer_does_not_return_previous_workout(
         sport_1_cycling: Sport,
         sport_2_running: Sport,
         user_1: User,
+        user_2: User,
         workout_cycling_user_1: Workout,
         workout_running_user_1: Workout,
     ) -> None:
         workout_running_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        serialized_workout = workout_running_user_1.serialize(
-            user_status=self.user_status
+
+        serialized_workout = workout_running_user_1.serialize(user_2)
+
+        assert serialized_workout['previous_workout'] is None
+
+
+class TestWorkoutModelAsUnauthenticatedUser(WorkoutModelTestCase):
+    @pytest.mark.parametrize(
+        'input_desc, input_workout_visibility',
+        [
+            ('visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('visibility: private', PrivacyLevel.PRIVATE),
+        ],
+    )
+    def test_it_raises_exception_when_workout_visibility_is_not_public(
+        self,
+        input_desc: str,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+
+        with pytest.raises(WorkoutForbiddenException):
+            workout_cycling_user_1.serialize()
+
+    def test_serializer_does_not_return_notes(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.notes = random_string()
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+
+        serialized_workout = workout_cycling_user_1.serialize()
+
+        assert serialized_workout['notes'] is None
+
+    def test_serializer_returns_map_related_data_when_visibility_is_public(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.map_visibility = PrivacyLevel.PUBLIC
+        workout = self.update_workout(
+            workout_cycling_user_1, map_id=random_string()
+        )
+
+        serialized_workout = workout.serialize()
+
+        assert serialized_workout['map'] == workout.map
+        assert serialized_workout['bounds'] == workout.bounds
+        assert serialized_workout['with_gpx'] is True
+        assert serialized_workout['map_visibility'] == PrivacyLevel.PUBLIC
+        assert serialized_workout['workout_visibility'] == PrivacyLevel.PUBLIC
+        assert serialized_workout['segments'] == []
+
+    @pytest.mark.parametrize(
+        'input_map_visibility,input_workout_visibility',
+        [
+            (
+                PrivacyLevel.PRIVATE,
+                PrivacyLevel.PUBLIC,
+            ),
+            (
+                PrivacyLevel.FOLLOWERS,
+                PrivacyLevel.PUBLIC,
+            ),
+        ],
+    )
+    def test_serializer_does_not_return_map_related_data(
+        self,
+        input_map_visibility: PrivacyLevel,
+        input_workout_visibility: PrivacyLevel,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = input_workout_visibility
+        workout_cycling_user_1.map_visibility = input_map_visibility
+        workout = self.update_workout(workout_cycling_user_1)
+
+        serialized_workout = workout.serialize()
+
+        assert serialized_workout['map'] is None
+        assert serialized_workout['bounds'] == []
+        assert serialized_workout['with_gpx'] is False
+        assert serialized_workout['map_visibility'] == input_map_visibility
+        assert (
+            serialized_workout['workout_visibility']
+            == input_workout_visibility
         )
+        assert serialized_workout['segments'] == []
+
+    def test_serializer_does_not_return_next_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+
+        serialized_workout = workout_cycling_user_1.serialize()
+
+        assert serialized_workout['next_workout'] is None
+
+    def test_serializer_does_not_return_previous_workout(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        workout_running_user_1.workout_visibility = PrivacyLevel.PUBLIC
+
+        serialized_workout = workout_running_user_1.serialize()
 
         assert serialized_workout['previous_workout'] is None
 
diff --git a/fittrackee/tests/workouts/test_workouts_utils_visibility.py b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
index f51a5091e..36eee5a9a 100644
--- a/fittrackee/tests/workouts/test_workouts_utils_visibility.py
+++ b/fittrackee/tests/workouts/test_workouts_utils_visibility.py
@@ -1,15 +1,9 @@
-from unittest.mock import patch
-
 import pytest
 from flask import Flask
 
-from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.privacy_levels import PrivacyLevel, can_view
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
-from fittrackee.workouts.utils.visibility import (
-    can_view_workout,
-    get_workout_user_status,
-)
 
 
 class TestCanViewWorkout:
@@ -41,9 +35,10 @@ def test_workout_owner_can_view_his_workout(
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_workout_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_1, 'workout_visibility', user_1
-        ) == (True, 'owner')
+        assert (
+            can_view(workout_cycling_user_1, 'workout_visibility', user_1)
+            is True
+        )
 
     def test_follower_can_not_view_workout_when_private(
         self,
@@ -57,9 +52,10 @@ def test_follower_can_not_view_workout_when_private(
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PRIVATE
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (False, 'follower')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is False
+        )
 
     @pytest.mark.parametrize(
         'input_description,input_workout_visibility',
@@ -88,9 +84,10 @@ def test_follower_can_view_workout_when_public_or_follower_only(
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = input_workout_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (True, 'follower')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is True
+        )
 
     @pytest.mark.parametrize(
         'input_description,input_workout_visibility',
@@ -117,9 +114,10 @@ def test_another_user_can_not_view_workout_when_private_or_follower_only(
     ) -> None:
         workout_cycling_user_2.workout_visibility = input_workout_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (False, 'other')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is False
+        )
 
     def test_another_user_can_view_workout_when_public(
         self,
@@ -131,9 +129,10 @@ def test_another_user_can_view_workout_when_public(
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        ) == (True, 'other')
+        assert (
+            can_view(workout_cycling_user_2, 'workout_visibility', user_1)
+            is True
+        )
 
     @pytest.mark.parametrize(
         'input_description,input_workout_visibility',
@@ -160,9 +159,7 @@ def test_workout_can_not_viewed_when_no_user_and_private_or_follower_only_visibi
     ) -> None:
         workout_cycling_user_2.workout_visibility = input_workout_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility'
-        ) == (False, 'other')
+        assert can_view(workout_cycling_user_2, 'workout_visibility') is False
 
     def test_workout_can_be_viewed_when_public_and_no_user_provided(
         self,
@@ -174,9 +171,7 @@ def test_workout_can_be_viewed_when_public_and_no_user_provided(
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'workout_visibility'
-        ) == (True, 'other')
+        assert can_view(workout_cycling_user_2, 'workout_visibility') is True
 
 
 class TestCanViewWorkoutMap:
@@ -208,9 +203,9 @@ def test_workout_owner_can_view_his_workout_map(
     ) -> None:
         workout_cycling_user_1.map_visibility = input_map_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_1, 'map_visibility', user_1
-        ) == (True, 'owner')
+        assert (
+            can_view(workout_cycling_user_1, 'map_visibility', user_1) is True
+        )
 
     def test_follower_can_not_view_workout_map_when_private(
         self,
@@ -224,9 +219,9 @@ def test_follower_can_not_view_workout_map_when_private(
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.map_visibility = PrivacyLevel.PRIVATE
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (False, 'follower')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is False
+        )
 
     @pytest.mark.parametrize(
         'input_description,input_map_visibility',
@@ -255,9 +250,9 @@ def test_follower_can_view_workout_map_when_public_or_follower_only(
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.map_visibility = input_map_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (True, 'follower')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is True
+        )
 
     @pytest.mark.parametrize(
         'input_description,input_map_visibility',
@@ -284,9 +279,9 @@ def test_another_user_can_not_view_workout_map_when_private_or_follower_only(  #
     ) -> None:
         workout_cycling_user_2.map_visibility = input_map_visibility
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (False, 'other')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is False
+        )
 
     def test_another_user_can_view_workout_map_when_public(
         self,
@@ -298,9 +293,9 @@ def test_another_user_can_view_workout_map_when_public(
     ) -> None:
         workout_cycling_user_2.map_visibility = PrivacyLevel.PUBLIC
 
-        assert can_view_workout(
-            workout_cycling_user_2, 'map_visibility', user_1
-        ) == (True, 'other')
+        assert (
+            can_view(workout_cycling_user_2, 'map_visibility', user_1) is True
+        )
 
     @pytest.mark.parametrize(
         'input_description,input_map_visibility',
@@ -327,10 +322,7 @@ def test_map_can_not_viewed_when_no_user_and_private_or_follower_only_visibility
     ) -> None:
         workout_cycling_user_2.map_visibility = input_map_visibility
 
-        assert can_view_workout(workout_cycling_user_2, 'map_visibility') == (
-            False,
-            'other',
-        )
+        assert can_view(workout_cycling_user_2, 'map_visibility') is False
 
     def test_workout_can_be_viewed_when_public_and_no_user_provided(
         self,
@@ -342,39 +334,4 @@ def test_workout_can_be_viewed_when_public_and_no_user_provided(
     ) -> None:
         workout_cycling_user_2.map_visibility = PrivacyLevel.PUBLIC
 
-        assert can_view_workout(workout_cycling_user_2, 'map_visibility') == (
-            True,
-            'other',
-        )
-
-
-class TestGetUserStatus:
-    def test_it_calls_can_view_workout_to_get_user_status(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        with patch(
-            'fittrackee.workouts.utils.visibility.can_view_workout',
-            return_value=(False, 'other'),
-        ) as can_view_workout_mock:
-            get_workout_user_status(workout_cycling_user_2, user_1)
-
-        can_view_workout_mock.assert_called_once_with(
-            workout_cycling_user_2, 'workout_visibility', user_1
-        )
-
-    def test_it_returns_user_status(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        assert (
-            get_workout_user_status(workout_cycling_user_2, user_1) == 'other'
-        )
+        assert can_view(workout_cycling_user_2, 'map_visibility') is True
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 65f83eef7..103f198d8 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -46,6 +46,11 @@ def post_a_workout(
     return token, data['data']['workouts'][0]['id']
 
 
+def add_follower(user: User, follower: User) -> None:
+    follower.send_follow_request_to(user)
+    user.approves_follow_request_from(follower)
+
+
 class WorkoutCommentMixin(RandomMixin):
     def create_comment(
         self,
diff --git a/fittrackee/workouts/decorators.py b/fittrackee/workouts/decorators.py
index 5f18d1735..b114f93a9 100644
--- a/fittrackee/workouts/decorators.py
+++ b/fittrackee/workouts/decorators.py
@@ -1,42 +1,78 @@
 from functools import wraps
 from typing import Any, Callable
 
-from fittrackee.responses import ForbiddenErrorResponse, NotFoundErrorResponse
+from fittrackee.privacy_levels import can_view
+from fittrackee.responses import (
+    DataNotFoundErrorResponse,
+    ForbiddenErrorResponse,
+    NotFoundErrorResponse,
+)
 from fittrackee.utils import decode_short_id
 from fittrackee.workouts.models import Workout, WorkoutComment
 
-from .utils.comment_visibility import can_view_workout_comment
-
-
-def check_workout_comment(f: Callable) -> Callable:
-    @wraps(f)
-    def decorated_function(*args: Any, **kwargs: Any) -> Callable:
-        auth_user = args[0]
-        workout_short_id = kwargs["workout_short_id"]
-        comment_short_id = kwargs["comment_short_id"]
-        workout_uuid = decode_short_id(workout_short_id)
-        workout = Workout.query.filter_by(uuid=workout_uuid).first()
-        if not workout:
-            return NotFoundErrorResponse(
-                f"workout not found (id: {workout_short_id})"
-            )
-
-        workout_comment_uuid = decode_short_id(comment_short_id)
-        workout_comment = WorkoutComment.query.filter_by(
-            uuid=workout_comment_uuid
-        ).first()
-        if not workout_comment:
-            return NotFoundErrorResponse(
-                f"workout comment not found (id: {comment_short_id})"
-            )
-
-        if not can_view_workout_comment(workout_comment, auth_user):
-            return NotFoundErrorResponse(
-                f"workout comment not found (id: {comment_short_id})"
-            )
-
-        if auth_user.id != workout_comment.user.id:
-            return ForbiddenErrorResponse()
-        return f(auth_user, workout_comment)
-
-    return decorated_function
+
+def check_workout(check_owner: bool = True) -> Callable:
+    def decorator_check_workout(f: Callable) -> Callable:
+        @wraps(f)
+        def wrapper_check_workout(*args: Any, **kwargs: Any) -> Callable:
+            auth_user = args[0]
+            workout_short_id = kwargs["workout_short_id"]
+            workout_uuid = decode_short_id(workout_short_id)
+            workout = Workout.query.filter_by(uuid=workout_uuid).first()
+            if not workout:
+                return DataNotFoundErrorResponse('workouts')
+
+            if not can_view(workout, 'workout_visibility', auth_user):
+                return DataNotFoundErrorResponse('workouts')
+
+            if check_owner and (
+                not auth_user or auth_user.id != workout.user.id
+            ):
+                return ForbiddenErrorResponse()
+
+            return f(auth_user, workout, **kwargs)
+
+        return wrapper_check_workout
+
+    return decorator_check_workout
+
+
+def check_workout_comment(check_owner: bool = True) -> Callable:
+    def decorator_check_workout_comment(f: Callable) -> Callable:
+        @wraps(f)
+        def wrapper_check_workout_comment(
+            *args: Any, **kwargs: Any
+        ) -> Callable:
+            auth_user = args[0]
+            workout_short_id = kwargs["workout_short_id"]
+            comment_short_id = kwargs["comment_short_id"]
+            workout_uuid = decode_short_id(workout_short_id)
+            workout = Workout.query.filter_by(uuid=workout_uuid).first()
+            if not workout:
+                return NotFoundErrorResponse(
+                    f"workout not found (id: {workout_short_id})"
+                )
+
+            workout_comment_uuid = decode_short_id(comment_short_id)
+            workout_comment = WorkoutComment.query.filter_by(
+                uuid=workout_comment_uuid
+            ).first()
+            if not workout_comment:
+                return NotFoundErrorResponse(
+                    f"workout comment not found (id: {comment_short_id})"
+                )
+
+            if not can_view(workout_comment, "text_visibility", auth_user):
+                return NotFoundErrorResponse(
+                    f"workout comment not found (id: {comment_short_id})"
+                )
+
+            if check_owner and (
+                not auth_user or auth_user.id != workout_comment.user.id
+            ):
+                return ForbiddenErrorResponse()
+            return f(auth_user, workout_comment)
+
+        return wrapper_check_workout_comment
+
+    return decorator_check_workout_comment
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 0df74b611..4541b8815 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -19,11 +19,14 @@
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
-from fittrackee.privacy_levels import PrivacyLevel, get_map_visibility
+from fittrackee.privacy_levels import (
+    PrivacyLevel,
+    can_view,
+    get_map_visibility,
+)
 from fittrackee.utils import encode_uuid
 
 from .exceptions import CommentForbiddenException, WorkoutForbiddenException
-from .utils.comment_visibility import can_view_workout_comment
 from .utils.convert import convert_in_duration, convert_value_to_integer
 
 if TYPE_CHECKING:
@@ -226,43 +229,16 @@ def short_id(self) -> str:
     def calculated_map_visibility(self) -> PrivacyLevel:
         return get_map_visibility(self.map_visibility, self.workout_visibility)
 
-    def _can_see_map_data(self, user_status: str) -> bool:
-        return (
-            user_status == 'owner'
-            or self.calculated_map_visibility == PrivacyLevel.PUBLIC
-            or (
-                self.calculated_map_visibility
-                in [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE]
-                and user_status == 'follower'
-            )
-            or (
-                self.calculated_map_visibility
-                == PrivacyLevel.FOLLOWERS_AND_REMOTE
-                and user_status == 'remote_follower'
-            )
-        )
-
     def serialize(
-        self, user_status: str, params: Optional[Dict] = None
+        self, user: Optional['User'] = None, params: Optional[Dict] = None
     ) -> Dict:
-        if (
-            (
-                self.workout_visibility == PrivacyLevel.PRIVATE
-                and user_status != 'owner'
-            )
-            or (
-                self.workout_visibility == PrivacyLevel.FOLLOWERS
-                and user_status == 'remote_follower'
-            )
-            or (
-                self.workout_visibility != PrivacyLevel.PUBLIC
-                and user_status == 'other'
-            )
-        ):
+        if not can_view(self, "workout_visibility", user=user):
             raise WorkoutForbiddenException()
-        can_see_map_data = self._can_see_map_data(user_status)
-
-        if user_status == 'owner':
+        can_see_map_data = can_view(
+            self, "calculated_map_visibility", user=user
+        )
+        is_owner = user and user.id == self.user_id
+        if is_owner:
             date_from = params.get('from') if params else None
             date_to = params.get('to') if params else None
             distance_from = params.get('distance_from') if params else None
@@ -370,9 +346,9 @@ def serialize(
             'distance': float(self.distance) if self.distance else None,
             'min_alt': float(self.min_alt) if self.min_alt else None,
             'max_alt': float(self.max_alt) if self.max_alt else None,
-            'descent': float(self.descent)
-            if self.descent is not None
-            else None,
+            'descent': (
+                float(self.descent) if self.descent is not None else None
+            ),
             'ascent': float(self.ascent) if self.ascent is not None else None,
             'max_speed': float(self.max_speed) if self.max_speed else None,
             'ave_speed': float(self.ave_speed) if self.ave_speed else None,
@@ -396,7 +372,7 @@ def serialize(
             'map_visibility': self.calculated_map_visibility.value,
             'weather_start': self.weather_start,
             'weather_end': self.weather_end,
-            'notes': self.notes if user_status == 'owner' else None,
+            'notes': self.notes if is_owner else None,
             'workout_visibility': self.workout_visibility.value,
         }
         if self.user.is_remote:
@@ -404,9 +380,7 @@ def serialize(
         return workout
 
     @classmethod
-    def get_user_workout_records(
-        cls, user_id: int, sport_id: int, as_integer: Optional[bool] = False
-    ) -> Dict:
+    def get_user_workout_records(cls, user_id: int, sport_id: int) -> Dict:
         """
         Note:
         Values for ascent are null for workouts without gpx
@@ -730,7 +704,7 @@ def short_id(self) -> str:
 
     def serialize(self, user: Optional['User'] = None) -> Dict:
         # TODO: mentions
-        if not can_view_workout_comment(self, user):
+        if not can_view(self, 'text_visibility', user):
             raise CommentForbiddenException
         return {
             'id': self.short_id,
diff --git a/fittrackee/workouts/timeline.py b/fittrackee/workouts/timeline.py
index 80ce93c6c..763f73e4c 100644
--- a/fittrackee/workouts/timeline.py
+++ b/fittrackee/workouts/timeline.py
@@ -10,7 +10,6 @@
 from fittrackee.users.utils.following import get_following
 
 from .models import Workout
-from .utils.visibility import get_workout_user_status
 
 timeline_blueprint = Blueprint('timeline', __name__)
 
@@ -57,10 +56,7 @@ def get_user_timeline(auth_user: User) -> Union[Dict, HttpResponse]:
             'status': 'success',
             'data': {
                 'workouts': [
-                    workout.serialize(
-                        get_workout_user_status(workout, auth_user)
-                    )
-                    for workout in workouts
+                    workout.serialize(auth_user) for workout in workouts
                 ]
             },
             'pagination': {
diff --git a/fittrackee/workouts/utils/comment_visibility.py b/fittrackee/workouts/utils/comment_visibility.py
deleted file mode 100644
index 7fbc309ad..000000000
--- a/fittrackee/workouts/utils/comment_visibility.py
+++ /dev/null
@@ -1,38 +0,0 @@
-from typing import TYPE_CHECKING, Optional
-
-from fittrackee.privacy_levels import PrivacyLevel
-
-if TYPE_CHECKING:
-    from fittrackee.users.models import User
-    from fittrackee.workouts.models import WorkoutComment
-
-
-def can_view_workout_comment(
-    workout_comment: 'WorkoutComment',
-    user: Optional['User'] = None,
-) -> bool:
-    # TODO: handle mentions
-    if (
-        workout_comment.text_visibility == PrivacyLevel.PUBLIC
-        or user == workout_comment.user
-    ):
-        return True
-
-    if not user:
-        return False
-
-    if (
-        workout_comment.text_visibility == PrivacyLevel.FOLLOWERS
-        and user in workout_comment.user.followers
-        and user.is_remote is False
-        and workout_comment.user.is_remote is False
-    ):
-        return True
-
-    if (
-        workout_comment.text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-        and user in workout_comment.user.followers
-    ):
-        return True
-
-    return False
diff --git a/fittrackee/workouts/utils/visibility.py b/fittrackee/workouts/utils/visibility.py
deleted file mode 100644
index dff8b44b2..000000000
--- a/fittrackee/workouts/utils/visibility.py
+++ /dev/null
@@ -1,69 +0,0 @@
-from typing import Optional, Tuple
-
-from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.users.models import User
-from fittrackee.workouts.models import Workout
-
-
-def can_view_workout(
-    workout: Workout,
-    visibility: str,
-    user: Optional[User] = None,
-) -> Tuple[bool, str]:
-    """
-    returns if user can view workout and status used by workout serializer
-
-    status:
-    - owner: provided user is workout owner
-    - follower: provided user follows workout owner
-    - remote_follower: provided user follows workout owner from remote instance
-    - other: other cases (user does not follow workout owner,
-      unauthenticated user (no user provided))
-    """
-    status = 'other'
-    if user is not None:
-        if workout.user_id == user.id:
-            status = 'owner'
-        if user in workout.user.followers:
-            status = (
-                'remote_follower' if workout.user.is_remote else 'follower'
-            )
-
-    visibility = getattr(workout, visibility)
-    if (
-        visibility == PrivacyLevel.PUBLIC
-        or user is not None
-        and (
-            workout.user_id == user.id
-            or (
-                user in workout.user.followers
-                and visibility
-                in [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE]
-                and status == 'follower'
-            )
-            or (
-                user in workout.user.followers
-                and visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-                and status == 'remote_follower'
-            )
-        )
-    ):
-        return True, status
-    return False, status
-
-
-def get_workout_user_status(
-    workout: Workout,
-    user: Optional[User] = None,
-) -> str:
-    """
-    returns user status depending on workout visibility and relationship
-
-    status:
-    - owner: provided user is workout owner
-    - follower: provided user follows workout owner
-    - other: other cases (user does not follow workout owner,
-      unauthenticated user (no user provided))
-    """
-    _, user_status = can_view_workout(workout, 'workout_visibility', user)
-    return user_status
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 677a7142f..95601a1d0 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -22,11 +22,10 @@
 from fittrackee.federation.tasks.inbox import send_to_remote_inbox
 from fittrackee.federation.utils import sending_activities_allowed
 from fittrackee.oauth2.server import require_auth
-from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.privacy_levels import PrivacyLevel, can_view
 from fittrackee.responses import (
     DataInvalidPayloadErrorResponse,
     DataNotFoundErrorResponse,
-    ForbiddenErrorResponse,
     HttpResponse,
     InternalServerErrorResponse,
     InvalidPayloadErrorResponse,
@@ -39,16 +38,14 @@
 from fittrackee.users.utils.following import get_following
 from fittrackee.utils import decode_short_id
 
-from .decorators import check_workout_comment
+from .decorators import check_workout, check_workout_comment
 from .models import Workout, WorkoutComment
-from .utils.comment_visibility import can_view_workout_comment
 from .utils.convert import convert_in_duration
 from .utils.gpx import (
     WorkoutGPXException,
     extract_segment_from_gpx_file,
     get_chart_data,
 )
-from .utils.visibility import can_view_workout
 from .utils.workouts import (
     WorkoutException,
     create_workout,
@@ -317,7 +314,8 @@ def get_workouts(auth_user: User) -> Union[Dict, HttpResponse]:
             'status': 'success',
             'data': {
                 'workouts': [
-                    workout.serialize('owner', params) for workout in workouts
+                    workout.serialize(auth_user, params)
+                    for workout in workouts
                 ]
             },
             'pagination': {
@@ -336,8 +334,9 @@ def get_workouts(auth_user: User) -> Union[Dict, HttpResponse]:
     '/workouts/<string:workout_short_id>', methods=['GET']
 )
 @require_auth(scopes=['workouts:read'], optional_auth_user=True)
+@check_workout(check_owner=False)
 def get_workout(
-    auth_user: Optional[User], workout_short_id: str
+    auth_user: Optional[User], workout: Workout, workout_short_id: str
 ) -> Union[Dict, HttpResponse]:
     """
     Get a workout.
@@ -421,20 +420,9 @@ def get_workout(
     :statuscode 404: workout not found
 
     """
-    workout_uuid = decode_short_id(workout_short_id)
-    workout = Workout.query.filter_by(uuid=workout_uuid).first()
-    if not workout:
-        return DataNotFoundErrorResponse('workouts')
-
-    can_view, user_status = can_view_workout(
-        workout, 'workout_visibility', auth_user
-    )
-    if not can_view:
-        return DataNotFoundErrorResponse('workouts')
-
     return {
         'status': 'success',
-        'data': {'workouts': [workout.serialize(user_status)]},
+        'data': {'workouts': [workout.serialize(auth_user)]},
     }
 
 
@@ -454,10 +442,7 @@ def get_workout_data(
     if not workout:
         return not_found_response
 
-    can_view, user_status = can_view_workout(
-        workout, 'map_visibility', auth_user
-    )
-    if not can_view:
+    if not can_view(workout, 'calculated_map_visibility', auth_user):
         return not_found_response
 
     if not workout.gpx or workout.gpx == '':
@@ -1071,7 +1056,7 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
                 'status': 'created',
                 'data': {
                     'workouts': [
-                        new_workout.serialize('owner')
+                        new_workout.serialize(auth_user)
                         for new_workout in new_workouts
                     ]
                 },
@@ -1254,7 +1239,7 @@ def post_workout_no_gpx(
         return (
             {
                 'status': 'created',
-                'data': {'workouts': [new_workout.serialize('owner')]},
+                'data': {'workouts': [new_workout.serialize(auth_user)]},
             },
             201,
         )
@@ -1272,8 +1257,9 @@ def post_workout_no_gpx(
     '/workouts/<string:workout_short_id>', methods=['PATCH']
 )
 @require_auth(scopes=['workouts:write'])
+@check_workout()
 def update_workout(
-    auth_user: User, workout_short_id: str
+    auth_user: User, workout: Workout, workout_short_id: str
 ) -> Union[Dict, HttpResponse]:
     """
     Update a workout.
@@ -1402,18 +1388,6 @@ def update_workout(
         return InvalidPayloadErrorResponse()
 
     try:
-        workout_uuid = decode_short_id(workout_short_id)
-        workout = Workout.query.filter_by(uuid=workout_uuid).first()
-        if not workout:
-            return DataNotFoundErrorResponse('workouts')
-
-        can_view, _ = can_view_workout(
-            workout, 'workout_visibility', auth_user
-        )
-        if not can_view:
-            return DataNotFoundErrorResponse('workouts')
-        if auth_user.id != workout.user.id:
-            return ForbiddenErrorResponse()
         old_workout = (
             copy(workout) if current_app.config['federation_enabled'] else None
         )
@@ -1448,7 +1422,7 @@ def update_workout(
         workout = edit_workout(workout, workout_data, auth_user)
         db.session.commit()
 
-        if current_app.config['federation_enabled']:
+        if old_workout:
             if workout.workout_visibility in (
                 PrivacyLevel.PUBLIC,
                 PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -1469,7 +1443,7 @@ def update_workout(
 
         return {
             'status': 'success',
-            'data': {'workouts': [workout.serialize('owner')]},
+            'data': {'workouts': [workout.serialize(auth_user)]},
         }
 
     except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
@@ -1480,8 +1454,9 @@ def update_workout(
     '/workouts/<string:workout_short_id>', methods=['DELETE']
 )
 @require_auth(scopes=['workouts:write'])
+@check_workout()
 def delete_workout(
-    auth_user: User, workout_short_id: str
+    auth_user: User, workout: Workout, workout_short_id: str
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     """
     Delete a workout.
@@ -1515,21 +1490,7 @@ def delete_workout(
     :statuscode 500: error, please try again or contact the administrator
 
     """
-
     try:
-        workout_uuid = decode_short_id(workout_short_id)
-        workout = Workout.query.filter_by(uuid=workout_uuid).first()
-        if not workout:
-            return DataNotFoundErrorResponse('workouts')
-
-        can_view, _ = can_view_workout(
-            workout, 'workout_visibility', auth_user
-        )
-        if not can_view:
-            return DataNotFoundErrorResponse('workouts')
-        if auth_user.id != workout.user.id:
-            return ForbiddenErrorResponse()
-
         if sending_activities_allowed(workout.workout_visibility):
             handle_workout_activities(workout, activity_type='Delete')
 
@@ -1559,21 +1520,18 @@ def add_workout_comment(
         or not comment_data.get('text_visibility')
     ):
         return InvalidPayloadErrorResponse()
-
-    workout_uuid = decode_short_id(workout_short_id)
-    workout = Workout.query.filter_by(uuid=workout_uuid).first()
-    if not workout:
-        return NotFoundErrorResponse(
-            f"workout not found (id: {workout_short_id})"
-        )
-
-    can_view, _ = can_view_workout(workout, 'workout_visibility', auth_user)
-    if not can_view:
-        return NotFoundErrorResponse(
-            f"workout not found (id: {workout_short_id})"
-        )
-
     try:
+        workout_uuid = decode_short_id(workout_short_id)
+        workout = Workout.query.filter_by(uuid=workout_uuid).first()
+        if not workout:
+            return NotFoundErrorResponse(
+                f"workout not found (id: {workout_short_id})"
+            )
+
+        if not can_view(workout, 'workout_visibility', auth_user):
+            return NotFoundErrorResponse(
+                f"workout not found (id: {workout_short_id})"
+            )
         new_comment = WorkoutComment(
             user_id=auth_user.id,
             workout_id=workout.id,
@@ -1627,30 +1585,10 @@ def add_workout_comment(
     methods=["GET"],
 )
 @require_auth(scopes=['workouts:read'], optional_auth_user=True)
+@check_workout_comment(check_owner=False)
 def get_workout_comment(
-    auth_user: Optional[User], workout_short_id: str, comment_short_id: str
+    auth_user: Optional[User], workout_comment: WorkoutComment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
-    workout_uuid = decode_short_id(workout_short_id)
-    workout = Workout.query.filter_by(uuid=workout_uuid).first()
-    if not workout:
-        return NotFoundErrorResponse(
-            f"workout not found (id: {workout_short_id})"
-        )
-
-    workout_comment_uuid = decode_short_id(comment_short_id)
-    workout_comment = WorkoutComment.query.filter_by(
-        uuid=workout_comment_uuid
-    ).first()
-    if not workout_comment:
-        return NotFoundErrorResponse(
-            f"workout comment not found (id: {comment_short_id})"
-        )
-
-    if not can_view_workout_comment(workout_comment, auth_user):
-        return NotFoundErrorResponse(
-            f"workout comment not found (id: {comment_short_id})"
-        )
-
     return (
         {
             'status': 'success',
@@ -1739,7 +1677,7 @@ def get_workout_comments(
     methods=["DELETE"],
 )
 @require_auth(scopes=['workouts:write'])
-@check_workout_comment
+@check_workout_comment()
 def delete_workout_comment(
     auth_user: User, workout_comment: WorkoutComment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
@@ -1773,7 +1711,7 @@ def delete_workout_comment(
     methods=['PATCH'],
 )
 @require_auth(scopes=['workouts:write'])
-@check_workout_comment
+@check_workout_comment()
 def update_workout_comment(
     auth_user: User, workout_comment: WorkoutComment
 ) -> Union[Dict, HttpResponse]:

From b3c838be17e1ab607e633bc2ff65591cdd4f1ae3 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 20 Jan 2023 10:59:09 +0100
Subject: [PATCH 191/238] API - init comment reply

---
 fittrackee/federation/objects/comment.py      |  6 +-
 .../30_8842c351a2d8_init_social_features.py   |  5 ++
 ...test_federation_objects_workout_comment.py | 48 +++++++++++++
 .../workouts/test_workouts_comments_api.py    | 43 ++++++++++-
 .../workouts/test_workouts_comments_models.py |  2 +
 .../workouts/test_workouts_comments_api.py    | 71 ++++++++++++++++++-
 .../workouts/test_workouts_comments_models.py |  4 ++
 fittrackee/tests/workouts/utils.py            |  2 +
 fittrackee/workouts/models.py                 | 18 ++++-
 fittrackee/workouts/workouts.py               | 11 +++
 10 files changed, 205 insertions(+), 5 deletions(-)

diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index c8854c055..118c8587c 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -31,7 +31,11 @@ def __init__(
     def get_activity(self) -> Dict:
         self.activity_dict['object']['type'] = 'Note'
         self.activity_dict['object']['content'] = self.workout_comment.text
-        self.activity_dict['object']['inReplyTo'] = self.workout.ap_id
+        self.activity_dict['object']['inReplyTo'] = (
+            self.workout_comment.parent_comment.ap_id
+            if self.workout_comment.reply_to
+            else self.workout.ap_id
+        )
         if self.type == ActivityType.UPDATE:
             self.activity_dict['object'] = {
                 **self.activity_dict['object'],
diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index 831000420..9e0b9b2b3 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -277,6 +277,7 @@ def upgrade():
     sa.Column('remote_url', sa.Text(), nullable=True),
     sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
     sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ),
+    sa.ForeignKeyConstraint(['reply_to'], ['workout_comments.id'], ),
     sa.PrimaryKeyConstraint('id'),
     sa.UniqueConstraint('uuid')
     )
@@ -291,10 +292,14 @@ def upgrade():
     )
     with op.batch_alter_table('workout_comments', schema=None) as batch_op:
         batch_op.create_index(batch_op.f('ix_workout_comments_user_id'), ['user_id'], unique=False)
+        batch_op.create_index(batch_op.f('ix_workout_comments_workout_id'), ['workout_id'], unique=False)
+        batch_op.create_index(batch_op.f('ix_workout_comments_reply_to'), ['reply_to'], unique=False)
 
 def downgrade():
     with op.batch_alter_table('workout_comments', schema=None) as batch_op:
         batch_op.drop_index(batch_op.f('ix_workout_comments_user_id'))
+        batch_op.drop_index(batch_op.f('ix_workout_comments_workout_id'))
+        batch_op.drop_index(batch_op.f('ix_workout_comments_reply_to'))
     op.drop_table('workout_comments')
 
     op.drop_column('workouts', 'remote_url')
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index dba674cf4..5b10657df 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -136,6 +136,54 @@ def test_it_generates_activity_when_visibility_is_public(
             },
         }
 
+    def test_it_generates_activity_when_comment_has_parent_comment(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        parent_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+        published = workout_comment.created_at.strftime(DATE_FORMAT)
+        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+
+        serialized_comment = comment_object.get_activity()
+
+        assert serialized_comment == {
+            "@context": AP_CTX,
+            "id": f"{workout_comment.ap_id}/create",
+            "type": "Create",
+            "actor": user_2.actor.activitypub_id,
+            "published": published,
+            "to": ["https://www.w3.org/ns/activitystreams#Public"],
+            "cc": [user_2.actor.followers_url],
+            "object": {
+                "id": workout_comment.ap_id,
+                "type": "Note",
+                "published": published,
+                "url": workout_comment.remote_url,
+                "attributedTo": user_2.actor.activitypub_id,
+                "inReplyTo": parent_comment.ap_id,
+                "content": workout_comment.text,
+                "to": ["https://www.w3.org/ns/activitystreams#Public"],
+                "cc": [user_2.actor.followers_url],
+            },
+        }
+
 
 class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
     @pytest.mark.parametrize(
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 28bca4ddd..376c51871 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -15,7 +15,9 @@
 
 
 @patch('fittrackee.workouts.workouts.send_to_remote_inbox')
-class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
+class TestPostWorkoutComment(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
     @pytest.mark.parametrize(
         'input_workout_visibility',
         [
@@ -142,6 +144,45 @@ def test_it_returns_201_when_comment_is_created(
             f'workouts/{remote_cycling_workout.short_id}/'
             f'comments/{new_comment.short_id}'
         )
+        assert new_comment.reply_to is None
+
+    def test_it_returns_201_when_user_replies_to_a_remote_comment(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.PUBLIC,
+                    reply_to=workout_comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert data['comment']['reply_to'] == workout_comment.short_id
 
     def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
         self,
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index a9df8000b..bae521e60 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -103,6 +103,7 @@ def test_it_serializes_owner_comment(
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
         }
 
 
@@ -181,6 +182,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
         }
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index 4b6ca92cc..6cfabe173 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -14,7 +14,9 @@
 from .utils import WorkoutCommentMixin
 
 
-class TestPostWorkoutComment(ApiTestCaseMixin, BaseTestMixin):
+class TestPostWorkoutComment(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
     def test_it_returns_error_if_user_is_not_authenticated(
         self,
         app: Flask,
@@ -260,6 +262,73 @@ def test_it_returns_201_when_comment_is_created(
         ).first()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
 
+    def test_it_returns_400_when_user_replies_to_not_existing_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.PUBLIC,
+                    reply_to=self.random_short_id(),
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(response, "'reply_to' is invalid")
+
+    def test_it_returns_201_when_user_replies_to_a_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=PrivacyLevel.PUBLIC,
+                    reply_to=workout_comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert data['comment']['reply_to'] == workout_comment.short_id
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index 8cb4a05fa..1b0464a4b 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -222,6 +222,7 @@ def test_it_serializes_owner_comment(
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
         }
 
 
@@ -296,6 +297,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
         }
 
 
@@ -348,6 +350,7 @@ def test_it_serializes_comment_when_comment_is_public(
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
         }
 
 
@@ -400,4 +403,5 @@ def test_it_serializes_comment_when_comment_is_public(
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
         }
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 103f198d8..fa9075c7c 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -59,6 +59,7 @@ def create_comment(
         text: Optional[str] = None,
         text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
         created_at: Optional[datetime] = None,
+        parent_comment: Optional[WorkoutComment] = None,
     ) -> WorkoutComment:
         text = self.random_string() if text is None else text
         comment = WorkoutComment(
@@ -68,6 +69,7 @@ def create_comment(
             text=text,
             text_visibility=text_visibility,
             created_at=created_at,
+            reply_to=parent_comment.id if parent_comment else None,
         )
         db.session.add(comment)
         db.session.flush()
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 4541b8815..b02d9069d 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -628,7 +628,13 @@ class WorkoutComment(BaseModel):
         db.Integer, db.ForeignKey('users.id'), index=True, nullable=False
     )
     workout_id = db.Column(
-        db.Integer, db.ForeignKey('workouts.id'), nullable=False
+        db.Integer, db.ForeignKey('workouts.id'), index=True, nullable=False
+    )
+    reply_to = db.Column(
+        db.Integer,
+        db.ForeignKey('workout_comments.id'),
+        index=True,
+        nullable=True,
     )
     created_at = db.Column(db.DateTime, default=datetime.datetime.utcnow)
     modification_date = db.Column(db.DateTime, nullable=True)
@@ -638,10 +644,13 @@ class WorkoutComment(BaseModel):
         server_default='PRIVATE',
         nullable=False,
     )
-    reply_to = db.Column(db.Integer, nullable=True)
     ap_id = db.Column(db.Text(), nullable=True)
     remote_url = db.Column(db.Text(), nullable=True)
 
+    parent_comment = db.relationship(
+        'WorkoutComment', remote_side=[id], lazy='joined'
+    )
+
     def __repr__(self) -> str:
         return f'<WorkoutComment {self.id}>'
 
@@ -653,6 +662,7 @@ def __init__(
         text: str,
         text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
         created_at: Optional[datetime.datetime] = None,
+        reply_to: Optional[int] = None,
     ) -> None:
         self.user_id = user_id
         self.workout_id = workout_id
@@ -663,6 +673,7 @@ def __init__(
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
+        self.reply_to = reply_to
 
     @staticmethod
     def _check_visibility(
@@ -714,6 +725,9 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
             'text_visibility': self.text_visibility,
             'created_at': self.created_at,
             'modification_date': self.modification_date,
+            'reply_to': (
+                self.parent_comment.short_id if self.reply_to else None
+            ),
         }
 
     def get_activity(self, activity_type: str) -> Dict:
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 95601a1d0..b76f79b5e 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1532,12 +1532,23 @@ def add_workout_comment(
             return NotFoundErrorResponse(
                 f"workout not found (id: {workout_short_id})"
             )
+
+        reply_to = comment_data.get('reply_to')
+        workout_comment = None
+        if reply_to:
+            workout_comment = WorkoutComment.query.filter_by(
+                uuid=decode_short_id(reply_to)
+            ).first()
+            if not workout_comment:
+                return InvalidPayloadErrorResponse("'reply_to' is invalid")
+
         new_comment = WorkoutComment(
             user_id=auth_user.id,
             workout_id=workout.id,
             workout_visibility=workout.workout_visibility,
             text=comment_data['text'],
             text_visibility=PrivacyLevel(comment_data['text_visibility']),
+            reply_to=workout_comment.id if workout_comment else None,
         )
         db.session.add(new_comment)
         db.session.flush()

From ff8c0967c4728308085a2e9f23728b64ff340eaa Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Fri, 20 Jan 2023 12:18:58 +0100
Subject: [PATCH 192/238] API - create remote comment reply

---
 .../federation/activities/activities.py       | 27 +++++-
 .../test_federation_activities_activities.py  | 92 ++++++++++++++++++-
 2 files changed, 114 insertions(+), 5 deletions(-)

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index f58f501be..50235ab52 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -1,3 +1,4 @@
+import re
 from abc import ABC, abstractmethod
 from datetime import datetime, timedelta
 from typing import Dict, Tuple
@@ -195,8 +196,29 @@ def create_remote_workout(self, actor: Actor) -> None:
 
     def create_remote_note(self, actor: Actor) -> None:
         note_data = self.activity["object"]
-        reply_to_object = note_data.get("inReplyTo")
-        workout = Workout.query.filter_by(ap_id=reply_to_object).first()
+        reply_to_object_api_id = note_data.get("inReplyTo")
+        workout = None
+        parent_comment = None
+        if reply_to_object_api_id:
+            if re.match(
+                r"https://(.*)/workouts/(.*)/comments/(.*)",
+                reply_to_object_api_id,
+            ):
+                parent_comment = WorkoutComment.query.filter_by(
+                    ap_id=reply_to_object_api_id
+                ).first()
+                if not parent_comment:
+                    raise ObjectNotFoundException(
+                        "parent workout_comment", self.activity_name()
+                    )
+                workout = parent_comment.workout
+            elif re.match(
+                r"https://(.*)/workouts/(.*)", reply_to_object_api_id
+            ):
+                workout = Workout.query.filter_by(
+                    ap_id=reply_to_object_api_id
+                ).first()
+
         if not workout:
             raise ObjectNotFoundException("workout", self.activity_name())
 
@@ -206,6 +228,7 @@ def create_remote_note(self, actor: Actor) -> None:
             workout_visibility=workout.workout_visibility,
             text=note_data["content"],
             text_visibility=self._get_visibility(note_data, actor),
+            reply_to=parent_comment.id if parent_comment else None,
         )
         new_comment.ap_id = note_data["id"]
         new_comment.remote_url = note_data["url"]
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index ca1c1b35a..f3befbb0c 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -1251,9 +1251,9 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_visibility
-        workout_cycling_user_1.api_id = (
-            f'{user_1.actor.domain}/federation/users/{user_1.username}/'
-            f'workouts/{workout_cycling_user_1.short_id}'
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
         )
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=remote_user.actor,
@@ -1273,6 +1273,92 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         assert remote_comment.remote_url == comment_activity['object']['url']
         assert remote_comment.text == comment_activity['object']['content']
         assert remote_comment.text_visibility == input_visibility
+        assert remote_comment.reply_to is None
+
+
+class TestCreateActivityForWorkoutCommentReply(
+    WorkoutCommentMixin, WorkoutCommentActivitiesTestCase
+):
+    def test_it_raises_error_if_parent_comment_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
+        comment_activity = self.generate_workout_comment_create_activity(
+            remote_actor=remote_user.actor, workout=workout_cycling_user_1
+        )
+        comment_activity["object"]["inReplyTo"] = (
+            comment_activity["object"]["inReplyTo"]
+            + f"/comments/{self.random_short_id()}"
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        with pytest.raises(
+            ObjectNotFoundException,
+            match='parent workout_comment not found for CreateActivity',
+        ):
+            activity.process_activity()
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_creates_remote_workout_comment_with_expected_visibility(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
+        parent_comment = self.create_comment(
+            user_1, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
+        )
+        parent_comment.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}/comments/'
+            + parent_comment.short_id
+        )
+        comment_activity = self.generate_workout_comment_create_activity(
+            remote_actor=remote_user.actor,
+            workout=workout_cycling_user_1,
+            visibility=input_visibility,
+        )
+        comment_activity["object"]["inReplyTo"] = parent_comment.ap_id
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        activity.process_activity()
+
+        remote_comment = WorkoutComment.query.filter_by(
+            user_id=remote_user.id
+        ).first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        assert remote_comment.remote_url == comment_activity['object']['url']
+        assert remote_comment.text == comment_activity['object']['content']
+        assert remote_comment.text_visibility == input_visibility
+        assert remote_comment.reply_to == parent_comment.id
 
 
 class TestUpdateActivityForWorkoutComment(

From fe35a7ce95e52c45490362ec2a83e5b6d6ea540f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 25 Jan 2023 16:52:45 +0100
Subject: [PATCH 193/238] API - get comment replies (WIP)

---
 .../workouts/test_workouts_comments_api.py    |  83 +++++++
 .../workouts/test_workouts_comments_models.py |   2 +
 .../workouts/test_workouts_comments_api.py    |  83 +++++++
 .../workouts/test_workouts_comments_models.py | 230 ++++++++++++++++++
 fittrackee/users/utils/following.py           |   7 +-
 fittrackee/workouts/models.py                 |  61 +++++
 fittrackee/workouts/workouts.py               |  46 +---
 7 files changed, 470 insertions(+), 42 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 376c51871..4ee593571 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -531,6 +531,47 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         )
 
 
+class TestGetWorkoutCommentWithReplies(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_gets_reply(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        reply = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            parent_comment=workout_comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment']['replies'] == [
+            jsonify_dict(reply.serialize(user_1))
+        ]
+
+
 class TestGetWorkoutCommentsAsUser(GetWorkoutCommentsTestCase):
     def test_it_does_not_return_comment_when_for_followers_and_remote(
         self,
@@ -832,6 +873,48 @@ def test_it_returns_only_comments_user_can_access(
         }
 
 
+class TestGetWorkoutsCommentWithReplies(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_gets_reply(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        reply = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            parent_comment=workout_comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['comments']) == 1
+        assert data['data']['comments'][0]['id'] == workout_comment.short_id
+        assert data['data']['comments'][0]['replies'] == [
+            jsonify_dict(reply.serialize(user_1))
+        ]
+
+
 @patch('fittrackee.workouts.workouts.send_to_remote_inbox')
 class TestDeleteWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
index bae521e60..99f11f330 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
@@ -104,6 +104,7 @@ def test_it_serializes_owner_comment(
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
+            'replies': [],
         }
 
 
@@ -183,6 +184,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
+            'replies': [],
         }
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index 6cfabe173..5ae922ee0 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -757,6 +757,47 @@ def test_expected_scopes_are_defined(
         self.assert_response_scope(response, can_access)
 
 
+class TestGetWorkoutCommentWithReplies(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_gets_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        reply = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+            parent_comment=workout_comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment']['replies'] == [
+            jsonify_dict(reply.serialize(user_1))
+        ]
+
+
 class GetWorkoutCommentsTestCase(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
@@ -1406,6 +1447,48 @@ def test_it_returns_comments_ordered_by_creation_date_ascending(
         assert data['data']['comments'][4]['id'] == comments[4].short_id
 
 
+class TestGetWorkoutsCommentWithReplies(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_gets_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        reply = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+            parent_comment=workout_comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['comments']) == 1
+        assert data['data']['comments'][0]['id'] == workout_comment.short_id
+        assert data['data']['comments'][0]['replies'] == [
+            jsonify_dict(reply.serialize(user_1))
+        ]
+
+
 class TestDeleteWorkoutComment(
     ApiTestCaseMixin, BaseTestMixin, WorkoutCommentMixin
 ):
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index 1b0464a4b..5be3020e3 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -223,6 +223,7 @@ def test_it_serializes_owner_comment(
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
+            'replies': [],
         }
 
 
@@ -298,6 +299,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
+            'replies': [],
         }
 
 
@@ -351,6 +353,7 @@ def test_it_serializes_comment_when_comment_is_public(
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
+            'replies': [],
         }
 
 
@@ -404,4 +407,231 @@ def test_it_serializes_comment_when_comment_is_public(
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
+            'replies': [],
         }
+
+
+class TestWorkoutCommentModelSerializeForReplies(WorkoutCommentMixin):
+    def test_it_serializes_comment_with_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = parent_comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'id': parent_comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': parent_comment.text,
+            'text_visibility': parent_comment.text_visibility,
+            'created_at': parent_comment.created_at,
+            'modification_date': parent_comment.modification_date,
+            'reply_to': parent_comment.reply_to,
+            'replies': [comment.serialize(user_1)],
+        }
+
+    def test_it_serializes_comment_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_2.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
+            'reply_to': parent_comment.short_id,
+            'replies': [],
+        }
+
+    def test_it_returns_only_visible_replies_for_a_user(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        # replies
+        self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+            parent_comment=comment,
+        )
+        visible_replies = [
+            self.create_comment(
+                user=user_3,
+                workout=workout_cycling_user_1,
+                text_visibility=PrivacyLevel.PUBLIC,
+                parent_comment=comment,
+            )
+        ]
+        self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        visible_replies.append(
+            self.create_comment(
+                user=user_1,
+                workout=workout_cycling_user_1,
+                text_visibility=PrivacyLevel.FOLLOWERS,
+                parent_comment=comment,
+            ),
+        )
+
+        serialized_comment = comment.serialize(user_3)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
+            'reply_to': None,
+            'replies': [
+                visible_reply.serialize(user_3)
+                for visible_reply in visible_replies
+            ],
+        }
+
+    def test_it_returns_only_visible_replies_for_unauthenticated_user(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        # replies
+        self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+            parent_comment=comment,
+        )
+        visible_reply = self.create_comment(
+            user=user_3,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+
+        serialized_comment = comment.serialize(user_3)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'modification_date': comment.modification_date,
+            'reply_to': None,
+            'replies': [visible_reply.serialize()],
+        }
+
+    def test_it_returns_only_5_first_replies(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        visible_replies = []
+        for _ in range(7):
+            visible_replies.append(
+                self.create_comment(
+                    user=user_1,
+                    workout=workout_cycling_user_1,
+                    text_visibility=PrivacyLevel.PUBLIC,
+                    parent_comment=comment,
+                ),
+            )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment['replies'] == [
+            visible_reply.serialize(user_1)
+            for visible_reply in visible_replies[:5]
+        ]
diff --git a/fittrackee/users/utils/following.py b/fittrackee/users/utils/following.py
index 33a55ee54..484c5baf6 100644
--- a/fittrackee/users/utils/following.py
+++ b/fittrackee/users/utils/following.py
@@ -1,9 +1,10 @@
-from typing import List, Tuple
+from typing import TYPE_CHECKING, List, Tuple
 
-from ..models import User
+if TYPE_CHECKING:
+    from ..models import User
 
 
-def get_following(user: User) -> Tuple[List, List]:
+def get_following(user: "User") -> Tuple[List, List]:
     local_following_ids = []
     remote_following_ids = []
     for following in user.following:
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index b02d9069d..6d938a43b 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -4,6 +4,8 @@
 from uuid import UUID, uuid4
 
 from flask import current_app
+from flask_sqlalchemy.query import Query
+from sqlalchemy import and_, or_
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
@@ -24,6 +26,7 @@
     can_view,
     get_map_visibility,
 )
+from fittrackee.users.utils.following import get_following
 from fittrackee.utils import encode_uuid
 
 from .exceptions import CommentForbiddenException, WorkoutForbiddenException
@@ -40,6 +43,7 @@
     'LD',  # 'Longest Duration'
     'MS',  # 'Max speed'
 ]
+REPLY_PER_PAGE = 5
 
 
 def update_records(
@@ -81,6 +85,51 @@ def update_records(
             )
 
 
+def get_comments(
+    workout_id: int,
+    page: int,
+    per_page: int,
+    user: Optional['User'],
+    reply_to: Optional[int] = None,
+) -> Query:
+    if user:
+        local_following_ids, remote_following_ids = get_following(user)
+        comments_filter = WorkoutComment.query.filter(
+            WorkoutComment.workout_id == workout_id,
+            WorkoutComment.reply_to == reply_to,
+            or_(
+                WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+                or_(
+                    WorkoutComment.user_id == user.id,
+                    and_(
+                        WorkoutComment.user_id.in_(local_following_ids),
+                        WorkoutComment.text_visibility.in_(
+                            [
+                                PrivacyLevel.FOLLOWERS,
+                                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                            ]
+                        ),
+                    ),
+                    and_(
+                        WorkoutComment.user_id.in_(remote_following_ids),
+                        WorkoutComment.text_visibility
+                        == PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                    ),
+                ),
+            ),
+        )
+    else:
+        comments_filter = WorkoutComment.query.filter(
+            WorkoutComment.workout_id == workout_id,
+            WorkoutComment.reply_to == reply_to,
+            WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+        )
+    comments_pagination = comments_filter.order_by(
+        WorkoutComment.created_at.asc()
+    ).paginate(page=page, per_page=per_page, error_out=False)
+    return comments_pagination
+
+
 class Sport(BaseModel):
     __tablename__ = 'sports'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
@@ -717,6 +766,15 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
         # TODO: mentions
         if not can_view(self, 'text_visibility', user):
             raise CommentForbiddenException
+
+        replies_filter = get_comments(
+            workout_id=self.workout_id,
+            page=1,
+            per_page=REPLY_PER_PAGE,
+            user=user,
+            reply_to=self.id,
+        )
+
         return {
             'id': self.short_id,
             'user': self.user.serialize(),
@@ -728,6 +786,9 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
             'reply_to': (
                 self.parent_comment.short_id if self.reply_to else None
             ),
+            'replies': [
+                reply.serialize(user) for reply in replies_filter.items
+            ],
         }
 
     def get_activity(self, activity_type: str) -> Dict:
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index b76f79b5e..c71806ce1 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -13,7 +13,7 @@
     request,
     send_from_directory,
 )
-from sqlalchemy import and_, asc, desc, exc, or_
+from sqlalchemy import asc, desc, exc
 from werkzeug.exceptions import NotFound, RequestEntityTooLarge
 from werkzeug.utils import secure_filename
 
@@ -35,11 +35,10 @@
     handle_error_and_return_response,
 )
 from fittrackee.users.models import User
-from fittrackee.users.utils.following import get_following
 from fittrackee.utils import decode_short_id
 
 from .decorators import check_workout, check_workout_comment
-from .models import Workout, WorkoutComment
+from .models import Workout, WorkoutComment, get_comments
 from .utils.convert import convert_in_duration
 from .utils.gpx import (
     WorkoutGPXException,
@@ -1626,42 +1625,11 @@ def get_workout_comments(
     try:
         params = request.args.copy()
         page = int(params.get('page', 1))
-        if not auth_user:
-            comments_filter = WorkoutComment.query.filter(
-                WorkoutComment.workout_id == workout.id,
-                WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
-            )
-        else:
-            local_following_ids, remote_following_ids = get_following(
-                auth_user
-            )
-            comments_filter = WorkoutComment.query.filter(
-                WorkoutComment.workout_id == workout.id,
-                or_(
-                    WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
-                    or_(
-                        WorkoutComment.user_id == auth_user.id,
-                        and_(
-                            WorkoutComment.user_id.in_(local_following_ids),
-                            WorkoutComment.text_visibility.in_(
-                                [
-                                    PrivacyLevel.FOLLOWERS,
-                                    PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                                ]
-                            ),
-                        ),
-                        and_(
-                            WorkoutComment.user_id.in_(remote_following_ids),
-                            WorkoutComment.text_visibility
-                            == PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                        ),
-                    ),
-                ),
-            )
-        comments_pagination = comments_filter.order_by(
-            WorkoutComment.created_at.asc()
-        ).paginate(
-            page=page, per_page=DEFAULT_COMMENTS_PER_PAGE, error_out=False
+        comments_pagination = get_comments(
+            workout_id=workout.id,
+            page=page,
+            per_page=DEFAULT_COMMENTS_PER_PAGE,
+            user=auth_user,
         )
         comments = comments_pagination.items
         return {

From ecd1912d75c1840f1471385ae493993173d3a948 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 25 Jan 2023 18:12:53 +0100
Subject: [PATCH 194/238] Client - display comment replies (WIP)

---
 .../Workout/WorkoutDetail/WorkoutComment.vue  | 190 ++++++++++++++++++
 .../WorkoutDetail/WorkoutCommentEdition.vue   |  25 ++-
 .../Workout/WorkoutDetail/WorkoutComments.vue | 144 +------------
 fittrackee_client/src/custom-components.ts    |   2 +
 .../src/store/modules/workouts/actions.ts     |  28 +--
 .../src/store/modules/workouts/enums.ts       |   1 -
 .../src/store/modules/workouts/mutations.ts   |  11 -
 .../src/store/modules/workouts/types.ts       |   4 -
 fittrackee_client/src/types/workouts.ts       |   2 +
 9 files changed, 235 insertions(+), 172 deletions(-)
 create mode 100644 fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
new file mode 100644
index 000000000..a2cffa73d
--- /dev/null
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
@@ -0,0 +1,190 @@
+<template>
+  <div class="workout-comment">
+    <UserPicture :user="comment.user" />
+    <div class="comment-detail">
+      <div class="comment-info">
+        <Username :user="comment.user"/>
+        <div v-if="comment.user.is_remote" class="user-remote-fullname">
+          {{ comment.user.fullname }}
+        </div>
+        <div class="spacer"/>
+        <div
+          class="comment-date"
+          :title="formatDate(
+            comment.created_at,
+            displayOptions.timezone,
+            displayOptions.dateFormat
+          )"
+        >
+          {{
+            formatDistance(new Date(comment.created_at), new Date(), {
+              addSuffix: true,
+              locale,
+            })
+          }}
+        </div>
+        <div
+          class="comment-edited"
+          v-if="comment.modification_date"
+          :title="formatDate(
+            comment.modification_date,
+            displayOptions.timezone,
+            displayOptions.dateFormat
+          )"
+        >
+          ({{ $t('common.EDITED') }})
+        </div>
+        <VisibilityIcon :visibility="comment.text_visibility" />
+        <i
+          class="fa fa-edit"
+          v-if="isCommentOwner(authUser, comment.user)"
+          aria-hidden="true"
+          @click="() => commentToEdit = comment"
+        />
+        <i
+          class="fa fa-trash"
+          v-if="isCommentOwner(authUser, comment.user)"
+          aria-hidden="true"
+          @click="deleteComment(comment)"
+        />
+        <i
+          class="fa fa-comment-o"
+          v-if="!addReply || addReply !== comment"
+          @click="() => addReply = comment"
+        />
+      </div>
+      <span
+        v-if="commentToEdit !== comment"
+        class="comment-text"
+        v-html="linkifyAndClean(comment.text)"
+      />
+      <WorkoutCommentEdition
+        v-else :workout="workout"
+        :comment="comment"
+        @closeEdition="() => commentToEdit = null"
+      />
+      <WorkoutCommentEdition
+        v-if="addReply === comment"
+        class="add-comment-reply"
+        :workout="workout"
+        :reply-to="comment.id"
+        @closeEdition="() => addReply = null"
+      />
+        <WorkoutComment
+          v-for="reply in comment.replies"
+          :key="reply.id"
+          :comment="reply"
+          :workout="workout"
+          :authUser="authUser"
+          @deleteComment="deleteComment(reply)"
+        />
+    </div>
+
+  </div>
+</template>
+
+<script setup lang="ts">
+  import { Locale, formatDistance } from "date-fns"
+  import { ComputedRef, Ref, computed, ref, toRefs } from "vue"
+
+  import Username from "@/components/User/Username.vue"
+  import UserPicture from "@/components/User/UserPicture.vue"
+  import WorkoutCommentEdition from "@/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue"
+  import { ROOT_STORE } from "@/store/constants"
+  import { IDisplayOptions } from "@/types/application"
+  import { IAuthUserProfile, IUserProfile } from "@/types/user"
+  import { IComment, IWorkout } from "@/types/workouts"
+  import { useStore } from "@/use/useStore"
+  import { formatDate } from "@/utils/dates"
+  import { linkifyAndClean } from "@/utils/inputs"
+  import { getUserName } from "@/utils/user"
+
+  interface Props {
+    comment: IComment
+    workout: IWorkout
+    authUser?: IAuthUserProfile | null
+  }
+
+  const props = withDefaults(defineProps<Props>(), {
+    authUser: null,
+  })
+  const { authUser, comment, workout } = toRefs(props)
+
+  const emit = defineEmits(['deleteComment'])
+
+  const store = useStore()
+  const locale: ComputedRef<Locale> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.LOCALE]
+  )
+  const displayOptions: ComputedRef<IDisplayOptions> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
+  )
+  const commentToEdit: Ref<IComment | null> = ref(null)
+  const addReply: Ref<IComment | null> = ref(null)
+
+  function isCommentOwner(authUser: IAuthUserProfile | null, commentUser: IUserProfile) {
+    return authUser && getUserName(authUser) === getUserName(commentUser)
+  }
+  function deleteComment(comment: IComment) {
+    emit('deleteComment', comment)
+  }
+
+</script>
+
+<style scoped lang="scss">
+  @import '~@/scss/vars.scss';
+  .workout-comment {
+    display: flex;
+    ::v-deep(.user-picture) {
+      min-width: min-content;
+      align-items: flex-start;
+      img {
+        height: 25px;
+        width: 25px;
+      }
+      .no-picture {
+        font-size: 1.5em;
+      }
+    }
+    .comment-detail {
+      display: flex;
+      flex-direction: column;
+      width: 100%;
+      .comment-info {
+        display: flex;
+        gap: $default-padding;
+        flex-wrap: wrap;
+        align-items: flex-end;
+        .user-name {
+          font-weight: bold;
+          padding-left: $default-padding;
+        }
+        .spacer {
+          flex-grow: 3;
+        }
+        .comment-date, .user-remote-fullname, .comment-edited {
+          font-size: 0.85em;
+          font-style: italic;
+          white-space: nowrap;
+        }
+        .fa-trash, .fa-comment-o {
+          padding-bottom: 3px;
+        }
+        .fa-edit{
+          padding-bottom: 2px;
+        }
+        ::v-deep(.fa-users) {
+          font-size: .8em;
+        }
+      }
+      .comment-text {
+        border-radius: 5px;
+        margin: $default-margin 0;
+        padding-left: $default-padding ;
+      }
+      .add-comment-reply {
+        margin: 0 0 40px;
+      }
+    }
+  }
+</style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
index cbadb29ef..d8adbed56 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
@@ -4,12 +4,12 @@
       <div class="form-items">
         <div class="form-item add-comment-label">
           <CustomTextArea
-              class="comment"
-              name="text"
-              :input="commentText"
-              :required="true"
-              :placeholder="$t('workouts.COMMENTS.ADD')"
-              @updateValue="updateText"
+            class="comment"
+            name="text"
+            :input="commentText"
+            :required="true"
+            :placeholder="$t('workouts.COMMENTS.ADD')"
+            @updateValue="updateText"
           />
         </div>
       </div>
@@ -61,11 +61,15 @@
 
   interface Props {
     workout: IWorkout
-    comment?: IComment
+    comment?: IComment | null
+    replyTo?: string | null
   }
 
-  const props = defineProps<Props>()
-  const { workout, comment }  = toRefs(props)
+  const props = withDefaults(defineProps<Props>(), {
+    comment: null,
+    replyTo: null,
+  })
+  const { workout, comment, replyTo }  = toRefs(props)
 
   const store = useStore()
 
@@ -105,6 +109,9 @@
         text_visibility: commentTextVisibility.value,
         workout_id: workout.value.id,
       }
+      if (replyTo?.value) {
+        payload.reply_to = replyTo.value
+      }
       store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_COMMENT, payload)
       updateText('')
     }
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index fe4403746..b444789d9 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -12,71 +12,14 @@
         {{ $t('workouts.COMMENTS.LABEL', 0) }}
       </template>
       <template #content>
-        <div
+        <WorkoutComment
           v-for="comment in workoutData.comments"
           :key="comment.id"
-          class="workout-comment"
-        >
-          <UserPicture :user="comment.user" />
-          <div class="comment-detail">
-            <div class="comment-info">
-              <Username :user="comment.user"/>
-              <div v-if="comment.user.is_remote" class="user-remote-fullname">
-                {{ comment.user.fullname }}
-              </div>
-              <div class="spacer"/>
-              <div
-                class="comment-date"
-                :title="formatDate(
-                  comment.created_at,
-                  displayOptions.timezone,
-                  displayOptions.dateFormat
-                )"
-              >
-                {{
-                  formatDistance(new Date(comment.created_at), new Date(), {
-                    addSuffix: true,
-                    locale,
-                  })
-                }}
-              </div>
-              <div
-                class="comment-edited"
-                v-if="comment.modification_date"
-                :title="formatDate(
-                  comment.modification_date,
-                  displayOptions.timezone,
-                  displayOptions.dateFormat
-                )"
-              >
-                ({{ $t('common.EDITED') }})
-              </div>
-              <VisibilityIcon :visibility="comment.text_visibility" />
-              <i
-                class="fa fa-edit"
-                v-if="isCommentOwner(authUser, comment.user)"
-                aria-hidden="true"
-                @click="() => commentToEdit = comment"
-              />
-              <i
-                class="fa fa-trash"
-                v-if="isCommentOwner(authUser, comment.user)"
-                aria-hidden="true"
-                @click="() => commentToDelete = comment"
-              />
-            </div>
-            <span
-              v-if="commentToEdit !== comment"
-              class="comment-text"
-              v-html="linkifyAndClean(comment.text)"
-            />
-            <WorkoutCommentEdition
-              v-else :workout="workoutData.workout"
-              :comment="comment"
-              @closeEdition="() => commentToEdit = null"
-            />
-          </div>
-        </div>
+          :comment="comment"
+          :workout="workoutData.workout"
+          :authUser="authUser"
+          @deleteComment="(c) => commentToDelete = c"
+        />
         <div class="no-comments" v-if="workoutData.comments.length === 0">
           {{ $t('workouts.COMMENTS.NO_COMMENTS')}}
         </div>
@@ -87,20 +30,13 @@
 </template>
 
 <script setup lang="ts">
-  import { Locale, formatDistance } from 'date-fns'
-  import { ComputedRef, Ref, computed, ref, toRefs, watch } from 'vue'
+  import { Ref, ref, toRefs, watch } from "vue"
 
-  import Username from '@/components/User/Username.vue'
-  import UserPicture from '@/components/User/UserPicture.vue'
   import WorkoutCommentEdition from "@/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue"
-  import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
-  import { IDisplayOptions } from "@/types/application"
-  import { IAuthUserProfile, IUserProfile } from "@/types/user"
+  import { WORKOUTS_STORE } from "@/store/constants"
+  import { IAuthUserProfile } from "@/types/user"
   import { IComment, IWorkoutData } from "@/types/workouts"
   import { useStore } from "@/use/useStore"
-  import { formatDate } from "@/utils/dates"
-  import { linkifyAndClean } from '@/utils/inputs'
-  import { getUserName } from "@/utils/user"
 
   interface Props {
     workoutData: IWorkoutData
@@ -113,18 +49,7 @@
   const { workoutData } = toRefs(props)
 
   const store = useStore()
-  const locale: ComputedRef<Locale> = computed(
-    () => store.getters[ROOT_STORE.GETTERS.LOCALE]
-  )
-  const displayOptions: ComputedRef<IDisplayOptions> = computed(
-    () => store.getters[ROOT_STORE.GETTERS.DISPLAY_OPTIONS]
-  )
   const commentToDelete: Ref<IComment | null> = ref(null)
-  const commentToEdit: Ref<IComment | null> = ref(null)
-
-  function isCommentOwner(authUser: IAuthUserProfile | null, commentUser: IUserProfile) {
-    return authUser && getUserName(authUser) === getUserName(commentUser)
-  }
 
   function deleteComment(comment: IComment) {
     store.dispatch(WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT, {
@@ -147,57 +72,6 @@
 
   .workout-comments {
     padding-bottom: $default-padding * 2;
-    .workout-comment {
-      display: flex;
-      ::v-deep(.user-picture) {
-        min-width: min-content;
-        align-items: flex-start;
-        img {
-          height: 25px;
-          width: 25px;
-        }
-        .no-picture {
-          font-size: 1.5em;
-        }
-      }
-      .comment-detail {
-        display: flex;
-        flex-direction: column;
-        width: 100%;
-        .comment-info {
-          display: flex;
-          gap: $default-padding;
-          flex-wrap: wrap;
-          align-items: flex-end;
-          .user-name {
-            font-weight: bold;
-            padding-left: $default-padding;
-          }
-          .spacer {
-            flex-grow: 3;
-          }
-          .comment-date, .user-remote-fullname, .comment-edited {
-            font-size: 0.85em;
-            font-style: italic;
-            white-space: nowrap;
-          }
-          .fa-trash {
-            padding-bottom: 3px;
-          }
-          .fa-edit {
-            padding-bottom: 2px;
-          }
-          ::v-deep(.fa-users) {
-            font-size: .8em;
-          }
-        }
-        .comment-text {
-          border-radius: 5px;
-          margin: $default-margin 0;
-          padding-left: $default-padding ;
-        }
-      }
-    }
     .no-comments {
       font-style: italic;
     }
diff --git a/fittrackee_client/src/custom-components.ts b/fittrackee_client/src/custom-components.ts
index bbe342378..53b1aa062 100644
--- a/fittrackee_client/src/custom-components.ts
+++ b/fittrackee_client/src/custom-components.ts
@@ -8,6 +8,7 @@ import SportImage from '@/components/Common/Images/SportImage/index.vue'
 import Loader from '@/components/Common/Loader.vue'
 import Modal from '@/components/Common/Modal.vue'
 import VisibilityIcon from '@/components/Common/VisibilityIcon.vue'
+import WorkoutComment from '@/components/Workout/WorkoutDetail/WorkoutComment.vue'
 
 export const customComponents = [
   { target: AlertMessage, name: 'AlertMessage' },
@@ -20,4 +21,5 @@ export const customComponents = [
   { target: Modal, name: 'Modal' },
   { target: SportImage, name: 'SportImage' },
   { target: VisibilityIcon, name: 'VisibilityIcon' },
+  { target: WorkoutComment, name: 'WorkoutComment' },
 ]
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index a865e012d..6e2f723ce 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -251,18 +251,21 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: ICommentForm
   ): void {
+    const data = {
+      text: payload.text,
+      text_visibility: payload.text_visibility,
+      reply_to: payload.reply_to,
+    }
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     authApi
-      .post(`/workouts/${payload.workout_id}/comments`, {
-        text: payload.text,
-        text_visibility: payload.text_visibility,
-      })
+      .post(`/workouts/${payload.workout_id}/comments`, data)
       .then((res) => {
         if (res.data.status === 'created') {
-          context.commit(
-            WORKOUTS_STORE.MUTATIONS.ADD_WORKOUT_COMMENT,
-            res.data.comment
-          )
+          // TODO: handle pagination
+          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
+            workoutId: payload.workout_id,
+            page: 1,
+          })
         } else {
           handleError(context, null)
         }
@@ -326,10 +329,11 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       })
       .then((res) => {
         if (res.data.status === 'success') {
-          context.commit(
-            WORKOUTS_STORE.MUTATIONS.UPDATE_WORKOUT_COMMENT,
-            res.data.comment
-          )
+          // TODO: handle pagination
+          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
+            workoutId: payload.workout_id,
+            page: 1,
+          })
         }
       })
       .catch((error) => {
diff --git a/fittrackee_client/src/store/modules/workouts/enums.ts b/fittrackee_client/src/store/modules/workouts/enums.ts
index c65721bc9..21d089c87 100644
--- a/fittrackee_client/src/store/modules/workouts/enums.ts
+++ b/fittrackee_client/src/store/modules/workouts/enums.ts
@@ -37,5 +37,4 @@ export enum WorkoutsMutations {
   SET_WORKOUTS_PAGINATION = 'SET_WORKOUTS_PAGINATION',
   ADD_WORKOUT_COMMENT = 'ADD_WORKOUT_COMMENT',
   SET_WORKOUT_COMMENTS = 'SET_WORKOUT_COMMENTS',
-  UPDATE_WORKOUT_COMMENT = 'UPDATE_WORKOUT_COMMENT',
 }
diff --git a/fittrackee_client/src/store/modules/workouts/mutations.ts b/fittrackee_client/src/store/modules/workouts/mutations.ts
index 0a421401d..f155e40ed 100644
--- a/fittrackee_client/src/store/modules/workouts/mutations.ts
+++ b/fittrackee_client/src/store/modules/workouts/mutations.ts
@@ -92,15 +92,4 @@ export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
   ) {
     state.workoutData.comments.push(comment)
   },
-  [WORKOUTS_STORE.MUTATIONS.UPDATE_WORKOUT_COMMENT](
-    state: IWorkoutsState,
-    comment: IComment
-  ) {
-    state.workoutData.comments = state.workoutData.comments.map((c) => {
-      if (c.id === comment.id) {
-        return comment
-      }
-      return c
-    })
-  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 368917ad8..050bff960 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -136,10 +136,6 @@ export type TWorkoutsMutations<S = IWorkoutsState> = {
     state: S,
     comment: IComment
   ): void
-  [WORKOUTS_STORE.MUTATIONS.UPDATE_WORKOUT_COMMENT](
-    state: S,
-    comment: IComment
-  ): void
 }
 
 export type TWorkoutsStoreModule<S = IWorkoutsState> = Omit<
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 8c4c52979..e0712daca 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -190,6 +190,7 @@ export interface IComment {
   created_at: string
   id: string
   modification_date: string | null
+  replies: IComment[]
   text: string
   text_visibility: TPrivacyLevels
   user: IUserProfile
@@ -198,6 +199,7 @@ export interface IComment {
 
 export interface ICommentForm {
   id?: string
+  reply_to?: string
   text: string
   text_visibility?: TPrivacyLevels
   workout_id: string

From 67d82191f13c8bc1a05d64f20e5e0bfa384571ef Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 29 Jan 2023 10:12:32 +0100
Subject: [PATCH 195/238] API - delete comment having replies

---
 .../30_8842c351a2d8_init_social_features.py   |  2 +-
 .../workouts/test_workouts_comments_api.py    | 33 +++++++++++++++++++
 fittrackee/workouts/models.py                 |  2 +-
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index 9e0b9b2b3..6a56d7d49 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -277,7 +277,7 @@ def upgrade():
     sa.Column('remote_url', sa.Text(), nullable=True),
     sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
     sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ),
-    sa.ForeignKeyConstraint(['reply_to'], ['workout_comments.id'], ),
+    sa.ForeignKeyConstraint(['reply_to'], ['workout_comments.id'], ondelete='SET NULL'),
     sa.PrimaryKeyConstraint('id'),
     sa.UniqueConstraint('uuid')
     )
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index 5ae922ee0..7683b6f72 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -1649,6 +1649,39 @@ def test_it_deletes_workout_comment(
         assert response.status_code == 204
         assert WorkoutComment.query.first() is None
 
+    def test_it_deletes_workout_comment_having_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        reply = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 204
+        assert reply.reply_to is None
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 6d938a43b..495493999 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -681,7 +681,7 @@ class WorkoutComment(BaseModel):
     )
     reply_to = db.Column(
         db.Integer,
-        db.ForeignKey('workout_comments.id'),
+        db.ForeignKey('workout_comments.id', ondelete="SET NULL"),
         index=True,
         nullable=True,
     )

From 0ee244dc4827177a78ad94f2efc6e52945ab40ea Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 29 Jan 2023 10:47:07 +0100
Subject: [PATCH 196/238] API - delete remote comment

---
 .../federation/activities/activities.py       |  31 ++--
 .../test_federation_activities_activities.py  | 171 +++++++++++++++++-
 2 files changed, 188 insertions(+), 14 deletions(-)

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 50235ab52..407a18e0d 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -244,28 +244,33 @@ def process_activity(self) -> None:
 
 
 class DeleteActivity(AbstractActivity):
-    def delete_remote_workout(self, actor: Actor) -> None:
-        workout_ap_id = self.activity['object']['id']
-        workout_to_delete = Workout.query.filter_by(
-            ap_id=workout_ap_id
+    def process_activity(self) -> None:
+        actor = self.get_actor()
+        object_ap_id = self.activity['object']['id']
+
+        # check if related object is a comment
+        object_to_delete = WorkoutComment.query.filter_by(
+            ap_id=object_ap_id
         ).first()
-        if not workout_to_delete:
-            raise ObjectNotFoundException('workout', self.activity_name())
 
-        if workout_to_delete.user.actor.id != actor.id:
+        # if not, check if related object is a workout
+        if not object_to_delete:
+            object_to_delete = Workout.query.filter_by(
+                ap_id=object_ap_id
+            ).first()
+
+        if not object_to_delete:
+            raise ObjectNotFoundException('object', self.activity_name())
+
+        if object_to_delete.user.actor.id != actor.id:
             raise ActivityException(
                 f'{self.activity_name()}: activity actor does not '
                 f'match workout actor.'
             )
 
-        db.session.delete(workout_to_delete)
+        db.session.delete(object_to_delete)
         db.session.commit()
 
-    def process_activity(self) -> None:
-        actor = self.get_actor()
-        if 'workout' in self.activity['id']:
-            self.delete_remote_workout(actor)
-
 
 class UpdateActivity(AbstractActivity):
     @staticmethod
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index f3befbb0c..29c9989d6 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -820,7 +820,7 @@ def test_it_raises_error_if_remote_workout_does_not_exist(
 
         with pytest.raises(
             ObjectNotFoundException,
-            match='workout not found for DeleteActivity',
+            match='object not found for DeleteActivity',
         ):
             activity.process_activity()
 
@@ -1194,6 +1194,37 @@ def generate_workout_comment_update_activity(
             "Update", remote_actor, workout, visibility
         )
 
+    def generate_workout_comment_delete_activity(
+        self,
+        remote_actor: Union[RandomActor, Actor],
+        remote_comment: Optional[WorkoutComment] = None,
+    ) -> Dict:
+        remote_domain = (
+            remote_actor.domain
+            if isinstance(remote_actor, RandomActor)
+            else f'https://{remote_actor.domain.name}'
+        )
+        comment_ap_id = (
+            remote_comment.ap_id
+            if remote_comment
+            else (
+                f'{remote_domain}/workouts/{self.random_short_id()}'
+                f'/comments/{self.random_short_id()}/'
+            )
+        )
+        return {
+            '@context': AP_CTX,
+            'id': f'{comment_ap_id}/delete',
+            'type': 'Delete',
+            'actor': remote_actor.activitypub_id,
+            'to': [PUBLIC_STREAM],
+            'cc': [],
+            'object': {
+                'id': comment_ap_id,
+                'type': 'Tombstone',
+            },
+        }
+
 
 class TestCreateActivityForWorkoutComment(WorkoutCommentActivitiesTestCase):
     def test_it_raises_error_if_comment_actor_does_not_exist(
@@ -1551,3 +1582,141 @@ def test_it_raises_exception_when_activity_is_invalid(
         ):
 
             activity.process_activity()
+
+
+class TestDeleteActivityForWorkoutComment(
+    WorkoutCommentMixin, WorkoutCommentActivitiesTestCase
+):
+    def test_it_raises_error_if_remote_workout_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment_activity = self.generate_workout_comment_delete_activity(
+            remote_actor=remote_user.actor
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+        with pytest.raises(
+            ObjectNotFoundException,
+            match="object not found for DeleteActivity",
+        ):
+
+            activity.process_activity()
+
+    def test_it_raises_error_if_workout_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        random_actor: Actor,
+    ) -> None:
+        delete_activity = self.generate_workout_comment_delete_activity(
+            remote_actor=random_actor
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+
+        with pytest.raises(
+            ActorNotFoundException,
+            match='actor not found for DeleteActivity',
+        ):
+            activity.process_activity()
+
+    def test_it_raises_error_when_activity_actor_is_not_comment_actor(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        remote_user_2: User,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            remote_cycling_workout,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        delete_activity = self.generate_workout_comment_delete_activity(
+            remote_actor=remote_user_2.actor,
+            remote_comment=remote_comment,
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+
+        with pytest.raises(
+            ActivityException,
+            match=(
+                'DeleteActivity: activity actor does not match workout actor.'
+            ),
+        ):
+            activity.process_activity()
+        assert (
+            WorkoutComment.query.filter_by(id=remote_comment.id).first()
+            is not None
+        )
+
+    def test_it_deletes_remote_workout(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            remote_cycling_workout,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        delete_activity = self.generate_workout_comment_delete_activity(
+            remote_actor=remote_user.actor,
+            remote_comment=remote_comment,
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+        comment_id = remote_comment.id
+
+        activity.process_activity()
+
+        assert WorkoutComment.query.filter_by(id=comment_id).first() is None
+
+    def test_it_deletes_remote_workout_with_reply(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        remote_comment = self.create_comment(
+            remote_user,
+            remote_cycling_workout,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        reply = self.create_comment(
+            user_1,
+            remote_cycling_workout,
+            text_visibility=PrivacyLevel.PUBLIC,
+            parent_comment=remote_comment,
+        )
+        delete_activity = self.generate_workout_comment_delete_activity(
+            remote_actor=remote_user.actor,
+            remote_comment=remote_comment,
+        )
+        activity = get_activity_instance({'type': delete_activity['type']})(
+            activity_dict=delete_activity
+        )
+        comment_id = remote_comment.id
+
+        activity.process_activity()
+
+        assert WorkoutComment.query.filter_by(id=comment_id).first() is None
+        assert reply.reply_to is None

From add346631caef211db50e5dd2bc4602a9cdf8ddb Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 29 Jan 2023 16:48:05 +0100
Subject: [PATCH 197/238] API - fix workout deletion

---
 .../30_8842c351a2d8_init_social_features.py   |  4 +-
 .../workouts/test_workouts_api_3_delete.py    | 57 ++++++++++++++++++-
 fittrackee/workouts/models.py                 |  6 +-
 3 files changed, 60 insertions(+), 7 deletions(-)

diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index 6a56d7d49..ab0e14a81 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -268,7 +268,7 @@ def upgrade():
     sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
     sa.Column('uuid', UUID(as_uuid=True), nullable=False),
     sa.Column('user_id', sa.Integer(), nullable=False),
-    sa.Column('workout_id', sa.Integer(), nullable=False),
+    sa.Column('workout_id', sa.Integer(), nullable=True),
     sa.Column('created_at', sa.DateTime(), nullable=True),
     sa.Column('modification_date', sa.DateTime(), nullable=True),
     sa.Column('text', sa.String(), nullable=False),
@@ -276,7 +276,7 @@ def upgrade():
     sa.Column('ap_id', sa.Text(), nullable=True),
     sa.Column('remote_url', sa.Text(), nullable=True),
     sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
-    sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ),
+    sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ondelete='SET NULL'),
     sa.ForeignKeyConstraint(['reply_to'], ['workout_comments.id'], ondelete='SET NULL'),
     sa.PrimaryKeyConstraint('id'),
     sa.UniqueConstraint('uuid')
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index d9fd99a6a..6822e3224 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -3,10 +3,11 @@
 
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
+from fittrackee.utils import decode_short_id
 from fittrackee.workouts.models import Sport, Workout
 
 from ..mixins import ApiTestCaseMixin
-from .utils import post_a_workout
+from .utils import WorkoutCommentMixin, post_a_workout
 
 
 def get_gpx_filepath(workout_id: int) -> str:
@@ -14,7 +15,7 @@ def get_gpx_filepath(workout_id: int) -> str:
     return workout.gpx
 
 
-class TestDeleteWorkoutWithGpx(ApiTestCaseMixin):
+class TestDeleteWorkoutWithGpx(WorkoutCommentMixin, ApiTestCaseMixin):
     def test_it_deletes_a_workout_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
@@ -169,6 +170,32 @@ def test_a_workout_with_gpx_can_be_deleted_if_gpx_file_is_invalid(
 
         assert response.status_code == 204
 
+    def test_it_deletes_a_workout_with_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        gpx_file: str,
+    ) -> None:
+        token, workout_short_id = post_a_workout(app, gpx_file)
+        workout = Workout.query.filter_by(
+            uuid=decode_short_id(workout_short_id)
+        ).first()
+        workout.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2, workout, text_visibility=PrivacyLevel.PUBLIC
+        )
+        client = app.test_client()
+
+        response = client.delete(
+            f'/api/workouts/{workout_short_id}',
+            headers=dict(Authorization=f'Bearer {token}'),
+        )
+        assert response.status_code == 204
+        assert Workout.query.first() is None
+        assert comment.workout_id is None
+
     def test_a_workout_with_gpx_can_be_deleted_if_map_file_is_invalid(
         self,
         app: Flask,
@@ -232,7 +259,7 @@ def test_expected_scopes_are_defined(
         self.assert_response_scope(response, can_access)
 
 
-class TestDeleteWorkoutWithoutGpx(ApiTestCaseMixin):
+class TestDeleteWorkoutWithoutGpx(WorkoutCommentMixin, ApiTestCaseMixin):
     def test_it_deletes_a_workout_wo_gpx(
         self,
         app: Flask,
@@ -248,6 +275,30 @@ def test_it_deletes_a_workout_wo_gpx(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
         assert response.status_code == 204
+        assert Workout.query.first() is None
+
+    def test_it_deletes_a_workout_with_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        response = client.delete(
+            f'/api/workouts/{workout_cycling_user_1.short_id}',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+        assert response.status_code == 204
+        assert Workout.query.first() is None
+        assert comment.workout_id is None
 
     @pytest.mark.parametrize(
         'input_desc,input_workout_visibility,expected_status_code',
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 495493999..c4a2d405f 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -249,7 +249,6 @@ class Workout(BaseModel):
     comments = db.relationship(
         'WorkoutComment',
         lazy=True,
-        cascade='all, delete',
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
 
@@ -677,7 +676,10 @@ class WorkoutComment(BaseModel):
         db.Integer, db.ForeignKey('users.id'), index=True, nullable=False
     )
     workout_id = db.Column(
-        db.Integer, db.ForeignKey('workouts.id'), index=True, nullable=False
+        db.Integer,
+        db.ForeignKey('workouts.id', ondelete="SET NULL"),
+        index=True,
+        nullable=True,
     )
     reply_to = db.Column(
         db.Integer,

From 7632f37960425015ff4bb9ae6c89ace7508d4105 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 29 Jan 2023 17:49:04 +0100
Subject: [PATCH 198/238] API & Client - remove pagination on comments for now

---
 .../workouts/test_workouts_comments_api.py    |  11 +-
 .../workouts/test_workouts_comments_api.py    | 211 ++----------------
 .../workouts/test_workouts_comments_models.py |   4 +-
 fittrackee/workouts/models.py                 |  28 +--
 fittrackee/workouts/workouts.py               |  15 +-
 .../src/store/modules/workouts/actions.ts     |  43 ++--
 .../src/store/modules/workouts/types.ts       |   3 +-
 fittrackee_client/src/types/workouts.ts       |   6 -
 8 files changed, 48 insertions(+), 273 deletions(-)

diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
index 4ee593571..0d2a6c00b 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
@@ -747,7 +747,7 @@ def test_it_does_not_return_comment_when_for_followers_and_remote(
         self.assert_comments_response(response, expected_comments=[])
 
 
-class TestGetWorkoutCommentsPagination(GetWorkoutCommentsTestCase):
+class TestGetWorkoutComments(GetWorkoutCommentsTestCase):
     def test_it_returns_only_comments_user_can_access(
         self,
         app_with_federation: Flask,
@@ -862,15 +862,8 @@ def test_it_returns_only_comments_user_can_access(
         data = json.loads(response.data.decode())
         assert data['data']['comments'] == [
             jsonify_dict(comment.serialize(user_1))
-            for comment in visible_comments[:5]
+            for comment in visible_comments
         ]
-        assert data['pagination'] == {
-            'has_next': True,
-            'has_prev': False,
-            'page': 1,
-            'pages': 3,
-            'total': 11,
-        }
 
 
 class TestGetWorkoutsCommentWithReplies(
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/workouts/test_workouts_comments_api.py
index 7683b6f72..0d399ce15 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_api.py
@@ -1159,78 +1159,8 @@ def test_it_returns_comment_when_visibility_is_public(
         )
 
 
-class TestGetWorkoutCommentsPagination(GetWorkoutCommentsTestCase):
-    def test_it_returns_pagination_when_no_comments(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
-            content_type="application/json",
-            headers=dict(
-                Authorization=f"Bearer {auth_token}",
-            ),
-        )
-
-        data = json.loads(response.data.decode())
-        assert response.status_code == 200
-        assert 'success' in data['status']
-        assert data['data']['comments'] == []
-        assert data['pagination'] == {
-            'has_next': False,
-            'has_prev': False,
-            'page': 1,
-            'pages': 0,
-            'total': 0,
-        }
-
-    def test_it_returns_pagination_when_one_workout_returned(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        user_3: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        self.create_comment(
-            user_3,
-            workout_cycling_user_2,
-            text_visibility=PrivacyLevel.PUBLIC,
-        )
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
-            content_type="application/json",
-            headers=dict(
-                Authorization=f"Bearer {auth_token}",
-            ),
-        )
-
-        data = json.loads(response.data.decode())
-        assert len(data['data']['comments']) == 1
-        assert data['pagination'] == {
-            'has_next': False,
-            'has_prev': False,
-            'page': 1,
-            'pages': 1,
-            'total': 1,
-        }
-
-    def test_it_gets_first_page(
+class TestGetWorkoutComments(GetWorkoutCommentsTestCase):
+    def test_it_returns_all_comments(
         self,
         app: Flask,
         user_1: User,
@@ -1259,84 +1189,7 @@ def test_it_gets_first_page(
         )
 
         data = json.loads(response.data.decode())
-        assert len(data['data']['comments']) == 5
-        assert data['pagination'] == {
-            'has_next': True,
-            'has_prev': False,
-            'page': 1,
-            'pages': 2,
-            'total': 7,
-        }
-
-    def test_it_gets_second_page(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        user_3: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        for _ in range(7):
-            self.create_comment(
-                user_3,
-                workout_cycling_user_2,
-                text_visibility=PrivacyLevel.PUBLIC,
-            )
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f"/api/workouts/{workout_cycling_user_2.short_id}/comments?page=2",
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert len(data['data']['comments']) == 2
-        assert data['pagination'] == {
-            'has_next': False,
-            'has_prev': True,
-            'page': 2,
-            'pages': 2,
-            'total': 7,
-        }
-
-    def test_it_gets_empty_third_page(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        user_3: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        for _ in range(7):
-            self.create_comment(
-                user_3,
-                workout_cycling_user_2,
-                text_visibility=PrivacyLevel.PUBLIC,
-            )
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
-        response = client.get(
-            f"/api/workouts/{workout_cycling_user_2.short_id}/comments?page=3",
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert len(data['data']['comments']) == 0
-        assert data['pagination'] == {
-            'has_next': False,
-            'has_prev': True,
-            'page': 3,
-            'pages': 2,
-            'total': 7,
-        }
+        assert len(data['data']['comments']) == 7
 
     def test_it_returns_only_comments_user_can_access(
         self,
@@ -1350,23 +1203,28 @@ def test_it_returns_only_comments_user_can_access(
     ) -> None:
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        visible_comments = []
         # user 3
-        visible_comments.append(
+        visible_comments = [
             self.create_comment(
                 user_3,
                 workout_cycling_user_2,
                 text_visibility=PrivacyLevel.PUBLIC,
             )
-        )
-        for privacy_levels in [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]:
+        ]
+        for privacy_levels in [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ]:
             self.create_comment(
                 user_3,
                 workout_cycling_user_2,
                 text_visibility=privacy_levels,
             )
-        # user 2
-        for privacy_levels in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS]:
+        # user 2 followed by user 1
+        for privacy_levels in [
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS,
+        ]:
             visible_comments.append(
                 self.create_comment(
                     user_2,
@@ -1404,47 +1262,8 @@ def test_it_returns_only_comments_user_can_access(
         data = json.loads(response.data.decode())
         assert data['data']['comments'] == [
             jsonify_dict(comment.serialize(user_1))
-            for comment in visible_comments[:5]
+            for comment in visible_comments
         ]
-        assert data['pagination'] == {
-            'has_next': True,
-            'has_prev': False,
-            'page': 1,
-            'pages': 2,
-            'total': 6,
-        }
-
-    def test_it_returns_comments_ordered_by_creation_date_ascending(
-        self,
-        app: Flask,
-        user_1: User,
-        user_2: User,
-        user_3: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-    ) -> None:
-        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        comments = []
-        for _ in range(7):
-            comments.append(
-                self.create_comment(
-                    user_3,
-                    workout_cycling_user_2,
-                    text_visibility=PrivacyLevel.PUBLIC,
-                )
-            )
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-        response = client.get(
-            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert 'success' in data['status']
-        assert data['data']['comments'][0]['id'] == comments[0].short_id
-        assert data['data']['comments'][4]['id'] == comments[4].short_id
 
 
 class TestGetWorkoutsCommentWithReplies(
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/workouts/test_workouts_comments_models.py
index 5be3020e3..3f51be0fb 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/workouts/test_workouts_comments_models.py
@@ -605,7 +605,7 @@ def test_it_returns_only_visible_replies_for_unauthenticated_user(
             'replies': [visible_reply.serialize()],
         }
 
-    def test_it_returns_only_5_first_replies(
+    def test_it_returns_all_replies(
         self,
         app: Flask,
         user_1: User,
@@ -633,5 +633,5 @@ def test_it_returns_only_5_first_replies(
 
         assert serialized_comment['replies'] == [
             visible_reply.serialize(user_1)
-            for visible_reply in visible_replies[:5]
+            for visible_reply in visible_replies
         ]
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index c4a2d405f..7251df8d2 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -1,10 +1,9 @@
 import datetime
 import os
-from typing import TYPE_CHECKING, Any, Dict, Optional, Tuple, Union
+from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
 from uuid import UUID, uuid4
 
 from flask import current_app
-from flask_sqlalchemy.query import Query
 from sqlalchemy import and_, or_
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
@@ -43,7 +42,6 @@
     'LD',  # 'Longest Duration'
     'MS',  # 'Max speed'
 ]
-REPLY_PER_PAGE = 5
 
 
 def update_records(
@@ -87,11 +85,9 @@ def update_records(
 
 def get_comments(
     workout_id: int,
-    page: int,
-    per_page: int,
     user: Optional['User'],
     reply_to: Optional[int] = None,
-) -> Query:
+) -> List['WorkoutComment']:
     if user:
         local_following_ids, remote_following_ids = get_following(user)
         comments_filter = WorkoutComment.query.filter(
@@ -124,10 +120,7 @@ def get_comments(
             WorkoutComment.reply_to == reply_to,
             WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
         )
-    comments_pagination = comments_filter.order_by(
-        WorkoutComment.created_at.asc()
-    ).paginate(page=page, per_page=per_page, error_out=False)
-    return comments_pagination
+    return comments_filter.order_by(WorkoutComment.created_at.asc()).all()
 
 
 class Sport(BaseModel):
@@ -769,14 +762,6 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
         if not can_view(self, 'text_visibility', user):
             raise CommentForbiddenException
 
-        replies_filter = get_comments(
-            workout_id=self.workout_id,
-            page=1,
-            per_page=REPLY_PER_PAGE,
-            user=user,
-            reply_to=self.id,
-        )
-
         return {
             'id': self.short_id,
             'user': self.user.serialize(),
@@ -789,7 +774,12 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
                 self.parent_comment.short_id if self.reply_to else None
             ),
             'replies': [
-                reply.serialize(user) for reply in replies_filter.items
+                reply.serialize(user)
+                for reply in get_comments(
+                    workout_id=self.workout_id,
+                    user=user,
+                    reply_to=self.id,
+                )
             ],
         }
 
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index c71806ce1..55e649d26 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -60,7 +60,6 @@
 DEFAULT_WORKOUTS_PER_PAGE = 5
 MAX_WORKOUTS_PER_PAGE = 100
 MAX_WORKOUTS_TO_SEND = 5
-DEFAULT_COMMENTS_PER_PAGE = 5
 
 
 def handle_workout_activities(workout: Workout, activity_type: str) -> None:
@@ -1623,15 +1622,10 @@ def get_workout_comments(
         )
 
     try:
-        params = request.args.copy()
-        page = int(params.get('page', 1))
-        comments_pagination = get_comments(
+        comments = get_comments(
             workout_id=workout.id,
-            page=page,
-            per_page=DEFAULT_COMMENTS_PER_PAGE,
             user=auth_user,
         )
-        comments = comments_pagination.items
         return {
             'status': 'success',
             'data': {
@@ -1639,13 +1633,6 @@ def get_workout_comments(
                     comment.serialize(auth_user) for comment in comments
                 ]
             },
-            'pagination': {
-                'has_next': comments_pagination.has_next,
-                'has_prev': comments_pagination.has_prev,
-                'page': comments_pagination.page,
-                'pages': comments_pagination.pages,
-                'total': comments_pagination.total,
-            },
         }
     except Exception as e:
         return handle_error_and_return_response(e)
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 6e2f723ce..f8d976518 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -14,7 +14,6 @@ import {
   IWorkout,
   IWorkoutForm,
   IWorkoutPayload,
-  ICommentsPayload,
   TWorkoutsPayload,
   ICommentPayload,
 } from '@/types/workouts'
@@ -118,10 +117,10 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
                 }
               })
           }
-          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
-            workoutId: res.data.data.workouts[0].id,
-            page: 1,
-          })
+          context.dispatch(
+            WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS,
+            res.data.data.workouts[0].id
+          )
         } else {
           context.commit(WORKOUTS_STORE.MUTATIONS.EMPTY_WORKOUT)
           handleError(context, null)
@@ -261,11 +260,10 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       .post(`/workouts/${payload.workout_id}/comments`, data)
       .then((res) => {
         if (res.data.status === 'created') {
-          // TODO: handle pagination
-          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
-            workoutId: payload.workout_id,
-            page: 1,
-          })
+          context.dispatch(
+            WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS,
+            payload.workout_id
+          )
         } else {
           handleError(context, null)
         }
@@ -276,15 +274,11 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
   },
   [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
     context: ActionContext<IWorkoutsState, IRootState>,
-    payload: ICommentsPayload
+    workoutId: string
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     authApi
-      .get(`/workouts/${payload.workoutId}/comments`, {
-        params: {
-          page: payload.page,
-        },
-      })
+      .get(`/workouts/${workoutId}/comments`)
       .then((res) => {
         if (res.data.status === 'success') {
           context.commit(
@@ -308,10 +302,10 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       .delete(`workouts/${payload.workoutId}/comments/${payload.commentId}`)
       .then((res) => {
         if (res.status === 204) {
-          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
-            workoutId: payload.workoutId,
-            page: 1,
-          })
+          context.dispatch(
+            WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS,
+            payload.workoutId
+          )
         }
       })
       .catch((error) => {
@@ -329,11 +323,10 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       })
       .then((res) => {
         if (res.data.status === 'success') {
-          // TODO: handle pagination
-          context.dispatch(WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS, {
-            workoutId: payload.workout_id,
-            page: 1,
-          })
+          context.dispatch(
+            WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS,
+            payload.workout_id
+          )
         }
       })
       .catch((error) => {
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 050bff960..1e8042b36 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -16,7 +16,6 @@ import {
   IWorkoutData,
   IWorkoutPayload,
   IWorkoutForm,
-  ICommentsPayload,
   IComment,
   ICommentPayload,
 } from '@/types/workouts'
@@ -72,7 +71,7 @@ export interface IWorkoutsActions {
   ): void
   [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
     context: ActionContext<IWorkoutsState, IRootState>,
-    payload: ICommentsPayload
+    workoutId: string
   ): void
   [WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT](
     context: ActionContext<IWorkoutsState, IRootState>,
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index e0712daca..52800c378 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -205,12 +205,6 @@ export interface ICommentForm {
   workout_id: string
 }
 
-export interface ICommentsPayload {
-  workoutId: string
-
-  page: number
-}
-
 export interface ICommentPayload {
   workoutId: string
 

From 105710c47ba9e7d3021c150378b6148a362e004a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 1 Feb 2023 16:43:49 +0100
Subject: [PATCH 199/238] Client - display comment input only for authenticated
 user

---
 .../Workout/WorkoutDetail/WorkoutComment.vue           |  8 +++-----
 .../Workout/WorkoutDetail/WorkoutComments.vue          | 10 +++++-----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
index a2cffa73d..3232f43bb 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
@@ -49,7 +49,7 @@
         />
         <i
           class="fa fa-comment-o"
-          v-if="!addReply || addReply !== comment"
+          v-if="authUser.username && (!addReply || addReply !== comment)"
           @click="() => addReply = comment"
         />
       </div>
@@ -102,12 +102,10 @@
   interface Props {
     comment: IComment
     workout: IWorkout
-    authUser?: IAuthUserProfile | null
+    authUser: IAuthUserProfile
   }
 
-  const props = withDefaults(defineProps<Props>(), {
-    authUser: null,
-  })
+  const props = defineProps<Props>()
   const { authUser, comment, workout } = toRefs(props)
 
   const emit = defineEmits(['deleteComment'])
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
index b444789d9..4dd35b354 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
@@ -23,7 +23,9 @@
         <div class="no-comments" v-if="workoutData.comments.length === 0">
           {{ $t('workouts.COMMENTS.NO_COMMENTS')}}
         </div>
-        <WorkoutCommentEdition :workout="workoutData.workout" />
+        <WorkoutCommentEdition
+          v-if="authUser.username" :workout="workoutData.workout"
+        />
       </template>
     </Card>
   </div>
@@ -40,12 +42,10 @@
 
   interface Props {
     workoutData: IWorkoutData
-    authUser?: IAuthUserProfile | null
+    authUser: IAuthUserProfile
   }
 
-  const props = withDefaults(defineProps<Props>(), {
-    authUser: null,
-  })
+  const props = defineProps<Props>()
   const { workoutData } = toRefs(props)
 
   const store = useStore()

From 941c0cc2c65f550e789fc11debd0080c44e1e14a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 1 Feb 2023 16:49:20 +0100
Subject: [PATCH 200/238] Client - minor style update on workout detail

---
 fittrackee_client/src/components/Workout/WorkoutDetail/index.vue | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index 2c50d0694..f6ae61f86 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -202,6 +202,7 @@
   .workout-detail {
     display: flex;
     ::v-deep(.card) {
+      margin: 0 $default-margin;
       width: 100%;
       .card-content {
         display: flex;

From 2675e09809fc31d780432e64b417c3047dc695a8 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 1 Feb 2023 16:53:54 +0100
Subject: [PATCH 201/238] Client - refacto

---
 .../WorkoutDetail => WorkoutComment}/WorkoutComment.vue         | 2 +-
 .../WorkoutDetail => WorkoutComment}/WorkoutCommentEdition.vue  | 0
 .../WorkoutDetail => WorkoutComment}/WorkoutComments.vue        | 2 +-
 fittrackee_client/src/custom-components.ts                      | 2 +-
 fittrackee_client/src/views/workouts/Workout.vue                | 2 +-
 5 files changed, 4 insertions(+), 4 deletions(-)
 rename fittrackee_client/src/components/{Workout/WorkoutDetail => WorkoutComment}/WorkoutComment.vue (98%)
 rename fittrackee_client/src/components/{Workout/WorkoutDetail => WorkoutComment}/WorkoutCommentEdition.vue (100%)
 rename fittrackee_client/src/components/{Workout/WorkoutDetail => WorkoutComment}/WorkoutComments.vue (95%)

diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
similarity index 98%
rename from fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
rename to fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
index 3232f43bb..3ac88d4c8 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComment.vue
+++ b/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
@@ -89,7 +89,7 @@
 
   import Username from "@/components/User/Username.vue"
   import UserPicture from "@/components/User/UserPicture.vue"
-  import WorkoutCommentEdition from "@/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue"
+  import WorkoutCommentEdition from "@/components/WorkoutComment/WorkoutCommentEdition.vue"
   import { ROOT_STORE } from "@/store/constants"
   import { IDisplayOptions } from "@/types/application"
   import { IAuthUserProfile, IUserProfile } from "@/types/user"
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
similarity index 100%
rename from fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue
rename to fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
similarity index 95%
rename from fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
rename to fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
index 4dd35b354..32f80aeb4 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutComments.vue
+++ b/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
@@ -34,7 +34,7 @@
 <script setup lang="ts">
   import { Ref, ref, toRefs, watch } from "vue"
 
-  import WorkoutCommentEdition from "@/components/Workout/WorkoutDetail/WorkoutCommentEdition.vue"
+  import WorkoutCommentEdition from "@/components/WorkoutComment/WorkoutCommentEdition.vue"
   import { WORKOUTS_STORE } from "@/store/constants"
   import { IAuthUserProfile } from "@/types/user"
   import { IComment, IWorkoutData } from "@/types/workouts"
diff --git a/fittrackee_client/src/custom-components.ts b/fittrackee_client/src/custom-components.ts
index 53b1aa062..685ed0809 100644
--- a/fittrackee_client/src/custom-components.ts
+++ b/fittrackee_client/src/custom-components.ts
@@ -8,7 +8,7 @@ import SportImage from '@/components/Common/Images/SportImage/index.vue'
 import Loader from '@/components/Common/Loader.vue'
 import Modal from '@/components/Common/Modal.vue'
 import VisibilityIcon from '@/components/Common/VisibilityIcon.vue'
-import WorkoutComment from '@/components/Workout/WorkoutDetail/WorkoutComment.vue'
+import WorkoutComment from '@/components/WorkoutComment/WorkoutComment.vue'
 
 export const customComponents = [
   { target: AlertMessage, name: 'AlertMessage' },
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index dc24c2f62..5c359f68b 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -57,10 +57,10 @@
   import NotFound from '@/components/Common/NotFound.vue'
   import WorkoutDetail from '@/components/Workout/WorkoutDetail/index.vue'
   import WorkoutChart from '@/components/Workout/WorkoutDetail/WorkoutChart/index.vue'
-  import WorkoutComments from '@/components/Workout/WorkoutDetail/WorkoutComments.vue'
   import WorkoutNotes from '@/components/Workout/WorkoutDetail/WorkoutNotes.vue'
   import WorkoutSegments from '@/components/Workout/WorkoutDetail/WorkoutSegments.vue'
   import WorkoutUser from '@/components/Workout/WorkoutDetail/WorkoutUser.vue'
+  import WorkoutComments from '@/components/WorkoutComment/WorkoutComments.vue'
   import {
     AUTH_USER_STORE,
     SPORTS_STORE,

From f75bcc73071b4cbe1649212b669c034744e16591 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 1 Feb 2023 19:14:11 +0100
Subject: [PATCH 202/238] API - fix user profile url

---
 fittrackee/config.py                          |  3 +-
 fittrackee/federation/utils/__init__.py       |  5 ++-
 .../federation/test_federation_models.py      | 41 +++++++++++++++++++
 .../federation/test_federation_webfinger.py   |  2 +-
 4 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/fittrackee/config.py b/fittrackee/config.py
index a877cf7b1..b3c26712d 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -6,6 +6,7 @@
 from sqlalchemy.pool import NullPool
 
 from fittrackee import VERSION
+from fittrackee.federation.utils import remove_url_scheme
 
 if os.getenv('APP_SETTINGS') == 'fittrackee.config.TestingConfig':
     broker = StubBroker
@@ -72,7 +73,7 @@ class BaseConfig:
     OAUTH2_REFRESH_TOKEN_GENERATOR = True
     VERSION = VERSION
     # ActivityPub
-    AP_DOMAIN = UI_URL.replace('https://', '')
+    AP_DOMAIN = remove_url_scheme(UI_URL)
 
 
 class DevelopmentConfig(BaseConfig):
diff --git a/fittrackee/federation/utils/__init__.py b/fittrackee/federation/utils/__init__.py
index 2be9ef5ad..14466c90a 100644
--- a/fittrackee/federation/utils/__init__.py
+++ b/fittrackee/federation/utils/__init__.py
@@ -25,7 +25,7 @@ def generate_keys() -> Tuple[str, str]:
 
 def get_ap_url(username: str, url_type: str) -> str:
     """
-    Return ActivityPub URLs.
+    Return ActivityPub URLs for local actor.
 
     Supported URL types:
     - 'user_url'
@@ -34,6 +34,7 @@ def get_ap_url(username: str, url_type: str) -> str:
     - 'following'
     - 'followers'
     - 'shared_inbox'
+    - 'profile_url'
     """
     ap_url = f"https://{current_app.config['AP_DOMAIN']}/federation/"
     ap_url_user = f'{ap_url}user/{username}'
@@ -44,7 +45,7 @@ def get_ap_url(username: str, url_type: str) -> str:
     if url_type == 'shared_inbox':
         return f'{ap_url}inbox'
     if url_type == 'profile_url':
-        return f"https://{current_app.config['AP_DOMAIN']}/users/{username}"
+        return f"{current_app.config['UI_URL']}/users/{username}"
     raise Exception('Invalid \'url_type\'.')
 
 
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 4f2951834..75d58fd4a 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -21,6 +21,47 @@ def test_it_raises_error_if_url_type_is_invalid(self, app: Flask) -> None:
         with pytest.raises(Exception, match="Invalid 'url_type'."):
             get_ap_url(username=uuid4().hex, url_type='url')
 
+    def test_it_returns_user_url(self, app: Flask) -> None:
+        username = uuid4().hex
+
+        user_url = get_ap_url(username=username, url_type='user_url')
+
+        assert (
+            user_url
+            == f"https://{app.config['AP_DOMAIN']}/federation/user/{username}"
+        )
+
+    @pytest.mark.parametrize(
+        'input_url_type', ['inbox', 'outbox', 'following', 'followers']
+    )
+    def test_it_returns_expected_url(
+        self, app: Flask, input_url_type: str
+    ) -> None:
+        username = uuid4().hex
+
+        url = get_ap_url(username=username, url_type=input_url_type)
+
+        assert url == (
+            f"https://{app.config['AP_DOMAIN']}/federation/"
+            f"user/{username}/{input_url_type}"
+        )
+
+    def test_it_returns_user_profile_url(self, app: Flask) -> None:
+        username = uuid4().hex
+
+        user_url = get_ap_url(username=username, url_type='profile_url')
+
+        assert user_url == f"{app.config['UI_URL']}/users/{username}"
+
+    def test_it_returns_shared_inbox(self, app: Flask) -> None:
+        shared_inbox = get_ap_url(
+            username=uuid4().hex, url_type='shared_inbox'
+        )
+
+        assert shared_inbox == (
+            f"https://{app.config['AP_DOMAIN']}/federation/inbox"
+        )
+
 
 class TestActivityPubDomainModel:
     def test_it_returns_string_representation(
diff --git a/fittrackee/tests/federation/federation/test_federation_webfinger.py b/fittrackee/tests/federation/federation/test_federation_webfinger.py
index d22c1af88..63559d24e 100644
--- a/fittrackee/tests/federation/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/federation/test_federation_webfinger.py
@@ -116,7 +116,7 @@ def test_it_returns_user_links(
         assert data['links'] == [
             {
                 'href': (
-                    f'https://{actor_1.domain.name}/users/'
+                    f'{app_with_federation.config["UI_URL"]}/users/'
                     f'{actor_1.user.username}'
                 ),
                 'rel': 'http://webfinger.net/rel/profile-page',

From 931fd4112ce6ed259142e10e33a4e02f3f8d6191 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Feb 2023 09:17:05 +0100
Subject: [PATCH 203/238] API - update tests config

---
 fittrackee/config.py                     |  6 ++++--
 fittrackee/tests/users/test_auth_api.py  | 23 ++++++++++++-----------
 fittrackee/tests/users/test_users_api.py | 11 ++++++-----
 3 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/fittrackee/config.py b/fittrackee/config.py
index b3c26712d..c90b6155e 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -99,16 +99,18 @@ class TestingConfig(BaseConfig):
     TOKEN_EXPIRATION_DAYS = 0
     TOKEN_EXPIRATION_SECONDS = 10
     PASSWORD_TOKEN_EXPIRATION_SECONDS = 10
-    UI_URL = 'http://0.0.0.0:5000'
+    UI_URL = 'https://example.com'
     SENDER_EMAIL = 'fittrackee@example.com'
     OAUTH2_TOKEN_EXPIRES_IN = {
         'authorization_code': 60,
     }
-    AP_DOMAIN = '0.0.0.0:5000'
+    AP_DOMAIN = 'example.com'
 
 
 class End2EndTestingConfig(TestingConfig):
     DRAMATIQ_BROKER_URL = os.getenv('REDIS_URL', 'redis://')
+    UI_URL = 'http://0.0.0.0:5000'
+    AP_DOMAIN = '0.0.0.0:5000'
 
 
 class ProductionConfig(BaseConfig):
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 240dd7615..ccc71fced 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -334,11 +334,11 @@ def test_it_calls_account_confirmation_email_when_payload_is_valid(
             },
             {
                 'username': username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
                 'account_confirmation_url': (
-                    'http://0.0.0.0:5000/account-confirmation'
+                    f'{app.config["UI_URL"]}/account-confirmation'
                     f'?token={expected_token}'
                 ),
             },
@@ -999,7 +999,7 @@ def test_it_calls_email_updated_to_current_email_send_when_new_email_provided(
             },
             {
                 'username': user_1.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
                 'new_email_address': new_email,
@@ -1041,11 +1041,12 @@ def test_it_calls_email_updated_to_new_email_send_when_new_email_provided(
             },
             {
                 'username': user_1.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
                 'email_confirmation_url': (
-                    f'http://0.0.0.0:5000/email-update?token={expected_token}'
+                    f'{app.config["UI_URL"]}/email-update'
+                    f'?token={expected_token}'
                 ),
             },
         )
@@ -1201,7 +1202,7 @@ def test_it_calls_password_change_email_when_new_password_provided(
             },
             {
                 'username': user_1.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
             },
@@ -2217,9 +2218,9 @@ def test_it_calls_reset_password_email_when_user_exists(
                 'expiration_delay': '10 seconds',
                 'username': user_1.username,
                 'password_reset_url': (
-                    f'http://0.0.0.0:5000/password-reset?token={token}'
+                    f'{app.config["UI_URL"]}/password-reset?token={token}'
                 ),
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
             },
@@ -2432,7 +2433,7 @@ def test_it_sends_email_after_successful_update(
             },
             {
                 'username': user_1.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
             },
@@ -2683,11 +2684,11 @@ def test_it_calls_account_confirmation_email_if_user_is_inactive(
             },
             {
                 'username': inactive_user.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'operating_system': 'Linux',
                 'browser_name': 'Firefox',
                 'account_confirmation_url': (
-                    'http://0.0.0.0:5000/account-confirmation'
+                    f'{app.config["UI_URL"]}/account-confirmation'
                     f'?token={expected_token}'
                 ),
             },
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index a069f2b82..98490bc7e 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -1422,7 +1422,7 @@ def test_it_calls_password_change_email_when_password_reset_is_successful(
             },
             {
                 'username': user_2.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
             },
         )
 
@@ -1482,9 +1482,9 @@ def test_it_calls_reset_password_email_when_password_reset_is_successful(
                 ),
                 'username': user_2.username,
                 'password_reset_url': (
-                    'http://0.0.0.0:5000/password-reset?token=xxx'
+                    f'{app.config["UI_URL"]}/password-reset?token=xxx'
                 ),
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
             },
         )
 
@@ -1634,9 +1634,10 @@ def test_it_calls_email_updated_to_new_address_when_password_reset_is_successful
             },
             {
                 'username': user_2.username,
-                'fittrackee_url': 'http://0.0.0.0:5000',
+                'fittrackee_url': app.config["UI_URL"],
                 'email_confirmation_url': (
-                    f'http://0.0.0.0:5000/email-update?token={expected_token}'
+                    f'{app.config["UI_URL"]}/email-update'
+                    f'?token={expected_token}'
                 ),
             },
         )

From 1e818e069aa8480b1b313f7920efb64cefeb9669 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Feb 2023 09:37:43 +0100
Subject: [PATCH 204/238] API - refacto comments

---
 fittrackee/__init__.py                        |   2 +
 fittrackee/comments/__init__.py               |   0
 fittrackee/comments/comments.py               | 238 ++++++++++++++++++
 fittrackee/comments/decorators.py             |  50 ++++
 fittrackee/comments/exceptions.py             |  11 +
 fittrackee/comments/models.py                 | 200 +++++++++++++++
 .../federation/activities/activities.py       |   3 +-
 fittrackee/federation/objects/base_object.py  |   3 +-
 fittrackee/federation/objects/comment.py      |   3 +-
 fittrackee/federation/objects/tombstone.py    |   3 +-
 fittrackee/privacy_levels.py                  |   3 +-
 fittrackee/tests/comments/__init__.py         |   0
 .../test_comments_api.py}                     |   5 +-
 .../test_comments_models.py}                  |   7 +-
 .../tests/federation/comments/__init__.py     |   0
 .../test_comments_api.py}                     |  11 +-
 .../test_comments_models.py}                  |   5 +-
 .../test_federation_activities_activities.py  |   3 +-
 fittrackee/tests/workouts/utils.py            |   3 +-
 fittrackee/workouts/decorators.py             |  44 +---
 fittrackee/workouts/exceptions.py             |   5 -
 fittrackee/workouts/models.py                 | 191 +-------------
 fittrackee/workouts/workouts.py               | 219 +---------------
 23 files changed, 539 insertions(+), 470 deletions(-)
 create mode 100644 fittrackee/comments/__init__.py
 create mode 100644 fittrackee/comments/comments.py
 create mode 100644 fittrackee/comments/decorators.py
 create mode 100644 fittrackee/comments/exceptions.py
 create mode 100644 fittrackee/comments/models.py
 create mode 100644 fittrackee/tests/comments/__init__.py
 rename fittrackee/tests/{workouts/test_workouts_comments_api.py => comments/test_comments_api.py} (99%)
 rename fittrackee/tests/{workouts/test_workouts_comments_models.py => comments/test_comments_models.py} (98%)
 create mode 100644 fittrackee/tests/federation/comments/__init__.py
 rename fittrackee/tests/federation/{workouts/test_workouts_comments_api.py => comments/test_comments_api.py} (99%)
 rename fittrackee/tests/federation/{workouts/test_workouts_comments_models.py => comments/test_comments_models.py} (98%)

diff --git a/fittrackee/__init__.py b/fittrackee/__init__.py
index e7e824cb0..dca835166 100644
--- a/fittrackee/__init__.py
+++ b/fittrackee/__init__.py
@@ -128,6 +128,7 @@ def create_app(init_email: bool = True) -> Flask:
                 pass
 
     from .application.app_config import config_blueprint  # noqa
+    from .comments.comments import comments_blueprint  # noqa
     from .oauth2.routes import oauth2_blueprint  # noqa
     from .users.auth import auth_blueprint  # noqa
     from .users.follow_requests import follow_requests_blueprint  # noqa
@@ -140,6 +141,7 @@ def create_app(init_email: bool = True) -> Flask:
 
     app.register_blueprint(auth_blueprint, url_prefix='/api')
     app.register_blueprint(oauth2_blueprint, url_prefix='/api')
+    app.register_blueprint(comments_blueprint, url_prefix='/api')
     app.register_blueprint(config_blueprint, url_prefix='/api')
     app.register_blueprint(records_blueprint, url_prefix='/api')
     app.register_blueprint(sports_blueprint, url_prefix='/api')
diff --git a/fittrackee/comments/__init__.py b/fittrackee/comments/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
new file mode 100644
index 000000000..207f7a1a2
--- /dev/null
+++ b/fittrackee/comments/comments.py
@@ -0,0 +1,238 @@
+from datetime import datetime
+from typing import Dict, Optional, Tuple, Union
+
+from flask import Blueprint, current_app, request
+from sqlalchemy import exc
+
+from fittrackee import db
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.federation.tasks.inbox import send_to_remote_inbox
+from fittrackee.federation.utils import sending_activities_allowed
+from fittrackee.oauth2.server import require_auth
+from fittrackee.privacy_levels import PrivacyLevel, can_view
+from fittrackee.responses import (
+    HttpResponse,
+    InvalidPayloadErrorResponse,
+    NotFoundErrorResponse,
+    handle_error_and_return_response,
+)
+from fittrackee.users.models import User
+from fittrackee.utils import decode_short_id
+from fittrackee.workouts.models import Workout
+
+from .decorators import check_workout_comment
+from .models import WorkoutComment, get_comments
+
+comments_blueprint = Blueprint('comments', __name__)
+
+
+@comments_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments", methods=["POST"]
+)
+@require_auth(scopes=["workouts:write"])
+def add_workout_comment(
+    auth_user: User, workout_short_id: str
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    comment_data = request.get_json()
+    if (
+        not comment_data
+        or not comment_data.get('text')
+        or not comment_data.get('text_visibility')
+    ):
+        return InvalidPayloadErrorResponse()
+    try:
+        workout_uuid = decode_short_id(workout_short_id)
+        workout = Workout.query.filter_by(uuid=workout_uuid).first()
+        if not workout:
+            return NotFoundErrorResponse(
+                f"workout not found (id: {workout_short_id})"
+            )
+
+        if not can_view(workout, 'workout_visibility', auth_user):
+            return NotFoundErrorResponse(
+                f"workout not found (id: {workout_short_id})"
+            )
+
+        reply_to = comment_data.get('reply_to')
+        workout_comment = None
+        if reply_to:
+            workout_comment = WorkoutComment.query.filter_by(
+                uuid=decode_short_id(reply_to)
+            ).first()
+            if not workout_comment:
+                return InvalidPayloadErrorResponse("'reply_to' is invalid")
+
+        new_comment = WorkoutComment(
+            user_id=auth_user.id,
+            workout_id=workout.id,
+            workout_visibility=workout.workout_visibility,
+            text=comment_data['text'],
+            text_visibility=PrivacyLevel(comment_data['text_visibility']),
+            reply_to=workout_comment.id if workout_comment else None,
+        )
+        db.session.add(new_comment)
+        db.session.flush()
+        if sending_activities_allowed(new_comment.text_visibility):
+            new_comment.ap_id = (
+                f'{auth_user.actor.activitypub_id}/'
+                f'workouts/{workout.short_id}/'
+                f'comments/{new_comment.short_id}'
+            )
+            new_comment.remote_url = (
+                f'https://{auth_user.actor.domain.name}/'
+                f'workouts/{workout.short_id}/'
+                f'comments/{new_comment.short_id}'
+            )
+            note_activity = new_comment.get_activity(activity_type='Create')
+            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            if recipients:
+                send_to_remote_inbox.send(
+                    sender_id=auth_user.actor.id,
+                    activity=note_activity,
+                    recipients=recipients,
+                )
+        db.session.commit()
+
+        return (
+            {
+                'status': 'created',
+                'comment': new_comment.serialize(auth_user),
+            },
+            201,
+        )
+    except InvalidVisibilityException as e:
+        return InvalidPayloadErrorResponse(message=str(e))
+    except (exc.IntegrityError, ValueError) as e:
+        return handle_error_and_return_response(
+            error=e,
+            message='Error during comment save.',
+            status='fail',
+            db=db,
+        )
+
+
+@comments_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
+    methods=["GET"],
+)
+@require_auth(scopes=['workouts:read'], optional_auth_user=True)
+@check_workout_comment(check_owner=False)
+def get_workout_comment(
+    auth_user: Optional[User], workout_comment: WorkoutComment
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    return (
+        {
+            'status': 'success',
+            'comment': workout_comment.serialize(auth_user),
+        },
+        200,
+    )
+
+
+@comments_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments", methods=["GET"]
+)
+@require_auth(scopes=['workouts:read'], optional_auth_user=True)
+def get_workout_comments(
+    auth_user: Optional[User], workout_short_id: str
+) -> Union[Dict, HttpResponse]:
+    workout_uuid = decode_short_id(workout_short_id)
+    workout = Workout.query.filter_by(uuid=workout_uuid).first()
+    if not workout:
+        return NotFoundErrorResponse(
+            f"workout not found (id: {workout_short_id})"
+        )
+
+    try:
+        comments = get_comments(
+            workout_id=workout.id,
+            user=auth_user,
+        )
+        return {
+            'status': 'success',
+            'data': {
+                'comments': [
+                    comment.serialize(auth_user) for comment in comments
+                ]
+            },
+        }
+    except Exception as e:
+        return handle_error_and_return_response(e)
+
+
+@comments_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
+    methods=["DELETE"],
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout_comment()
+def delete_workout_comment(
+    auth_user: User, workout_comment: WorkoutComment
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    try:
+        if sending_activities_allowed(workout_comment.text_visibility):
+            note_activity = workout_comment.get_activity(
+                activity_type='Delete'
+            )
+            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            if recipients:
+                send_to_remote_inbox.send(
+                    sender_id=auth_user.actor.id,
+                    activity=note_activity,
+                    recipients=recipients,
+                )
+
+        db.session.delete(workout_comment)
+        db.session.commit()
+        return {'status': 'no content'}, 204
+    except (
+        exc.IntegrityError,
+        exc.OperationalError,
+        ValueError,
+        OSError,
+    ) as e:
+        return handle_error_and_return_response(e, db=db)
+
+
+@comments_blueprint.route(
+    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
+    methods=['PATCH'],
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout_comment()
+def update_workout_comment(
+    auth_user: User, workout_comment: WorkoutComment
+) -> Union[Dict, HttpResponse]:
+    comment_data = request.get_json()
+    if not comment_data or not comment_data.get('text'):
+        return InvalidPayloadErrorResponse()
+
+    try:
+        workout_comment.text = comment_data.get('text')
+        workout_comment.modification_date = datetime.utcnow()
+        db.session.commit()
+
+        if current_app.config[
+            'federation_enabled'
+        ] and workout_comment.text_visibility in (
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        ):
+            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            if recipients:
+                note_activity = workout_comment.get_activity(
+                    activity_type='Update'
+                )
+                send_to_remote_inbox.send(
+                    sender_id=auth_user.actor.id,
+                    activity=note_activity,
+                    recipients=recipients,
+                )
+
+        return {
+            'status': 'success',
+            'comment': workout_comment.serialize(auth_user),
+        }
+
+    except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
+        return handle_error_and_return_response(e)
diff --git a/fittrackee/comments/decorators.py b/fittrackee/comments/decorators.py
new file mode 100644
index 000000000..1251b75d6
--- /dev/null
+++ b/fittrackee/comments/decorators.py
@@ -0,0 +1,50 @@
+from functools import wraps
+from typing import Any, Callable
+
+from fittrackee.privacy_levels import can_view
+from fittrackee.responses import ForbiddenErrorResponse, NotFoundErrorResponse
+from fittrackee.utils import decode_short_id
+from fittrackee.workouts.models import Workout
+
+from .models import WorkoutComment
+
+
+def check_workout_comment(check_owner: bool = True) -> Callable:
+    def decorator_check_workout_comment(f: Callable) -> Callable:
+        @wraps(f)
+        def wrapper_check_workout_comment(
+            *args: Any, **kwargs: Any
+        ) -> Callable:
+            auth_user = args[0]
+            workout_short_id = kwargs["workout_short_id"]
+            comment_short_id = kwargs["comment_short_id"]
+            workout_uuid = decode_short_id(workout_short_id)
+            workout = Workout.query.filter_by(uuid=workout_uuid).first()
+            if not workout:
+                return NotFoundErrorResponse(
+                    f"workout not found (id: {workout_short_id})"
+                )
+
+            workout_comment_uuid = decode_short_id(comment_short_id)
+            workout_comment = WorkoutComment.query.filter_by(
+                uuid=workout_comment_uuid
+            ).first()
+            if not workout_comment:
+                return NotFoundErrorResponse(
+                    f"workout comment not found (id: {comment_short_id})"
+                )
+
+            if not can_view(workout_comment, "text_visibility", auth_user):
+                return NotFoundErrorResponse(
+                    f"workout comment not found (id: {comment_short_id})"
+                )
+
+            if check_owner and (
+                not auth_user or auth_user.id != workout_comment.user.id
+            ):
+                return ForbiddenErrorResponse()
+            return f(auth_user, workout_comment)
+
+        return wrapper_check_workout_comment
+
+    return decorator_check_workout_comment
diff --git a/fittrackee/comments/exceptions.py b/fittrackee/comments/exceptions.py
new file mode 100644
index 000000000..f6e172a67
--- /dev/null
+++ b/fittrackee/comments/exceptions.py
@@ -0,0 +1,11 @@
+from fittrackee.exceptions import GenericException
+
+
+class CommentForbiddenException(GenericException):
+    def __init__(self) -> None:
+        super().__init__('error', 'you do not have permissions')
+
+
+class WorkoutForbiddenException(GenericException):
+    def __init__(self) -> None:
+        super().__init__('error', 'you do not have permissions')
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
new file mode 100644
index 000000000..08367568d
--- /dev/null
+++ b/fittrackee/comments/models.py
@@ -0,0 +1,200 @@
+import datetime
+from typing import TYPE_CHECKING, Dict, List, Optional
+from uuid import uuid4
+
+from flask import current_app
+from sqlalchemy import and_, or_
+from sqlalchemy.dialects import postgresql
+from sqlalchemy.types import Enum
+
+from fittrackee import BaseModel, db
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.federation.objects.comment import WorkoutCommentObject
+from fittrackee.federation.objects.tombstone import TombstoneObject
+from fittrackee.privacy_levels import PrivacyLevel, can_view
+from fittrackee.users.utils.following import get_following
+from fittrackee.utils import encode_uuid
+
+from .exceptions import CommentForbiddenException
+
+if TYPE_CHECKING:
+    from fittrackee.users.models import User
+
+
+def get_comments(
+    workout_id: int,
+    user: Optional['User'],
+    reply_to: Optional[int] = None,
+) -> List['WorkoutComment']:
+    if user:
+        local_following_ids, remote_following_ids = get_following(user)
+        comments_filter = WorkoutComment.query.filter(
+            WorkoutComment.workout_id == workout_id,
+            WorkoutComment.reply_to == reply_to,
+            or_(
+                WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+                or_(
+                    WorkoutComment.user_id == user.id,
+                    and_(
+                        WorkoutComment.user_id.in_(local_following_ids),
+                        WorkoutComment.text_visibility.in_(
+                            [
+                                PrivacyLevel.FOLLOWERS,
+                                PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                            ]
+                        ),
+                    ),
+                    and_(
+                        WorkoutComment.user_id.in_(remote_following_ids),
+                        WorkoutComment.text_visibility
+                        == PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                    ),
+                ),
+            ),
+        )
+    else:
+        comments_filter = WorkoutComment.query.filter(
+            WorkoutComment.workout_id == workout_id,
+            WorkoutComment.reply_to == reply_to,
+            WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+        )
+    return comments_filter.order_by(WorkoutComment.created_at.asc()).all()
+
+
+class WorkoutComment(BaseModel):
+    __tablename__ = 'workout_comments'
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    uuid = db.Column(
+        postgresql.UUID(as_uuid=True),
+        default=uuid4,
+        unique=True,
+        nullable=False,
+    )
+    user_id = db.Column(
+        db.Integer, db.ForeignKey('users.id'), index=True, nullable=False
+    )
+    workout_id = db.Column(
+        db.Integer,
+        db.ForeignKey('workouts.id', ondelete="SET NULL"),
+        index=True,
+        nullable=True,
+    )
+    reply_to = db.Column(
+        db.Integer,
+        db.ForeignKey('workout_comments.id', ondelete="SET NULL"),
+        index=True,
+        nullable=True,
+    )
+    created_at = db.Column(db.DateTime, default=datetime.datetime.utcnow)
+    modification_date = db.Column(db.DateTime, nullable=True)
+    text = db.Column(db.String(), nullable=False)
+    text_visibility = db.Column(
+        Enum(PrivacyLevel, name='privacy_levels'),
+        server_default='PRIVATE',
+        nullable=False,
+    )
+    ap_id = db.Column(db.Text(), nullable=True)
+    remote_url = db.Column(db.Text(), nullable=True)
+
+    parent_comment = db.relationship(
+        'WorkoutComment', remote_side=[id], lazy='joined'
+    )
+
+    def __repr__(self) -> str:
+        return f'<WorkoutComment {self.id}>'
+
+    def __init__(
+        self,
+        user_id: int,
+        workout_id: int,
+        workout_visibility: PrivacyLevel,
+        text: str,
+        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
+        created_at: Optional[datetime.datetime] = None,
+        reply_to: Optional[int] = None,
+    ) -> None:
+        self.user_id = user_id
+        self.workout_id = workout_id
+        self.text = text
+        self.text_visibility = self._check_visibility(
+            workout_visibility, text_visibility
+        )
+        self.created_at = (
+            datetime.datetime.utcnow() if created_at is None else created_at
+        )
+        self.reply_to = reply_to
+
+    @staticmethod
+    def _check_visibility(
+        workout_visibility: PrivacyLevel, text_visibility: PrivacyLevel
+    ) -> PrivacyLevel:
+        if (
+            text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+            and not current_app.config['federation_enabled']
+        ):
+            raise InvalidVisibilityException(
+                f'invalid visibility: {text_visibility},'
+                f' federation is disabled.'
+            )
+
+        if (
+            (
+                workout_visibility == PrivacyLevel.PRIVATE
+                and text_visibility != PrivacyLevel.PRIVATE
+            )
+            or (
+                workout_visibility == PrivacyLevel.FOLLOWERS
+                and text_visibility
+                in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE]
+            )
+            or (
+                workout_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+                and text_visibility == PrivacyLevel.PUBLIC
+            )
+        ):
+            raise InvalidVisibilityException(
+                f'invalid visibility: {text_visibility} '
+                f'(workout visibility: {workout_visibility})'
+            )
+        return text_visibility
+
+    @property
+    def short_id(self) -> str:
+        return encode_uuid(self.uuid)
+
+    def serialize(self, user: Optional['User'] = None) -> Dict:
+        # TODO: mentions
+        if not can_view(self, 'text_visibility', user):
+            raise CommentForbiddenException
+
+        return {
+            'id': self.short_id,
+            'user': self.user.serialize(),
+            'workout_id': self.workout.short_id,
+            'text': self.text,
+            'text_visibility': self.text_visibility,
+            'created_at': self.created_at,
+            'modification_date': self.modification_date,
+            'reply_to': (
+                self.parent_comment.short_id if self.reply_to else None
+            ),
+            'replies': [
+                reply.serialize(user)
+                for reply in get_comments(
+                    workout_id=self.workout_id,
+                    user=user,
+                    reply_to=self.id,
+                )
+            ],
+        }
+
+    def get_activity(self, activity_type: str) -> Dict:
+        if activity_type in ['Create', 'Update']:
+            return WorkoutCommentObject(
+                self, activity_type=activity_type
+            ).get_activity()
+        if activity_type == 'Delete':
+            tombstone_object = TombstoneObject(self)
+            delete_activity = tombstone_object.get_activity()
+            return delete_activity
+        return {}
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 407a18e0d..674b6687b 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -4,6 +4,7 @@
 from typing import Dict, Tuple
 
 from fittrackee import appLog, db
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.federation.constants import PUBLIC_STREAM
 from fittrackee.federation.exceptions import (
     ActivityException,
@@ -26,7 +27,7 @@
 )
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+from fittrackee.workouts.models import Sport, Workout
 from fittrackee.workouts.utils.workouts import create_workout
 
 from ..objects.workout import convert_workout_activity
diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index eccf97c2c..893ab21f6 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -8,7 +8,8 @@
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 
 if TYPE_CHECKING:
-    from fittrackee.workouts.models import Workout, WorkoutComment
+    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.workouts.models import Workout
 
     from ..enums import ActivityType
     from ..models import Actor
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index 118c8587c..df9cff0c0 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -4,7 +4,8 @@
 from .base_object import BaseObject
 
 if TYPE_CHECKING:
-    from fittrackee.workouts.models import Workout, WorkoutComment
+    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.workouts.models import Workout
 
 
 class WorkoutCommentObject(BaseObject):
diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
index f9fb3f68f..355e5f114 100644
--- a/fittrackee/federation/objects/tombstone.py
+++ b/fittrackee/federation/objects/tombstone.py
@@ -8,7 +8,8 @@
 from .base_object import BaseObject
 
 if TYPE_CHECKING:
-    from fittrackee.workouts.models import Workout, WorkoutComment
+    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.workouts.models import Workout
 
 
 class TombstoneObject(BaseObject):
diff --git a/fittrackee/privacy_levels.py b/fittrackee/privacy_levels.py
index e28ef3c4b..4aaa51b73 100644
--- a/fittrackee/privacy_levels.py
+++ b/fittrackee/privacy_levels.py
@@ -2,8 +2,9 @@
 from typing import TYPE_CHECKING, Optional, Union
 
 if TYPE_CHECKING:
+    from fittrackee.comments.models import WorkoutComment
     from fittrackee.users.models import User
-    from fittrackee.workouts.models import Workout, WorkoutComment
+    from fittrackee.workouts.models import Workout
 
 
 class PrivacyLevel(str, Enum):  # to make enum serializable
diff --git a/fittrackee/tests/comments/__init__.py b/fittrackee/tests/comments/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/workouts/test_workouts_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
similarity index 99%
rename from fittrackee/tests/workouts/test_workouts_comments_api.py
rename to fittrackee/tests/comments/test_comments_api.py
index 0d399ce15..a381f2514 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -5,13 +5,14 @@
 from flask import Flask
 from werkzeug import Response
 
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+from fittrackee.workouts.models import Sport, Workout
 
 from ..mixins import ApiTestCaseMixin, BaseTestMixin
 from ..utils import jsonify_dict
-from .utils import WorkoutCommentMixin
+from ..workouts.utils import WorkoutCommentMixin
 
 
 class TestPostWorkoutComment(
diff --git a/fittrackee/tests/workouts/test_workouts_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
similarity index 98%
rename from fittrackee/tests/workouts/test_workouts_comments_models.py
rename to fittrackee/tests/comments/test_comments_models.py
index 3f51be0fb..884647edb 100644
--- a/fittrackee/tests/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -4,14 +4,15 @@
 from flask import Flask
 from freezegun import freeze_time
 
+from fittrackee.comments.exceptions import CommentForbiddenException
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.utils import encode_uuid
-from fittrackee.workouts.exceptions import CommentForbiddenException
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+from fittrackee.workouts.models import Sport, Workout
 
-from .utils import WorkoutCommentMixin
+from ..workouts.utils import WorkoutCommentMixin
 
 
 class TestWorkoutCommentModel(WorkoutCommentMixin):
diff --git a/fittrackee/tests/federation/comments/__init__.py b/fittrackee/tests/federation/comments/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py b/fittrackee/tests/federation/comments/test_comments_api.py
similarity index 99%
rename from fittrackee/tests/federation/workouts/test_workouts_comments_api.py
rename to fittrackee/tests/federation/comments/test_comments_api.py
index 0d2a6c00b..992defab5 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_api.py
+++ b/fittrackee/tests/federation/comments/test_comments_api.py
@@ -4,17 +4,18 @@
 import pytest
 from flask import Flask
 
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+from fittrackee.workouts.models import Sport, Workout
 
+from ...comments.test_comments_api import GetWorkoutCommentsTestCase
 from ...mixins import ApiTestCaseMixin, BaseTestMixin
 from ...utils import jsonify_dict
-from ...workouts.test_workouts_comments_api import GetWorkoutCommentsTestCase
 from ...workouts.utils import WorkoutCommentMixin
 
 
-@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+@patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestPostWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
@@ -908,7 +909,7 @@ def test_it_gets_reply(
         ]
 
 
-@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+@patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestDeleteWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
@@ -1085,7 +1086,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
         )
 
 
-@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
+@patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestPatchWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
diff --git a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
similarity index 98%
rename from fittrackee/tests/federation/workouts/test_workouts_comments_models.py
rename to fittrackee/tests/federation/comments/test_comments_models.py
index 99f11f330..75226eacc 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -1,12 +1,13 @@
 import pytest
 from flask import Flask
 
+from fittrackee.comments.exceptions import CommentForbiddenException
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import FollowRequest, User
-from fittrackee.workouts.exceptions import CommentForbiddenException
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+from fittrackee.workouts.models import Sport, Workout
 
 from ...mixins import RandomMixin
 
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 29c9989d6..8b9286440 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -5,6 +5,7 @@
 import pytest
 from flask import Flask
 
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
@@ -28,7 +29,7 @@
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport, Workout, WorkoutComment
+from fittrackee.workouts.models import Sport, Workout
 
 from ...mixins import RandomMixin
 from ...utils import RandomActor
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index fa9075c7c..733b3d2e4 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -6,9 +6,10 @@
 from flask import Flask
 
 from fittrackee import db
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
-from fittrackee.workouts.models import Workout, WorkoutComment
+from fittrackee.workouts.models import Workout
 
 from ..mixins import RandomMixin
 
diff --git a/fittrackee/workouts/decorators.py b/fittrackee/workouts/decorators.py
index b114f93a9..4a8ffcad2 100644
--- a/fittrackee/workouts/decorators.py
+++ b/fittrackee/workouts/decorators.py
@@ -5,10 +5,9 @@
 from fittrackee.responses import (
     DataNotFoundErrorResponse,
     ForbiddenErrorResponse,
-    NotFoundErrorResponse,
 )
 from fittrackee.utils import decode_short_id
-from fittrackee.workouts.models import Workout, WorkoutComment
+from fittrackee.workouts.models import Workout
 
 
 def check_workout(check_owner: bool = True) -> Callable:
@@ -35,44 +34,3 @@ def wrapper_check_workout(*args: Any, **kwargs: Any) -> Callable:
         return wrapper_check_workout
 
     return decorator_check_workout
-
-
-def check_workout_comment(check_owner: bool = True) -> Callable:
-    def decorator_check_workout_comment(f: Callable) -> Callable:
-        @wraps(f)
-        def wrapper_check_workout_comment(
-            *args: Any, **kwargs: Any
-        ) -> Callable:
-            auth_user = args[0]
-            workout_short_id = kwargs["workout_short_id"]
-            comment_short_id = kwargs["comment_short_id"]
-            workout_uuid = decode_short_id(workout_short_id)
-            workout = Workout.query.filter_by(uuid=workout_uuid).first()
-            if not workout:
-                return NotFoundErrorResponse(
-                    f"workout not found (id: {workout_short_id})"
-                )
-
-            workout_comment_uuid = decode_short_id(comment_short_id)
-            workout_comment = WorkoutComment.query.filter_by(
-                uuid=workout_comment_uuid
-            ).first()
-            if not workout_comment:
-                return NotFoundErrorResponse(
-                    f"workout comment not found (id: {comment_short_id})"
-                )
-
-            if not can_view(workout_comment, "text_visibility", auth_user):
-                return NotFoundErrorResponse(
-                    f"workout comment not found (id: {comment_short_id})"
-                )
-
-            if check_owner and (
-                not auth_user or auth_user.id != workout_comment.user.id
-            ):
-                return ForbiddenErrorResponse()
-            return f(auth_user, workout_comment)
-
-        return wrapper_check_workout_comment
-
-    return decorator_check_workout_comment
diff --git a/fittrackee/workouts/exceptions.py b/fittrackee/workouts/exceptions.py
index 436885187..e3b220375 100644
--- a/fittrackee/workouts/exceptions.py
+++ b/fittrackee/workouts/exceptions.py
@@ -13,11 +13,6 @@ class WorkoutGPXException(GenericException):
     ...
 
 
-class CommentForbiddenException(GenericException):
-    def __init__(self) -> None:
-        super().__init__('error', 'you do not have permissions')
-
-
 class WorkoutForbiddenException(GenericException):
     def __init__(self) -> None:
         super().__init__('error', 'you do not have permissions')
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 7251df8d2..315c16640 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -1,10 +1,8 @@
 import datetime
 import os
-from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
+from typing import TYPE_CHECKING, Any, Dict, Optional, Tuple, Union
 from uuid import UUID, uuid4
 
-from flask import current_app
-from sqlalchemy import and_, or_
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.engine.base import Connection
 from sqlalchemy.event import listens_for
@@ -14,9 +12,8 @@
 from sqlalchemy.types import JSON, Enum
 
 from fittrackee import BaseModel, appLog, db
-from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.comments.models import WorkoutComment
 from fittrackee.federation.decorators import federation_required
-from fittrackee.federation.objects.comment import WorkoutCommentObject
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
@@ -25,10 +22,9 @@
     can_view,
     get_map_visibility,
 )
-from fittrackee.users.utils.following import get_following
 from fittrackee.utils import encode_uuid
 
-from .exceptions import CommentForbiddenException, WorkoutForbiddenException
+from .exceptions import WorkoutForbiddenException
 from .utils.convert import convert_in_duration, convert_value_to_integer
 
 if TYPE_CHECKING:
@@ -83,46 +79,6 @@ def update_records(
             )
 
 
-def get_comments(
-    workout_id: int,
-    user: Optional['User'],
-    reply_to: Optional[int] = None,
-) -> List['WorkoutComment']:
-    if user:
-        local_following_ids, remote_following_ids = get_following(user)
-        comments_filter = WorkoutComment.query.filter(
-            WorkoutComment.workout_id == workout_id,
-            WorkoutComment.reply_to == reply_to,
-            or_(
-                WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
-                or_(
-                    WorkoutComment.user_id == user.id,
-                    and_(
-                        WorkoutComment.user_id.in_(local_following_ids),
-                        WorkoutComment.text_visibility.in_(
-                            [
-                                PrivacyLevel.FOLLOWERS,
-                                PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                            ]
-                        ),
-                    ),
-                    and_(
-                        WorkoutComment.user_id.in_(remote_following_ids),
-                        WorkoutComment.text_visibility
-                        == PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                    ),
-                ),
-            ),
-        )
-    else:
-        comments_filter = WorkoutComment.query.filter(
-            WorkoutComment.workout_id == workout_id,
-            WorkoutComment.reply_to == reply_to,
-            WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
-        )
-    return comments_filter.order_by(WorkoutComment.created_at.asc()).all()
-
-
 class Sport(BaseModel):
     __tablename__ = 'sports'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
@@ -240,7 +196,7 @@ class Workout(BaseModel):
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
     comments = db.relationship(
-        'WorkoutComment',
+        WorkoutComment,
         lazy=True,
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
@@ -654,142 +610,3 @@ def receive_after_flush(session: Session, context: Any) -> None:
                 )
                 new_record.value = record_data['record_value']  # type: ignore
                 session.add(new_record)
-
-
-class WorkoutComment(BaseModel):
-    __tablename__ = 'workout_comments'
-    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
-    uuid = db.Column(
-        postgresql.UUID(as_uuid=True),
-        default=uuid4,
-        unique=True,
-        nullable=False,
-    )
-    user_id = db.Column(
-        db.Integer, db.ForeignKey('users.id'), index=True, nullable=False
-    )
-    workout_id = db.Column(
-        db.Integer,
-        db.ForeignKey('workouts.id', ondelete="SET NULL"),
-        index=True,
-        nullable=True,
-    )
-    reply_to = db.Column(
-        db.Integer,
-        db.ForeignKey('workout_comments.id', ondelete="SET NULL"),
-        index=True,
-        nullable=True,
-    )
-    created_at = db.Column(db.DateTime, default=datetime.datetime.utcnow)
-    modification_date = db.Column(db.DateTime, nullable=True)
-    text = db.Column(db.String(), nullable=False)
-    text_visibility = db.Column(
-        Enum(PrivacyLevel, name='privacy_levels'),
-        server_default='PRIVATE',
-        nullable=False,
-    )
-    ap_id = db.Column(db.Text(), nullable=True)
-    remote_url = db.Column(db.Text(), nullable=True)
-
-    parent_comment = db.relationship(
-        'WorkoutComment', remote_side=[id], lazy='joined'
-    )
-
-    def __repr__(self) -> str:
-        return f'<WorkoutComment {self.id}>'
-
-    def __init__(
-        self,
-        user_id: int,
-        workout_id: int,
-        workout_visibility: PrivacyLevel,
-        text: str,
-        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
-        created_at: Optional[datetime.datetime] = None,
-        reply_to: Optional[int] = None,
-    ) -> None:
-        self.user_id = user_id
-        self.workout_id = workout_id
-        self.text = text
-        self.text_visibility = self._check_visibility(
-            workout_visibility, text_visibility
-        )
-        self.created_at = (
-            datetime.datetime.utcnow() if created_at is None else created_at
-        )
-        self.reply_to = reply_to
-
-    @staticmethod
-    def _check_visibility(
-        workout_visibility: PrivacyLevel, text_visibility: PrivacyLevel
-    ) -> PrivacyLevel:
-        if (
-            text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-            and not current_app.config['federation_enabled']
-        ):
-            raise InvalidVisibilityException(
-                f'invalid visibility: {text_visibility},'
-                f' federation is disabled.'
-            )
-
-        if (
-            (
-                workout_visibility == PrivacyLevel.PRIVATE
-                and text_visibility != PrivacyLevel.PRIVATE
-            )
-            or (
-                workout_visibility == PrivacyLevel.FOLLOWERS
-                and text_visibility
-                in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE]
-            )
-            or (
-                workout_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-                and text_visibility == PrivacyLevel.PUBLIC
-            )
-        ):
-            raise InvalidVisibilityException(
-                f'invalid visibility: {text_visibility} '
-                f'(workout visibility: {workout_visibility})'
-            )
-        return text_visibility
-
-    @property
-    def short_id(self) -> str:
-        return encode_uuid(self.uuid)
-
-    def serialize(self, user: Optional['User'] = None) -> Dict:
-        # TODO: mentions
-        if not can_view(self, 'text_visibility', user):
-            raise CommentForbiddenException
-
-        return {
-            'id': self.short_id,
-            'user': self.user.serialize(),
-            'workout_id': self.workout.short_id,
-            'text': self.text,
-            'text_visibility': self.text_visibility,
-            'created_at': self.created_at,
-            'modification_date': self.modification_date,
-            'reply_to': (
-                self.parent_comment.short_id if self.reply_to else None
-            ),
-            'replies': [
-                reply.serialize(user)
-                for reply in get_comments(
-                    workout_id=self.workout_id,
-                    user=user,
-                    reply_to=self.id,
-                )
-            ],
-        }
-
-    def get_activity(self, activity_type: str) -> Dict:
-        if activity_type in ['Create', 'Update']:
-            return WorkoutCommentObject(
-                self, activity_type=activity_type
-            ).get_activity()
-        if activity_type == 'Delete':
-            tombstone_object = TombstoneObject(self)
-            delete_activity = tombstone_object.get_activity()
-            return delete_activity
-        return {}
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 55e649d26..391aa18c2 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -2,7 +2,7 @@
 import os
 import shutil
 from copy import copy
-from datetime import datetime, timedelta
+from datetime import timedelta
 from typing import Dict, List, Optional, Tuple, Union
 
 import requests
@@ -18,7 +18,6 @@
 from werkzeug.utils import secure_filename
 
 from fittrackee import appLog, db, limiter
-from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.tasks.inbox import send_to_remote_inbox
 from fittrackee.federation.utils import sending_activities_allowed
 from fittrackee.oauth2.server import require_auth
@@ -37,8 +36,8 @@
 from fittrackee.users.models import User
 from fittrackee.utils import decode_short_id
 
-from .decorators import check_workout, check_workout_comment
-from .models import Workout, WorkoutComment, get_comments
+from .decorators import check_workout
+from .models import Workout
 from .utils.convert import convert_in_duration
 from .utils.gpx import (
     WorkoutGPXException,
@@ -1502,215 +1501,3 @@ def delete_workout(
         OSError,
     ) as e:
         return handle_error_and_return_response(e, db=db)
-
-
-@workouts_blueprint.route(
-    "/workouts/<string:workout_short_id>/comments", methods=["POST"]
-)
-@require_auth(scopes=["workouts:write"])
-def add_workout_comment(
-    auth_user: User, workout_short_id: str
-) -> Union[Tuple[Dict, int], HttpResponse]:
-    comment_data = request.get_json()
-    if (
-        not comment_data
-        or not comment_data.get('text')
-        or not comment_data.get('text_visibility')
-    ):
-        return InvalidPayloadErrorResponse()
-    try:
-        workout_uuid = decode_short_id(workout_short_id)
-        workout = Workout.query.filter_by(uuid=workout_uuid).first()
-        if not workout:
-            return NotFoundErrorResponse(
-                f"workout not found (id: {workout_short_id})"
-            )
-
-        if not can_view(workout, 'workout_visibility', auth_user):
-            return NotFoundErrorResponse(
-                f"workout not found (id: {workout_short_id})"
-            )
-
-        reply_to = comment_data.get('reply_to')
-        workout_comment = None
-        if reply_to:
-            workout_comment = WorkoutComment.query.filter_by(
-                uuid=decode_short_id(reply_to)
-            ).first()
-            if not workout_comment:
-                return InvalidPayloadErrorResponse("'reply_to' is invalid")
-
-        new_comment = WorkoutComment(
-            user_id=auth_user.id,
-            workout_id=workout.id,
-            workout_visibility=workout.workout_visibility,
-            text=comment_data['text'],
-            text_visibility=PrivacyLevel(comment_data['text_visibility']),
-            reply_to=workout_comment.id if workout_comment else None,
-        )
-        db.session.add(new_comment)
-        db.session.flush()
-        if sending_activities_allowed(new_comment.text_visibility):
-            new_comment.ap_id = (
-                f'{auth_user.actor.activitypub_id}/'
-                f'workouts/{workout.short_id}/'
-                f'comments/{new_comment.short_id}'
-            )
-            new_comment.remote_url = (
-                f'https://{auth_user.actor.domain.name}/'
-                f'workouts/{workout.short_id}/'
-                f'comments/{new_comment.short_id}'
-            )
-            note_activity = new_comment.get_activity(activity_type='Create')
-            recipients = auth_user.get_followers_shared_inboxes_as_list()
-            if recipients:
-                send_to_remote_inbox.send(
-                    sender_id=auth_user.actor.id,
-                    activity=note_activity,
-                    recipients=recipients,
-                )
-        db.session.commit()
-
-        return (
-            {
-                'status': 'created',
-                'comment': new_comment.serialize(auth_user),
-            },
-            201,
-        )
-    except InvalidVisibilityException as e:
-        return InvalidPayloadErrorResponse(message=str(e))
-    except (exc.IntegrityError, ValueError) as e:
-        return handle_error_and_return_response(
-            error=e,
-            message='Error during comment save.',
-            status='fail',
-            db=db,
-        )
-
-
-@workouts_blueprint.route(
-    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
-    methods=["GET"],
-)
-@require_auth(scopes=['workouts:read'], optional_auth_user=True)
-@check_workout_comment(check_owner=False)
-def get_workout_comment(
-    auth_user: Optional[User], workout_comment: WorkoutComment
-) -> Union[Tuple[Dict, int], HttpResponse]:
-    return (
-        {
-            'status': 'success',
-            'comment': workout_comment.serialize(auth_user),
-        },
-        200,
-    )
-
-
-@workouts_blueprint.route(
-    "/workouts/<string:workout_short_id>/comments", methods=["GET"]
-)
-@require_auth(scopes=['workouts:read'], optional_auth_user=True)
-def get_workout_comments(
-    auth_user: Optional[User], workout_short_id: str
-) -> Union[Dict, HttpResponse]:
-    workout_uuid = decode_short_id(workout_short_id)
-    workout = Workout.query.filter_by(uuid=workout_uuid).first()
-    if not workout:
-        return NotFoundErrorResponse(
-            f"workout not found (id: {workout_short_id})"
-        )
-
-    try:
-        comments = get_comments(
-            workout_id=workout.id,
-            user=auth_user,
-        )
-        return {
-            'status': 'success',
-            'data': {
-                'comments': [
-                    comment.serialize(auth_user) for comment in comments
-                ]
-            },
-        }
-    except Exception as e:
-        return handle_error_and_return_response(e)
-
-
-@workouts_blueprint.route(
-    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
-    methods=["DELETE"],
-)
-@require_auth(scopes=['workouts:write'])
-@check_workout_comment()
-def delete_workout_comment(
-    auth_user: User, workout_comment: WorkoutComment
-) -> Union[Tuple[Dict, int], HttpResponse]:
-    try:
-        if sending_activities_allowed(workout_comment.text_visibility):
-            note_activity = workout_comment.get_activity(
-                activity_type='Delete'
-            )
-            recipients = auth_user.get_followers_shared_inboxes_as_list()
-            if recipients:
-                send_to_remote_inbox.send(
-                    sender_id=auth_user.actor.id,
-                    activity=note_activity,
-                    recipients=recipients,
-                )
-
-        db.session.delete(workout_comment)
-        db.session.commit()
-        return {'status': 'no content'}, 204
-    except (
-        exc.IntegrityError,
-        exc.OperationalError,
-        ValueError,
-        OSError,
-    ) as e:
-        return handle_error_and_return_response(e, db=db)
-
-
-@workouts_blueprint.route(
-    "/workouts/<string:workout_short_id>/comments/<string:comment_short_id>",
-    methods=['PATCH'],
-)
-@require_auth(scopes=['workouts:write'])
-@check_workout_comment()
-def update_workout_comment(
-    auth_user: User, workout_comment: WorkoutComment
-) -> Union[Dict, HttpResponse]:
-    comment_data = request.get_json()
-    if not comment_data or not comment_data.get('text'):
-        return InvalidPayloadErrorResponse()
-
-    try:
-        workout_comment.text = comment_data.get('text')
-        workout_comment.modification_date = datetime.utcnow()
-        db.session.commit()
-
-        if current_app.config[
-            'federation_enabled'
-        ] and workout_comment.text_visibility in (
-            PrivacyLevel.PUBLIC,
-            PrivacyLevel.FOLLOWERS_AND_REMOTE,
-        ):
-            recipients = auth_user.get_followers_shared_inboxes_as_list()
-            if recipients:
-                note_activity = workout_comment.get_activity(
-                    activity_type='Update'
-                )
-                send_to_remote_inbox.send(
-                    sender_id=auth_user.actor.id,
-                    activity=note_activity,
-                    recipients=recipients,
-                )
-
-        return {
-            'status': 'success',
-            'comment': workout_comment.serialize(auth_user),
-        }
-
-    except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
-        return handle_error_and_return_response(e)

From 63644c420275f9b356199af2164d4751fbe454df Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Feb 2023 14:43:02 +0100
Subject: [PATCH 205/238] API - add mentions users in comment text and when
 sending activity (WIP)

 + clean comment input (HTML sanitization)
---
 fittrackee/comments/comments.py               |  6 +-
 fittrackee/comments/models.py                 | 10 ++-
 fittrackee/comments/utils.py                  | 31 ++++++++
 fittrackee/federation/objects/comment.py      |  9 ++-
 fittrackee/federation/utils/user.py           | 24 ++++++
 .../tests/comments/test_comments_api.py       | 61 +++++++++++++++
 .../tests/comments/test_comments_models.py    | 32 ++++++++
 fittrackee/tests/comments/test_utils.py       | 58 +++++++++++++++
 .../comments/test_comments_models.py          | 26 +++++++
 .../tests/federation/comments/test_utils.py   | 47 ++++++++++++
 ...test_federation_objects_workout_comment.py | 71 ++++++++++++++++++
 .../federation/test_federation_utils_user.py  | 74 ++++++++++++++++++-
 fittrackee/tests/test_utils.py                | 53 ++++++++++++-
 fittrackee/utils.py                           | 10 +++
 poetry.lock                                   | 28 ++++++-
 pyproject.toml                                |  1 +
 16 files changed, 533 insertions(+), 8 deletions(-)
 create mode 100644 fittrackee/comments/utils.py
 create mode 100644 fittrackee/tests/comments/test_utils.py
 create mode 100644 fittrackee/tests/federation/comments/test_utils.py

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index 207f7a1a2..1b319795f 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -17,7 +17,7 @@
     handle_error_and_return_response,
 )
 from fittrackee.users.models import User
-from fittrackee.utils import decode_short_id
+from fittrackee.utils import clean_input, decode_short_id
 from fittrackee.workouts.models import Workout
 
 from .decorators import check_workout_comment
@@ -66,7 +66,7 @@ def add_workout_comment(
             user_id=auth_user.id,
             workout_id=workout.id,
             workout_visibility=workout.workout_visibility,
-            text=comment_data['text'],
+            text=clean_input(comment_data['text']),
             text_visibility=PrivacyLevel(comment_data['text_visibility']),
             reply_to=workout_comment.id if workout_comment else None,
         )
@@ -208,7 +208,7 @@ def update_workout_comment(
         return InvalidPayloadErrorResponse()
 
     try:
-        workout_comment.text = comment_data.get('text')
+        workout_comment.text = clean_input(comment_data['text'])
         workout_comment.modification_date = datetime.utcnow()
         db.session.commit()
 
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index 08367568d..e991f2164 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -1,5 +1,5 @@
 import datetime
-from typing import TYPE_CHECKING, Dict, List, Optional
+from typing import TYPE_CHECKING, Dict, List, Optional, Set, Tuple
 from uuid import uuid4
 
 from flask import current_app
@@ -18,6 +18,7 @@
 from .exceptions import CommentForbiddenException
 
 if TYPE_CHECKING:
+    from fittrackee.federation.models import Actor
     from fittrackee.users.models import User
 
 
@@ -162,6 +163,11 @@ def _check_visibility(
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
 
+    def handle_mentions(self) -> Tuple[str, Set['Actor']]:
+        from .utils import handle_mentions
+
+        return handle_mentions(self.text)
+
     def serialize(self, user: Optional['User'] = None) -> Dict:
         # TODO: mentions
         if not can_view(self, 'text_visibility', user):
@@ -172,6 +178,8 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
             'user': self.user.serialize(),
             'workout_id': self.workout.short_id,
             'text': self.text,
+            # TODO: store html version in database?
+            'text_html': self.handle_mentions()[0],
             'text_visibility': self.text_visibility,
             'created_at': self.created_at,
             'modification_date': self.modification_date,
diff --git a/fittrackee/comments/utils.py b/fittrackee/comments/utils.py
new file mode 100644
index 000000000..97130e542
--- /dev/null
+++ b/fittrackee/comments/utils.py
@@ -0,0 +1,31 @@
+import re
+from typing import TYPE_CHECKING, Set, Tuple
+
+from fittrackee.federation.utils.user import get_user_from_username_if_exists
+
+if TYPE_CHECKING:
+    from fittrackee.federation.models import Actor
+
+MENTION_REGEX = r'(@[\w_\-\.]+)(@[\w_\-\.]+\.[a-z]{2,})?'
+LINK_TEMPLATE = (
+    '<a href="{url}" target="_blank" rel="noopener noreferrer">{username}</a>'
+)
+
+
+def handle_mentions(text: str) -> Tuple[str, Set['Actor']]:
+    mentioned_actors: set['Actor'] = set()
+    for username, domain in re.findall(re.compile(MENTION_REGEX), text):
+        mention = f"{username}{domain}"
+        user = get_user_from_username_if_exists(
+            username.lstrip('@'), domain.lstrip('@')
+        )
+        if user:
+            name_to_display = mention if user.is_remote else username
+            mentioned_actors.add(user.actor)
+            text = text.replace(
+                mention,
+                LINK_TEMPLATE.format(
+                    url=user.actor.profile_url, username=name_to_display
+                ),
+            )
+    return text, mentioned_actors
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index df9cff0c0..27735e00a 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -30,8 +30,12 @@ def __init__(
         self.activity_dict = self._init_activity_dict()
 
     def get_activity(self) -> Dict:
+        (
+            text_with_mention,
+            mentioned_actors,
+        ) = self.workout_comment.handle_mentions()
         self.activity_dict['object']['type'] = 'Note'
-        self.activity_dict['object']['content'] = self.workout_comment.text
+        self.activity_dict['object']['content'] = text_with_mention
         self.activity_dict['object']['inReplyTo'] = (
             self.workout_comment.parent_comment.ap_id
             if self.workout_comment.reply_to
@@ -42,4 +46,7 @@ def get_activity(self) -> Dict:
                 **self.activity_dict['object'],
                 'updated': self._get_modification_date(self.workout_comment),
             }
+        mentions = [actor.activitypub_id for actor in mentioned_actors]
+        self.activity_dict['cc'].extend(mentions)
+        self.activity_dict['object']['cc'].extend(mentions)
         return self.activity_dict
diff --git a/fittrackee/federation/utils/user.py b/fittrackee/federation/utils/user.py
index 13a9c51b2..54d9c2025 100644
--- a/fittrackee/federation/utils/user.py
+++ b/fittrackee/federation/utils/user.py
@@ -225,3 +225,27 @@ def get_user_from_username(
     if not user:
         raise UserNotFoundException()
     return user
+
+
+def get_user_from_username_if_exists(
+    username: str, domain: str = ''
+) -> Optional[User]:
+    # local actor
+    if not domain or domain == current_app.config['AP_DOMAIN']:
+        return User.query.filter(
+            User.username == username,
+            User.is_remote == False,  # noqa
+        ).first()
+
+    # remote actor
+    return (
+        db.session.query(User)
+        .join(Actor, User.actor_id == Actor.id)
+        .join(Domain, Actor.domain_id == Domain.id)
+        .filter(
+            User.is_remote == True,  # noqa
+            Actor.preferred_username == username,
+            Domain.name == domain,
+        )
+        .first()
+    )
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index a381f2514..2ecf41614 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -263,6 +263,39 @@ def test_it_returns_201_when_comment_is_created(
         ).first()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
 
+    def test_it_sanitizes_text_before_storing_in_database(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment_text = "<script>alert('evil!')</script> Hello"
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=comment_text,
+                    text_visibility=PrivacyLevel.FOLLOWERS,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_1.id
+        ).first()
+        assert new_comment.text == " Hello"
+
     def test_it_returns_400_when_user_replies_to_not_existing_comment(
         self,
         app: Flask,
@@ -1774,6 +1807,34 @@ def test_it_updates_workout_comment_text(
         assert comment.text_visibility == PrivacyLevel.PUBLIC
         assert comment.modification_date is not None
 
+    def test_it_sanitizes_text_before_storing_in_database(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        updated_text = "<script>alert('evil!')</script> Hello"
+
+        client.patch(
+            f"/api/workouts/{workout_cycling_user_1.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=updated_text)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert comment.text == " Hello"
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 884647edb..9ca2ea4d7 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -220,6 +220,7 @@ def test_it_serializes_owner_comment(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -296,6 +297,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -350,6 +352,7 @@ def test_it_serializes_comment_when_comment_is_public(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -404,6 +407,7 @@ def test_it_serializes_comment_when_comment_is_public(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -441,6 +445,7 @@ def test_it_serializes_comment_with_reply(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': parent_comment.text,
+            'text_html': parent_comment.text,  # no mention
             'text_visibility': parent_comment.text_visibility,
             'created_at': parent_comment.created_at,
             'modification_date': parent_comment.modification_date,
@@ -476,6 +481,7 @@ def test_it_serializes_comment_reply(
             'user': user_2.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -541,6 +547,7 @@ def test_it_returns_only_visible_replies_for_a_user(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -599,6 +606,7 @@ def test_it_returns_only_visible_replies_for_unauthenticated_user(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -636,3 +644,27 @@ def test_it_returns_all_replies(
             visible_reply.serialize(user_1)
             for visible_reply in visible_replies
         ]
+
+
+class TestWorkoutCommentModelSerializeForMentions(WorkoutCommentMixin):
+    def test_it_serializes_comment_with_mentions_as_link(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{user_3.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment["text"] == comment.text
+        assert serialized_comment["text_html"] == comment.handle_mentions()[0]
diff --git a/fittrackee/tests/comments/test_utils.py b/fittrackee/tests/comments/test_utils.py
new file mode 100644
index 000000000..e984ae0d8
--- /dev/null
+++ b/fittrackee/tests/comments/test_utils.py
@@ -0,0 +1,58 @@
+from flask import Flask
+
+from fittrackee.comments.utils import handle_mentions
+from fittrackee.tests.utils import random_string
+from fittrackee.users.models import User
+
+
+class TestHandleMentions:
+    def test_it_does_not_linkify_user_if_not_user_found(
+        self, app: Flask
+    ) -> None:
+        text = f"@{random_string()} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == text
+        assert mentioned_actors == set()
+
+    def test_it_linkifies_user_when_local_user_found(
+        self, app: Flask, user_1: User
+    ) -> None:
+        text = f"@{user_1.username} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == (
+            f'<a href="{user_1.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_1.username}</a> nice!'
+        )
+        assert mentioned_actors == {user_1.actor}
+
+    def test_it_linkifies_user_when_local_user_found_with_domain(
+        self, app: Flask, user_1: User
+    ) -> None:
+        text = f"@{user_1.actor.fullname} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == (
+            f'<a href="{user_1.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_1.username}</a> nice!'
+        )
+        assert mentioned_actors == {user_1.actor}
+
+    def test_it_linkifies_multiple_users(
+        self, app: Flask, user_1: User, user_2: User
+    ) -> None:
+        text = f"@{user_1.username} @{user_2.username} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == (
+            f'<a href="{user_1.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_1.username}</a> '
+            f'<a href="{user_2.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_2.username}</a> nice!'
+        )
+        assert mentioned_actors == {user_1.actor, user_2.actor}
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 75226eacc..fa8bf657a 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -101,6 +101,7 @@ def test_it_serializes_owner_comment(
             'user': user_1.serialize(),
             'workout_id': workout_cycling_user_1.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -181,6 +182,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'user': remote_user.serialize(),
             'workout_id': remote_cycling_workout.short_id,
             'text': comment.text,
+            'text_html': comment.text,  # no mention
             'text_visibility': comment.text_visibility,
             'created_at': comment.created_at,
             'modification_date': comment.modification_date,
@@ -288,3 +290,27 @@ class TestWorkoutCommentModelGetDeleteActivity(
 ):
     activity_type = 'Delete'
     expected_object_type = 'Tombstone'
+
+
+class TestWorkoutCommentModelSerializeForMentions(WorkoutCommentMixin):
+    def test_it_serializes_comment_with_mentions_as_link(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{remote_user.actor.fullname} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment["text"] == comment.text
+        assert serialized_comment["text_html"] == comment.handle_mentions()[0]
diff --git a/fittrackee/tests/federation/comments/test_utils.py b/fittrackee/tests/federation/comments/test_utils.py
new file mode 100644
index 000000000..d695ac4bf
--- /dev/null
+++ b/fittrackee/tests/federation/comments/test_utils.py
@@ -0,0 +1,47 @@
+from flask import Flask
+
+from fittrackee.comments.utils import handle_mentions
+from fittrackee.tests.utils import random_domain, random_string
+from fittrackee.users.models import User
+
+
+class TestHandleMentions:
+    def test_it_does_not_linkify_user_if_not_user_found(
+        self, app_with_federation: Flask
+    ) -> None:
+        text = f"@{random_string()}@{random_domain()} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == text
+        assert mentioned_actors == set()
+
+    def test_it_linkifies_user_when_remote_user_found(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        text = f"@{remote_user.actor.fullname} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == (
+            f'<a href="{remote_user.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{remote_user.actor.fullname}'
+            '</a> nice!'
+        )
+        assert mentioned_actors == {remote_user.actor}
+
+    def test_it_linkifies_multiple_users(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        text = f"@{user_1.actor.fullname} @{remote_user.actor.fullname} nice!"
+
+        converted_text, mentioned_actors = handle_mentions(text)
+
+        assert converted_text == (
+            f'<a href="{user_1.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_1.username}</a> '
+            f'<a href="{remote_user.actor.profile_url}" target="_blank" '
+            f'rel="noopener noreferrer">@{remote_user.actor.fullname}'
+            '</a> nice!'
+        )
+        assert mentioned_actors == {user_1.actor, remote_user.actor}
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index 5b10657df..eed803e23 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -184,6 +184,41 @@ def test_it_generates_activity_when_comment_has_parent_comment(
             },
         }
 
+    def test_it_generates_activity_with_mentioned_users(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text=f"@{user_3.username} @{remote_user.actor.fullname} great!",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+
+        serialized_comment = comment_object.get_activity()
+
+        text_with_mentions, _ = workout_comment.handle_mentions()
+        assert set(serialized_comment['cc']) == {
+            user_2.actor.followers_url,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['cc']) == {
+            user_2.actor.followers_url,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert serialized_comment['object']['content'] == text_with_mentions
+
 
 class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
     @pytest.mark.parametrize(
@@ -317,3 +352,39 @@ def test_it_generates_activity_when_visibility_is_public(
                 ),
             },
         }
+
+    def test_it_generates_activity_with_mentioned_users(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text=f"@{user_3.username} @{remote_user.actor.fullname} great!",
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        workout_comment.modification_date = datetime.utcnow()
+        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+
+        serialized_comment = comment_object.get_activity()
+
+        text_with_mentions, _ = workout_comment.handle_mentions()
+        assert set(serialized_comment['cc']) == {
+            user_2.actor.activitypub_id,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['cc']) == {
+            user_2.actor.activitypub_id,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert serialized_comment['object']['content'] == text_with_mentions
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index aae039624..e7bb16be3 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -15,6 +15,7 @@
     create_remote_user_from_username,
     get_or_create_remote_domain_from_url,
     get_user_from_username,
+    get_user_from_username_if_exists,
     get_username_and_domain,
     store_or_delete_user_picture,
     update_remote_actor_stats,
@@ -24,7 +25,12 @@
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
-from ...utils import RandomActor, generate_response, random_string
+from ...utils import (
+    RandomActor,
+    generate_response,
+    random_domain,
+    random_string,
+)
 
 
 class TestGetUsernameAndDomain:
@@ -682,6 +688,72 @@ def test_it_does_not_raise_error_if_refresh_fails(
         assert user == remote_user
 
 
+class TestGetUserFromUsernameIfExists:
+    def test_it_returns_none_if_no_local_user(
+        self, app_with_federation: Flask
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(username=random_string()) is None
+        )
+
+    def test_it_returns_none_if_no_remote_user(
+        self, app_with_federation: Flask
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(
+                username=random_string(), domain=random_domain()
+            )
+            is None
+        )
+
+    def test_it_returns_none_if_no_remote_user_with_existing(
+        self, app_with_federation: Flask, remote_domain: Domain
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(
+                username=random_string(), domain=remote_domain.name
+            )
+            is None
+        )
+
+    def test_it_returns_none_if_only_remote_user_exists_when_username_provided(
+        self, app_with_federation: Flask, user_1: User, remote_user: User
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(username=remote_user.username)
+            is None
+        )
+
+    def test_it_returns_local_user(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(username=user_1.username)
+            == user_1
+        )
+
+    def test_it_returns_local_user_from_fullname(
+        self, app_with_federation: Flask, user_1: User
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(
+                username=user_1.username, domain=user_1.actor.domain.name
+            )
+            == user_1
+        )
+
+    def test_it_returns_remote_user(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        assert (
+            get_user_from_username_if_exists(
+                username=remote_user.username,
+                domain=remote_user.actor.domain.name,
+            )
+            == remote_user
+        )
+
+
 class TestStoreOrDeleteUserPicture:
     @pytest.mark.parametrize(
         'input_description, input_icon',
diff --git a/fittrackee/tests/test_utils.py b/fittrackee/tests/test_utils.py
index 124a74ea5..d571f39cc 100644
--- a/fittrackee/tests/test_utils.py
+++ b/fittrackee/tests/test_utils.py
@@ -1,10 +1,11 @@
 from typing import Union
 
 import pytest
+from flask import Flask
 
 from fittrackee.files import display_readable_file_size
 from fittrackee.request import UserAgent
-from fittrackee.utils import get_readable_duration
+from fittrackee.utils import clean_input, get_readable_duration
 
 
 class TestDisplayReadableFileSize:
@@ -67,3 +68,53 @@ def test_it_returns_operating_system(self) -> None:
     def test_it_returns_other_as_os_when_empty_string_provided(self) -> None:
         user_agent = UserAgent('')
         assert user_agent.platform == 'Other'
+
+
+class TestSanitizeInput:
+    @pytest.mark.parametrize(
+        'input_comment',
+        [
+            'just a text\nfor "test"',
+            'link: http://www.example.com',
+            'link: <a href="http://www.example.com" '
+            'rel="noopener noreferrer">example</a>',
+            '<p>just a<br><span>test</span></p>',
+        ],
+    )
+    def test_clean_input_remains_unchanged(
+        self, app: Flask, input_comment: str
+    ) -> None:
+        assert clean_input(input_comment) == input_comment
+
+    @pytest.mark.parametrize(
+        'input_comment, expected_comment',
+        [
+            ("<script>alert('evil!')</script>", ""),
+            ("<div><b>test</b></div>", "test"),
+            ("<div>test", "test"),
+            ("just a<br />test", "just a<br>test"),
+            ("<p>test", "<p>test</p>"),
+            ('<p class="active">test</p>', "<p>test</p>"),
+            ('<p style="display:none;">test</p>', "<p>test</p>"),
+            (
+                'link: <a href="http://www.example.com">example</a>',
+                'link: <a href="http://www.example.com" '
+                'rel="noopener noreferrer">example</a>',
+            ),
+            (
+                '<div><a href="http://www.example.com">example</a></div>',
+                '<a href="http://www.example.com" '
+                'rel="noopener noreferrer">example</a>',
+            ),
+            (
+                '<a href="http://example.com/user/Sam" target="_blank" '
+                'rel="noopener noreferrer">@Sam</a> nice!',
+                '<a href="http://example.com/user/Sam" target="_blank" '
+                'rel="noopener noreferrer">@Sam</a> nice!',
+            ),
+        ],
+    )
+    def test_it_removes_disallowed_tags(
+        self, app: Flask, input_comment: str, expected_comment: str
+    ) -> None:
+        assert clean_input(input_comment) == expected_comment
diff --git a/fittrackee/utils.py b/fittrackee/utils.py
index 0731fb14e..68daf44cd 100644
--- a/fittrackee/utils.py
+++ b/fittrackee/utils.py
@@ -4,6 +4,7 @@
 from uuid import UUID
 
 import humanize
+import nh3
 import shortuuid
 
 from fittrackee import db
@@ -44,3 +45,12 @@ def decode_short_id(short_id: str) -> UUID:
     Return UUID from a short id string
     """
     return shortuuid.decode(short_id)
+
+
+def clean_input(text: str) -> str:
+    # HTML sanitization
+    return nh3.clean(
+        text,
+        tags={"a", "br", "p", "span"},
+        attributes={"a": {"href", "target"}},
+    )
diff --git a/poetry.lock b/poetry.lock
index 6158ec875..8d446a681 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1164,6 +1164,32 @@ files = [
     {file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"},
 ]
 
+[[package]]
+name = "nh3"
+version = "0.2.7"
+description = "Ammonia HTML sanitizer Python binding"
+category = "main"
+optional = false
+python-versions = "*"
+files = [
+    {file = "nh3-0.2.7-cp37-abi3-macosx_10_7_x86_64.whl", hash = "sha256:137c770b327261114275c6184028046dad62fc7dfdf55b5afee1b06bbf67c1ed"},
+    {file = "nh3-0.2.7-cp37-abi3-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:66da2da5d17e8e439af5557c24e1c4a1461fb72b846f453d37da98fa576c3a97"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:91b4857c093969424285cf33a0139f71567932244beabe0fc52b36936d25fd7d"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1ff36c7815b4a4e2fb6602532f9d28e6c214a787043bc6006e51025984b2e1f7"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:839252dcf467c43fba08d5ce07ed6d003621858d8e49fad4f217cda12c197fe0"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4dd8fe9c062601e7387cf80c98a16c14b0becbfb24a922a4c1cec9a471061b73"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:75a7c0f1d00453b69d94c3b97a905201cd9626a55b10dd57fa914a456fb5befd"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:086d85aa8061db9ce6fe75c2c11821187ed20f6199a71295c10b5f68954d3283"},
+    {file = "nh3-0.2.7-cp37-abi3-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:0b8a4949c0f70ed6333bb876a3d47a82d6330eacb795d91d39aee3c8ac35c5ab"},
+    {file = "nh3-0.2.7-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:f7b28a2f2a91a216db4ab33697750e8efcd865e0001f03ade543d6c806f1ebdf"},
+    {file = "nh3-0.2.7-cp37-abi3-musllinux_1_2_armv7l.whl", hash = "sha256:f63072406db848d6817b8270e543dfd890bab118de9e9e913f58717886686aad"},
+    {file = "nh3-0.2.7-cp37-abi3-musllinux_1_2_i686.whl", hash = "sha256:47509292594cd422760fc1e25d0a39931ac889e4bcb32c33a256309ccf6bb167"},
+    {file = "nh3-0.2.7-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:66a9f6ebdd1d814b30888b0b3279b21493076bc0fe07f891199065be734eef1f"},
+    {file = "nh3-0.2.7-cp37-abi3-win32.whl", hash = "sha256:1bc9d342ef7a79f42291ea9c3c0145903120689a42b390de2763a28dd2d60d9c"},
+    {file = "nh3-0.2.7-cp37-abi3-win_amd64.whl", hash = "sha256:c8047185c604cb92f62bfef43c0d851705c26ee21a607db21e4ed5c6c5b05fc3"},
+    {file = "nh3-0.2.7.tar.gz", hash = "sha256:6cb41d30226f566cada0596e91b16b24c888b694b8c5b4ee7b69bb06c41a41eb"},
+]
+
 [[package]]
 name = "ordered-set"
 version = "4.1.0"
@@ -2759,4 +2785,4 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools"
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.7"
-content-hash = "d6189c917efde17fca7afe5c037ade93e3043f6fbaded901edcd6f1e70870764"
+content-hash = "c0e2929bf0efb34cfc6006017cca355ec54f9e95495601734eb5ba0fa3515985"
diff --git a/pyproject.toml b/pyproject.toml
index 84520fcab..541ff96cd 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -46,6 +46,7 @@ sqlalchemy = "=1.4.45"
 pyopenssl = "^22.1"
 pycryptodome = "^3.15"
 ua-parser = "^0.16.1"
+nh3 = "^0.2.7"
 
 [tool.poetry.group.dev.dependencies]
 bandit = "^1.7.4"

From 576a8da513c8224679237dbe2be0b3ff07fcda44 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Feb 2023 15:20:51 +0100
Subject: [PATCH 206/238] Client - update comment display

---
 .../WorkoutComment/WorkoutComment.vue         | 43 +++++++++++++------
 .../WorkoutComment/WorkoutCommentEdition.vue  |  2 +-
 .../WorkoutComment/WorkoutComments.vue        | 27 ++++++++++--
 fittrackee_client/src/types/workouts.ts       |  1 +
 4 files changed, 57 insertions(+), 16 deletions(-)

diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
index 3ac88d4c8..b496e3d70 100644
--- a/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
+++ b/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
@@ -39,7 +39,7 @@
           class="fa fa-edit"
           v-if="isCommentOwner(authUser, comment.user)"
           aria-hidden="true"
-          @click="() => commentToEdit = comment"
+          @click="() => displayCommentEdition(comment)"
         />
         <i
           class="fa fa-trash"
@@ -50,19 +50,28 @@
         <i
           class="fa fa-comment-o"
           v-if="authUser.username && (!addReply || addReply !== comment)"
-          @click="() => addReply = comment"
+          @click="() => displayReplyTextArea(comment)"
         />
       </div>
       <span
         v-if="commentToEdit !== comment"
         class="comment-text"
-        v-html="linkifyAndClean(comment.text)"
+        v-html="linkifyAndClean(comment.text_html)"
       />
       <WorkoutCommentEdition
-        v-else :workout="workout"
+        v-else
+        :workout="workout"
         :comment="comment"
         @closeEdition="() => commentToEdit = null"
       />
+      <WorkoutComment
+        v-for="reply in comment.replies"
+        :key="reply.id"
+        :comment="reply"
+        :workout="workout"
+        :authUser="authUser"
+        @deleteComment="deleteComment(reply)"
+      />
       <WorkoutCommentEdition
         v-if="addReply === comment"
         class="add-comment-reply"
@@ -70,14 +79,6 @@
         :reply-to="comment.id"
         @closeEdition="() => addReply = null"
       />
-        <WorkoutComment
-          v-for="reply in comment.replies"
-          :key="reply.id"
-          :comment="reply"
-          :workout="workout"
-          :authUser="authUser"
-          @deleteComment="deleteComment(reply)"
-        />
     </div>
 
   </div>
@@ -126,6 +127,24 @@
   function deleteComment(comment: IComment) {
     emit('deleteComment', comment)
   }
+  function focusOnTextArea(commentId: string) {
+    setTimeout(() => {
+      const textarea = document.getElementById(`text-${commentId}`)
+      if (textarea) {
+        textarea.focus()
+      }
+    }, 100)
+  }
+  function displayCommentEdition(comment: IComment) {
+    commentToEdit.value = comment
+    addReply.value = null
+    focusOnTextArea(comment.id)
+  }
+  function displayReplyTextArea(comment: IComment) {
+    commentToEdit.value = null
+    addReply.value = comment
+    focusOnTextArea(comment.id)
+  }
 
 </script>
 
diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
index d8adbed56..1419eebc7 100644
--- a/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
+++ b/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
@@ -5,7 +5,7 @@
         <div class="form-item add-comment-label">
           <CustomTextArea
             class="comment"
-            name="text"
+            :name="`text${comment ? `-${comment.id}` : replyTo ? `-${replyTo}` : ''}`"
             :input="commentText"
             :required="true"
             :placeholder="$t('workouts.COMMENTS.ADD')"
diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
index 32f80aeb4..179473a9d 100644
--- a/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
+++ b/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
@@ -23,9 +23,17 @@
         <div class="no-comments" v-if="workoutData.comments.length === 0">
           {{ $t('workouts.COMMENTS.NO_COMMENTS')}}
         </div>
-        <WorkoutCommentEdition
-          v-if="authUser.username" :workout="workoutData.workout"
-        />
+        <div class="add-comment" v-if="displayAddComment">
+          <WorkoutCommentEdition
+            v-if="authUser.username" :workout="workoutData.workout"
+            @closeEdition="displayAddComment = false"
+          />
+        </div>
+        <div class="add-comment-button" v-else>
+          <button @click.prevent="displayCommentTextArea">
+            {{ $t('workouts.COMMENTS.ADD') }}
+          </button>
+        </div>
       </template>
     </Card>
   </div>
@@ -50,6 +58,7 @@
 
   const store = useStore()
   const commentToDelete: Ref<IComment | null> = ref(null)
+  const displayAddComment: Ref<boolean> = ref(false)
 
   function deleteComment(comment: IComment) {
     store.dispatch(WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT, {
@@ -57,6 +66,15 @@
       commentId: comment.id
     })
   }
+  function displayCommentTextArea() {
+    displayAddComment.value = true
+    setTimeout(() => {
+      const textarea = document.getElementById('text')
+      if (textarea) {
+        textarea.focus()
+      }
+    }, 100)
+  }
 
   watch(
     () => workoutData.value.comments,
@@ -75,5 +93,8 @@
     .no-comments {
       font-style: italic;
     }
+    .add-comment-button {
+      margin: $default-margin 0;
+    }
   }
 </style>
\ No newline at end of file
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 52800c378..40a3d4f11 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -192,6 +192,7 @@ export interface IComment {
   modification_date: string | null
   replies: IComment[]
   text: string
+  text_html: string
   text_visibility: TPrivacyLevels
   user: IUserProfile
   workout_id: string

From 1e7bd90180840e471f673f8fe6f74373a99b5baf Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 5 Feb 2023 16:43:45 +0100
Subject: [PATCH 207/238] Client - comment visibility depends on workout
 visibility

---
 .../WorkoutComment/WorkoutCommentEdition.vue  |  9 +++--
 fittrackee_client/src/utils/privacy.ts        | 24 +++++++++++++
 .../tests/unit/utils/privacy.spec.ts          | 34 +++++++++++++++++++
 3 files changed, 62 insertions(+), 5 deletions(-)

diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue b/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
index 1419eebc7..81abb70bb 100644
--- a/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
+++ b/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
@@ -21,7 +21,9 @@
             v-model="commentTextVisibility"
           >
             <option
-              v-for="level in privacyLevels"
+              v-for="level in getCommentVisibilityLevels(
+                workout.workout_visibility, appConfig.federation_enabled
+              )"
               :value="level"
               :key="level"
             >
@@ -57,7 +59,7 @@
   import { TPrivacyLevels } from "@/types/user";
   import { IComment, ICommentForm, IWorkout } from "@/types/workouts"
   import { useStore } from "@/use/useStore"
-  import { getPrivacyLevels, getPrivacyLevelForLabel } from "@/utils/privacy"
+  import { getCommentVisibilityLevels, getPrivacyLevelForLabel } from "@/utils/privacy"
 
   interface Props {
     workout: IWorkout
@@ -78,9 +80,6 @@
   const appConfig: ComputedRef<TAppConfig> = computed(
     () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
   )
-  const privacyLevels = computed(() =>
-    getPrivacyLevels(appConfig.value.federation_enabled)
-  )
   const commentText: Ref<string> = ref(comment?.value ? comment.value.text : '')
   const commentTextVisibility: Ref<TPrivacyLevels> = ref(comment?.value ? comment.value.text_visibility : workout.value.workout_visibility)
   const errorMessages: ComputedRef<string | string[] | null> = computed(
diff --git a/fittrackee_client/src/utils/privacy.ts b/fittrackee_client/src/utils/privacy.ts
index 4df73b0aa..4e5a67cc4 100644
--- a/fittrackee_client/src/utils/privacy.ts
+++ b/fittrackee_client/src/utils/privacy.ts
@@ -39,6 +39,8 @@ export const getUpdatedMapVisibility = (
 export const getMapVisibilityLevels = (
   workoutVisibility: TPrivacyLevels
 ): TPrivacyLevels[] => {
+  // regardless federation activation, map can not be visible
+  // to remote followers
   switch (workoutVisibility) {
     case 'public':
       return ['private', 'followers_only', 'public']
@@ -50,3 +52,25 @@ export const getMapVisibilityLevels = (
       return ['private']
   }
 }
+
+export const getCommentVisibilityLevels = (
+  workoutVisibility: TPrivacyLevels,
+  federationEnabled: boolean
+): TPrivacyLevels[] => {
+  switch (workoutVisibility) {
+    case 'public':
+      return federationEnabled
+        ? ['private', 'followers_only', 'followers_and_remote_only', 'public']
+        : ['private', 'followers_only', 'public']
+    // Note: only if federation is still enabled
+    case 'followers_and_remote_only':
+      return federationEnabled
+        ? ['private', 'followers_only', 'followers_and_remote_only']
+        : ['private', 'followers_only']
+    case 'followers_only':
+      return ['private', 'followers_only']
+    // Note: it's not possible to add comment to a private workout
+    case 'private':
+      return ['private']
+  }
+}
diff --git a/fittrackee_client/tests/unit/utils/privacy.spec.ts b/fittrackee_client/tests/unit/utils/privacy.spec.ts
index 89cdfd77a..821f55c06 100644
--- a/fittrackee_client/tests/unit/utils/privacy.spec.ts
+++ b/fittrackee_client/tests/unit/utils/privacy.spec.ts
@@ -2,6 +2,7 @@ import { assert } from 'chai'
 
 import { TPrivacyLevels } from '@/types/user'
 import {
+  getCommentVisibilityLevels,
   getMapVisibilityLevels,
   getPrivacyLevelForLabel,
   getUpdatedMapVisibility,
@@ -80,3 +81,36 @@ describe('getMapVisibilityLevels', () => {
     })
   })
 })
+
+describe('getCommentVisibilityLevels', () => {
+  const testsParams: [boolean, TPrivacyLevels, TPrivacyLevels[]][] = [
+    // should not be displayed in UI
+    [false, 'private', ['private']],
+    [false, 'followers_only', ['private', 'followers_only']],
+    // should not be displayed in UI
+    [false, 'followers_and_remote_only', ['private', 'followers_only']],
+    [false, 'public', ['private', 'followers_only', 'public']],
+    // should not be displayed in UI
+    [true, 'private', ['private']],
+    [true, 'followers_only', ['private', 'followers_only']],
+    [
+      true,
+      'followers_and_remote_only',
+      ['private', 'followers_only', 'followers_and_remote_only'],
+    ],
+    [
+      true,
+      'public',
+      ['private', 'followers_only', 'followers_and_remote_only', 'public'],
+    ],
+  ]
+
+  testsParams.map((testParams) => {
+    it(`get visibility levels depending on workout visibility (federation enable: '${testParams[0]}',input value: '${testParams[1]}')`, () => {
+      assert.deepEqual(
+        getCommentVisibilityLevels(testParams[1], testParams[0]),
+        testParams[2]
+      )
+    })
+  })
+})

From 14f0b00c8614fc8ef8ca21d8708ccc75896c109f Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 8 Feb 2023 09:22:36 +0100
Subject: [PATCH 208/238] API - minor refactoring

---
 fittrackee/tests/comments/test_utils.py          |  2 +-
 .../federation/comments/test_comments_models.py  |  2 +-
 .../tests/federation/comments/test_utils.py      |  8 ++++----
 .../test_federation_activities_activities.py     |  2 +-
 .../test_federation_objects_follow_request.py    | 16 +++++++---------
 .../test_federation_objects_workout_comment.py   |  4 ++--
 .../federation/test_federation_utils_user.py     | 12 ++++--------
 .../federation/test_federation_webfinger.py      |  2 +-
 .../tests/federation/users/test_users_api.py     | 10 +++++-----
 .../users/test_users_follow_request_api.py       |  4 ++--
 .../tests/federation/users/test_users_model.py   |  3 +--
 fittrackee/tests/users/test_users_model.py       |  9 +++++++++
 fittrackee/users/models.py                       |  6 +++++-
 13 files changed, 43 insertions(+), 37 deletions(-)

diff --git a/fittrackee/tests/comments/test_utils.py b/fittrackee/tests/comments/test_utils.py
index e984ae0d8..77a0f5d2a 100644
--- a/fittrackee/tests/comments/test_utils.py
+++ b/fittrackee/tests/comments/test_utils.py
@@ -32,7 +32,7 @@ def test_it_linkifies_user_when_local_user_found(
     def test_it_linkifies_user_when_local_user_found_with_domain(
         self, app: Flask, user_1: User
     ) -> None:
-        text = f"@{user_1.actor.fullname} nice!"
+        text = f"@{user_1.fullname} nice!"
 
         converted_text, mentioned_actors = handle_mentions(text)
 
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index fa8bf657a..64e6528ad 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -306,7 +306,7 @@ def test_it_serializes_comment_with_mentions_as_link(
         comment = self.create_comment(
             user=user_2,
             workout=workout_cycling_user_1,
-            text=f"@{remote_user.actor.fullname} {self.random_string()}",
+            text=f"@{remote_user.fullname} {self.random_string()}",
             text_visibility=PrivacyLevel.PUBLIC,
         )
 
diff --git a/fittrackee/tests/federation/comments/test_utils.py b/fittrackee/tests/federation/comments/test_utils.py
index d695ac4bf..d7235fbc2 100644
--- a/fittrackee/tests/federation/comments/test_utils.py
+++ b/fittrackee/tests/federation/comments/test_utils.py
@@ -19,13 +19,13 @@ def test_it_does_not_linkify_user_if_not_user_found(
     def test_it_linkifies_user_when_remote_user_found(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
-        text = f"@{remote_user.actor.fullname} nice!"
+        text = f"@{remote_user.fullname} nice!"
 
         converted_text, mentioned_actors = handle_mentions(text)
 
         assert converted_text == (
             f'<a href="{remote_user.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{remote_user.actor.fullname}'
+            f'rel="noopener noreferrer">@{remote_user.fullname}'
             '</a> nice!'
         )
         assert mentioned_actors == {remote_user.actor}
@@ -33,7 +33,7 @@ def test_it_linkifies_user_when_remote_user_found(
     def test_it_linkifies_multiple_users(
         self, app_with_federation: Flask, user_1: User, remote_user: User
     ) -> None:
-        text = f"@{user_1.actor.fullname} @{remote_user.actor.fullname} nice!"
+        text = f"@{user_1.fullname} @{remote_user.fullname} nice!"
 
         converted_text, mentioned_actors = handle_mentions(text)
 
@@ -41,7 +41,7 @@ def test_it_linkifies_multiple_users(
             f'<a href="{user_1.actor.profile_url}" target="_blank" '
             f'rel="noopener noreferrer">@{user_1.username}</a> '
             f'<a href="{remote_user.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{remote_user.actor.fullname}'
+            f'rel="noopener noreferrer">@{remote_user.fullname}'
             '</a> nice!'
         )
         assert mentioned_actors == {user_1.actor, remote_user.actor}
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 8b9286440..604d1e1ec 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -220,7 +220,7 @@ def test_it_creates_remote_user_and_follow_request(
         follow_request = FollowRequest.query.filter_by(
             followed_user_id=user_1.id,
         ).first()
-        assert follow_request.from_user.actor.fullname == random_actor.fullname
+        assert follow_request.from_user.fullname == random_actor.fullname
 
     def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
         self,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py b/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
index 6f2021d35..1642c261f 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_follow_request.py
@@ -24,8 +24,7 @@ def test_it_generates_follow_activity(
         assert serialized_follow_request == {
             '@context': AP_CTX,
             'id': (
-                f'{user_1.actor.activitypub_id}#follows/'
-                f'{user_2.actor.fullname}'
+                f'{user_1.actor.activitypub_id}#follows/' f'{user_2.fullname}'
             ),
             'type': 'Follow',
             'actor': user_1.actor.activitypub_id,
@@ -50,14 +49,14 @@ def test_it_generates_accept_activity(
             '@context': AP_CTX,
             'id': (
                 f'{user_2.actor.activitypub_id}#accepts/'
-                f'follow/{user_1.actor.fullname}'
+                f'follow/{user_1.fullname}'
             ),
             'type': 'Accept',
             'actor': user_2.actor.activitypub_id,
             'object': {
                 'id': (
                     f'{user_1.actor.activitypub_id}#follows/'
-                    f'{user_2.actor.fullname}'
+                    f'{user_2.fullname}'
                 ),
                 'type': 'Follow',
                 'actor': user_1.actor.activitypub_id,
@@ -83,14 +82,14 @@ def test_it_generates_reject_activity(
             '@context': AP_CTX,
             'id': (
                 f'{user_2.actor.activitypub_id}#rejects/'
-                f'follow/{user_1.actor.fullname}'
+                f'follow/{user_1.fullname}'
             ),
             'type': 'Reject',
             'actor': user_2.actor.activitypub_id,
             'object': {
                 'id': (
                     f'{user_1.actor.activitypub_id}#follows/'
-                    f'{user_2.actor.fullname}'
+                    f'{user_2.fullname}'
                 ),
                 'type': 'Follow',
                 'actor': user_1.actor.activitypub_id,
@@ -115,15 +114,14 @@ def test_it_generates_undo_activity(
         assert serialized_follow_request == {
             '@context': AP_CTX,
             'id': (
-                f'{user_1.actor.activitypub_id}#undoes/'
-                f'{user_2.actor.fullname}'
+                f'{user_1.actor.activitypub_id}#undoes/' f'{user_2.fullname}'
             ),
             'type': 'Undo',
             'actor': user_1.actor.activitypub_id,
             'object': {
                 'id': (
                     f'{user_1.actor.activitypub_id}#follows/'
-                    f'{user_2.actor.fullname}'
+                    f'{user_2.fullname}'
                 ),
                 'type': 'Follow',
                 'actor': user_1.actor.activitypub_id,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index eed803e23..23f2ffd45 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -199,7 +199,7 @@ def test_it_generates_activity_with_mentioned_users(
         workout_comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
-            text=f"@{user_3.username} @{remote_user.actor.fullname} great!",
+            text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.PUBLIC,
         )
         comment_object = WorkoutCommentObject(workout_comment, 'Create')
@@ -368,7 +368,7 @@ def test_it_generates_activity_with_mentioned_users(
         workout_comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
-            text=f"@{user_3.username} @{remote_user.actor.fullname} great!",
+            text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
         workout_comment.modification_date = datetime.utcnow()
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index e7bb16be3..bdaddfcaf 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -420,7 +420,7 @@ def test_it_raises_error_if_remote_actor_exists(
         with patch(
             'fittrackee.federation.utils.user.fetch_account_from_webfinger',
             return_value={
-                'subject': f'acct:{remote_user.actor.fullname}',
+                'subject': f'acct:{remote_user.fullname}',
                 'links': [
                     {
                         'rel': 'self',
@@ -604,9 +604,7 @@ def test_it_returns_local_user(
     def test_it_returns_remote_user(
         self, app_with_federation: Flask, remote_user: User
     ) -> None:
-        assert (
-            get_user_from_username(remote_user.actor.fullname) == remote_user
-        )
+        assert get_user_from_username(remote_user.fullname) == remote_user
 
 
 class TestGetUserFromUsernameWithAction:
@@ -668,9 +666,7 @@ def test_it_calls_update_remote_user_if_remote_user_exists_and_with_refresh(  #
         with patch(
             'fittrackee.federation.utils.user.update_remote_user'
         ) as update_remote_user_mock:
-            get_user_from_username(
-                remote_user.actor.fullname, with_action='refresh'
-            )
+            get_user_from_username(remote_user.fullname, with_action='refresh')
 
         update_remote_user_mock.assert_called_with(remote_user.actor)
 
@@ -682,7 +678,7 @@ def test_it_does_not_raise_error_if_refresh_fails(
             side_effect=RemoteActorException(),
         ):
             user = get_user_from_username(
-                remote_user.actor.fullname, with_action='refresh'
+                remote_user.fullname, with_action='refresh'
             )
 
         assert user == remote_user
diff --git a/fittrackee/tests/federation/federation/test_federation_webfinger.py b/fittrackee/tests/federation/federation/test_federation_webfinger.py
index 63559d24e..21b184491 100644
--- a/fittrackee/tests/federation/federation/test_federation_webfinger.py
+++ b/fittrackee/tests/federation/federation/test_federation_webfinger.py
@@ -78,7 +78,7 @@ def test_it_returns_json_resource_descriptor_as_content_type(
         client = app_with_federation.test_client()
 
         response = client.get(
-            '/.well-known/webfinger?resource=acct:' f'{user_1.actor.fullname}',
+            '/.well-known/webfinger?resource=acct:' f'{user_1.fullname}',
             content_type='application/json',
         )
 
diff --git a/fittrackee/tests/federation/users/test_users_api.py b/fittrackee/tests/federation/users/test_users_api.py
index 67201e9dc..e586beaf0 100644
--- a/fittrackee/tests/federation/users/test_users_api.py
+++ b/fittrackee/tests/federation/users/test_users_api.py
@@ -112,7 +112,7 @@ def test_it_returns_remote_user_when_query_contains_account(
             'fittrackee.federation.utils.user.update_remote_user',
         ):
             response = client.get(
-                f'/api/users/remote?q=@{remote_user.actor.fullname}',
+                f'/api/users/remote?q=@{remote_user.fullname}',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
@@ -143,7 +143,7 @@ def test_it_calls_update_remote_user_when_remote_user_exists(
             'fittrackee.federation.utils.user.update_remote_user',
         ) as update_remote_user_mock:
             client.get(
-                f'/api/users/remote?q=@{remote_user.actor.fullname}',
+                f'/api/users/remote?q=@{remote_user.fullname}',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
@@ -287,7 +287,7 @@ def test_it_returns_remote_user_if_exists(
         ):
 
             response = client.get(
-                f'/api/users/@{remote_user.actor.fullname}',
+                f'/api/users/@{remote_user.fullname}',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
@@ -309,7 +309,7 @@ def test_it_calls_update_remote_user(
         ) as update_remote_user_mock:
 
             client.get(
-                f'/api/users/@{remote_user.actor.fullname}',
+                f'/api/users/@{remote_user.fullname}',
                 content_type='application/json',
                 headers=dict(Authorization=f'Bearer {auth_token}'),
             )
@@ -367,7 +367,7 @@ def test_it_raise_error_when_updating_remote_user(
         )
 
         response = client.patch(
-            f'/api/users/@{remote_user.actor.fullname}',
+            f'/api/users/@{remote_user.fullname}',
             content_type='application/json',
             data=json.dumps(dict(admin=True)),
             headers=dict(Authorization=f'Bearer {auth_token}'),
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index 3ff006a33..d2330a4fe 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -159,7 +159,7 @@ def test_it_accepts_follow_request(
         self.assert_it_returns_follow_request_processed(
             client,
             auth_token,
-            remote_user.actor.fullname,
+            remote_user.fullname,
             'accept',
         )
 
@@ -294,7 +294,7 @@ def test_it_accepts_follow_request(
         self.assert_it_returns_follow_request_processed(
             client,
             auth_token,
-            remote_user.actor.fullname,
+            remote_user.fullname,
             'reject',
         )
 
diff --git a/fittrackee/tests/federation/users/test_users_model.py b/fittrackee/tests/federation/users/test_users_model.py
index 8d09fa3fe..d2f36985f 100644
--- a/fittrackee/tests/federation/users/test_users_model.py
+++ b/fittrackee/tests/federation/users/test_users_model.py
@@ -22,8 +22,7 @@ def test_user_is_remote_when_actor_is_remote(
         assert remote_user.is_remote is True
         assert remote_user.serialize()['is_remote'] is True
         assert (
-            remote_user.serialize()['fullname']
-            == f'@{remote_user.actor.fullname}'
+            remote_user.serialize()['fullname'] == f'@{remote_user.fullname}'
         )
         assert (
             remote_user.serialize()['profile_link']
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 5907af5a3..411532c31 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -706,3 +706,12 @@ def test_it_raises_exception_if_federation_disabled(
     ) -> None:
         with pytest.raises(FederationDisabledException):
             user_1.get_followers_shared_inboxes()
+
+
+class TestUserFullname:
+    def test_it_returns_user_actor_fullname(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        assert user_1.fullname == user_1.actor.fullname
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 35d1c66d8..60e602671 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -455,6 +455,10 @@ def create_actor(self) -> None:
         self.actor_id = actor.id
         db.session.commit()
 
+    @property
+    def fullname(self) -> str:
+        return self.actor.fullname
+
     def serialize(self, current_user: Optional['User'] = None) -> Dict:
         if current_user is None:
             role = None
@@ -493,7 +497,7 @@ def serialize(self, current_user: Optional['User'] = None) -> Dict:
             'username': self.username,
         }
         if self.is_remote:
-            serialized_user['fullname'] = f'@{self.actor.fullname}'
+            serialized_user['fullname'] = f'@{self.fullname}'
             serialized_user['followers'] = self.actor.stats.followers
             serialized_user['following'] = self.actor.stats.following
             serialized_user['profile_link'] = self.actor.profile_url

From 662dd528f021bfc1c119692feb4c2e0df7a3aaa1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 8 Feb 2023 20:51:29 +0100
Subject: [PATCH 209/238] API - store mentioned users in database

---
 fittrackee/comments/comments.py               |   2 +
 fittrackee/comments/models.py                 |  74 +++++++-
 fittrackee/comments/utils.py                  |  36 ++--
 .../federation/activities/activities.py       |  10 +-
 fittrackee/federation/objects/comment.py      |   9 +-
 fittrackee/federation/utils/user.py           |  24 ---
 .../30_8842c351a2d8_init_social_features.py   |  12 ++
 .../tests/comments/test_comments_api.py       | 138 ++++++++++++++-
 .../tests/comments/test_comments_models.py    | 118 ++++++++++++-
 .../tests/comments/test_mentions_models.py    |  50 ++++++
 fittrackee/tests/comments/test_utils.py       | 110 ++++++++----
 .../federation/comments/test_comments_api.py  | 166 +++++++++++++++++-
 .../comments/test_comments_models.py          |  92 +++++++++-
 .../tests/federation/comments/test_utils.py   |  88 +++++++---
 .../test_federation_activities_activities.py  | 147 ++++++++++++++--
 ...test_federation_objects_workout_comment.py |   5 +
 .../federation/test_federation_utils_user.py  |  74 +-------
 fittrackee/tests/users/test_users_model.py    |  22 +++
 fittrackee/tests/workouts/utils.py            |   5 +
 fittrackee/users/models.py                    |  13 ++
 20 files changed, 1005 insertions(+), 190 deletions(-)
 create mode 100644 fittrackee/tests/comments/test_mentions_models.py

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index 1b319795f..ad4e3f13a 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -72,6 +72,7 @@ def add_workout_comment(
         )
         db.session.add(new_comment)
         db.session.flush()
+        new_comment.create_mentions()
         if sending_activities_allowed(new_comment.text_visibility):
             new_comment.ap_id = (
                 f'{auth_user.actor.activitypub_id}/'
@@ -210,6 +211,7 @@ def update_workout_comment(
     try:
         workout_comment.text = clean_input(comment_data['text'])
         workout_comment.modification_date = datetime.utcnow()
+        workout_comment.update_mentions()
         db.session.commit()
 
         if current_app.config[
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index e991f2164..0f153c995 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -18,7 +18,6 @@
 from .exceptions import CommentForbiddenException
 
 if TYPE_CHECKING:
-    from fittrackee.federation.models import Actor
     from fittrackee.users.models import User
 
 
@@ -163,11 +162,51 @@ def _check_visibility(
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
 
-    def handle_mentions(self) -> Tuple[str, Set['Actor']]:
+    def handle_mentions(self) -> Tuple[str, Dict[str, Set['User']]]:
         from .utils import handle_mentions
 
         return handle_mentions(self.text)
 
+    def create_mentions(self) -> Tuple[str, Dict[str, Set['User']]]:
+        linkified_text, mentioned_users = self.handle_mentions()
+        for user in mentioned_users["local"].union(mentioned_users["remote"]):
+            mention = Mention(comment_id=self.id, user_id=user.id)
+            db.session.add(mention)
+            db.session.flush()
+        return linkified_text, mentioned_users
+
+    def update_mentions(self) -> None:
+        from fittrackee.users.models import User
+
+        existing_mentioned_users = set(
+            db.session.query(User)
+            .join(Mention, User.id == Mention.user_id)
+            .all()
+        )
+        linkified_text, mentioned_users = self.handle_mentions()
+        updated_mentioned_users = mentioned_users["local"].union(
+            mentioned_users["remote"]
+        )
+        intersection = updated_mentioned_users.intersection(
+            existing_mentioned_users
+        )
+
+        # delete removed mentions
+        mentions_to_delete = {
+            user.id for user in (existing_mentioned_users - intersection)
+        }
+        Mention.query.filter(
+            Mention.comment_id == self.id,
+            Mention.user_id.in_(mentions_to_delete),
+        ).delete()
+        db.session.flush()
+
+        # create new mentions
+        for user in updated_mentioned_users - intersection:
+            mention = Mention(comment_id=self.id, user_id=user.id)
+            db.session.add(mention)
+            db.session.flush()
+
     def serialize(self, user: Optional['User'] = None) -> Dict:
         # TODO: mentions
         if not can_view(self, 'text_visibility', user):
@@ -178,7 +217,6 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
             'user': self.user.serialize(),
             'workout_id': self.workout.short_id,
             'text': self.text,
-            # TODO: store html version in database?
             'text_html': self.handle_mentions()[0],
             'text_visibility': self.text_visibility,
             'created_at': self.created_at,
@@ -206,3 +244,33 @@ def get_activity(self, activity_type: str) -> Dict:
             delete_activity = tombstone_object.get_activity()
             return delete_activity
         return {}
+
+
+class Mention(BaseModel):
+    __tablename__ = 'mentions'
+
+    comment_id = db.Column(
+        db.Integer,
+        db.ForeignKey('workout_comments.id', ondelete="CASCADE"),
+        primary_key=True,
+    )
+    user_id = db.Column(
+        db.Integer,
+        db.ForeignKey('users.id', ondelete="CASCADE"),
+        primary_key=True,
+    )
+    created_at = db.Column(
+        db.DateTime, nullable=False, default=datetime.datetime.utcnow
+    )
+
+    def __init__(
+        self,
+        comment_id: int,
+        user_id: int,
+        created_at: Optional[datetime.datetime] = None,
+    ):
+        self.comment_id = comment_id
+        self.user_id = user_id
+        self.created_at = (
+            datetime.datetime.utcnow() if created_at is None else created_at
+        )
diff --git a/fittrackee/comments/utils.py b/fittrackee/comments/utils.py
index 97130e542..a2c66ffb3 100644
--- a/fittrackee/comments/utils.py
+++ b/fittrackee/comments/utils.py
@@ -1,10 +1,13 @@
 import re
-from typing import TYPE_CHECKING, Set, Tuple
+from typing import TYPE_CHECKING, Dict, Set, Tuple
 
-from fittrackee.federation.utils.user import get_user_from_username_if_exists
+from flask import current_app
+
+from fittrackee.federation.utils.user import get_user_from_username
+from fittrackee.users.exceptions import UserNotFoundException
 
 if TYPE_CHECKING:
-    from fittrackee.federation.models import Actor
+    from fittrackee.users.models import User
 
 MENTION_REGEX = r'(@[\w_\-\.]+)(@[\w_\-\.]+\.[a-z]{2,})?'
 LINK_TEMPLATE = (
@@ -12,20 +15,31 @@
 )
 
 
-def handle_mentions(text: str) -> Tuple[str, Set['Actor']]:
-    mentioned_actors: set['Actor'] = set()
+def handle_mentions(text: str) -> Tuple[str, Dict[str, Set['User']]]:
+    mentioned_users: Dict[str, Set['User']] = {"local": set(), "remote": set()}
     for username, domain in re.findall(re.compile(MENTION_REGEX), text):
         mention = f"{username}{domain}"
-        user = get_user_from_username_if_exists(
-            username.lstrip('@'), domain.lstrip('@')
+        remote_domain = (
+            domain
+            if domain.lstrip('@') != current_app.config['AP_DOMAIN']
+            else ''
         )
+        try:
+            user = get_user_from_username(
+                user_name=f"{username.lstrip('@')}{remote_domain}",
+                with_action="creation",
+            )
+        except UserNotFoundException:
+            user = None
         if user:
-            name_to_display = mention if user.is_remote else username
-            mentioned_actors.add(user.actor)
+            if user.is_remote:
+                mentioned_users["remote"].add(user)
+            else:
+                mentioned_users["local"].add(user)
             text = text.replace(
                 mention,
                 LINK_TEMPLATE.format(
-                    url=user.actor.profile_url, username=name_to_display
+                    url=user.actor.profile_url, username=mention
                 ),
             )
-    return text, mentioned_actors
+    return text, mentioned_users
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 674b6687b..987c74b40 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -234,13 +234,16 @@ def create_remote_note(self, actor: Actor) -> None:
         new_comment.ap_id = note_data["id"]
         new_comment.remote_url = note_data["url"]
         db.session.add(new_comment)
+        db.session.flush()
+        new_comment.create_mentions()
         db.session.commit()
 
     def process_activity(self) -> None:
-        actor = self.get_actor()
-        if self.activity['object']['type'] == 'Workout':
+        object_type = self.activity['object']['type']
+        actor = self.get_actor(create_remote_actor=object_type == "Note")
+        if object_type == 'Workout':
             self.create_remote_workout(actor=actor)
-        if self.activity['object']['type'] == 'Note':
+        if object_type == 'Note':
             self.create_remote_note(actor=actor)
 
 
@@ -346,6 +349,7 @@ def update_remote_workout_comment(self, actor: Actor) -> None:
                 note_data, actor
             )
             comment_to_update.modification_date = datetime.utcnow()
+            comment_to_update.update_mentions()
             db.session.commit()
         except Exception as e:
             raise ActivityException(
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index 27735e00a..c0f00d791 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -32,7 +32,7 @@ def __init__(
     def get_activity(self) -> Dict:
         (
             text_with_mention,
-            mentioned_actors,
+            mentioned_users,
         ) = self.workout_comment.handle_mentions()
         self.activity_dict['object']['type'] = 'Note'
         self.activity_dict['object']['content'] = text_with_mention
@@ -46,7 +46,12 @@ def get_activity(self) -> Dict:
                 **self.activity_dict['object'],
                 'updated': self._get_modification_date(self.workout_comment),
             }
-        mentions = [actor.activitypub_id for actor in mentioned_actors]
+        mentions = [
+            user.actor.activitypub_id
+            for user in mentioned_users["local"].union(
+                mentioned_users["remote"]
+            )
+        ]
         self.activity_dict['cc'].extend(mentions)
         self.activity_dict['object']['cc'].extend(mentions)
         return self.activity_dict
diff --git a/fittrackee/federation/utils/user.py b/fittrackee/federation/utils/user.py
index 54d9c2025..13a9c51b2 100644
--- a/fittrackee/federation/utils/user.py
+++ b/fittrackee/federation/utils/user.py
@@ -225,27 +225,3 @@ def get_user_from_username(
     if not user:
         raise UserNotFoundException()
     return user
-
-
-def get_user_from_username_if_exists(
-    username: str, domain: str = ''
-) -> Optional[User]:
-    # local actor
-    if not domain or domain == current_app.config['AP_DOMAIN']:
-        return User.query.filter(
-            User.username == username,
-            User.is_remote == False,  # noqa
-        ).first()
-
-    # remote actor
-    return (
-        db.session.query(User)
-        .join(Actor, User.actor_id == Actor.id)
-        .join(Domain, Actor.domain_id == Domain.id)
-        .filter(
-            User.is_remote == True,  # noqa
-            Actor.preferred_username == username,
-            Domain.name == domain,
-        )
-        .first()
-    )
diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index ab0e14a81..d0700405b 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -295,7 +295,19 @@ def upgrade():
         batch_op.create_index(batch_op.f('ix_workout_comments_workout_id'), ['workout_id'], unique=False)
         batch_op.create_index(batch_op.f('ix_workout_comments_reply_to'), ['reply_to'], unique=False)
 
+    op.create_table('mentions',
+    sa.Column('comment_id', sa.Integer(), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=False),
+    sa.Column('created_at', sa.DateTime(), nullable=False),
+    sa.ForeignKeyConstraint(['comment_id'], ['workout_comments.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('comment_id', 'user_id')
+    )
+
+
 def downgrade():
+    op.drop_table('mentions')
+
     with op.batch_alter_table('workout_comments', schema=None) as batch_op:
         batch_op.drop_index(batch_op.f('ix_workout_comments_user_id'))
         batch_op.drop_index(batch_op.f('ix_workout_comments_workout_id'))
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index 2ecf41614..475b937c1 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -5,7 +5,7 @@
 from flask import Flask
 from werkzeug import Response
 
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Mention, WorkoutComment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
@@ -363,6 +363,42 @@ def test_it_returns_201_when_user_replies_to_a_comment(
         data = json.loads(response.data.decode())
         assert data['comment']['reply_to'] == workout_comment.short_id
 
+    def test_it_creates_mention(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=f"@{user_3.username}",
+                    text_visibility=PrivacyLevel.PUBLIC,
+                )
+            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        assert (
+            Mention.query.filter_by(
+                comment_id=new_comment.id, user_id=user_3.id
+            ).first()
+            is not None
+        )
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
@@ -1535,6 +1571,35 @@ def test_it_deletes_workout_comment_having_reply(
         assert response.status_code == 204
         assert reply.reply_to is None
 
+    def test_it_deletes_mentions(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{user_3.username}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        comment_id = comment.id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert Mention.query.filter_by(comment_id=comment_id).all() == []
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
@@ -1835,6 +1900,77 @@ def test_it_sanitizes_text_before_storing_in_database(
 
         assert comment.text == " Hello"
 
+    def test_it_updates_mentions_to_remove_mention(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{user_3.username}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        client.patch(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=self.random_string())),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        assert Mention.query.filter_by(comment_id=new_comment.id).all() == []
+
+    def test_it_updates_mentions_to_add_mention(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=self.random_string(),
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        client.patch(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=f"@{user_3.username}")),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        assert (
+            Mention.query.filter_by(
+                comment_id=new_comment.id, user_id=user_3.id
+            ).first()
+            is not None
+        )
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         [
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 9ca2ea4d7..e4df567da 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -1,11 +1,12 @@
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 import pytest
 from flask import Flask
 from freezegun import freeze_time
 
 from fittrackee.comments.exceptions import CommentForbiddenException
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Mention, WorkoutComment
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
@@ -646,6 +647,121 @@ def test_it_returns_all_replies(
         ]
 
 
+class TestWorkoutCommentModelWithMentions(WorkoutCommentMixin):
+    def test_it_returns_empty_dict_when_no_mentions(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=self.random_string(),
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        _, mentioned_users = comment.create_mentions()
+
+        assert mentioned_users == {"local": set(), "remote": set()}
+
+    @patch('fittrackee.federation.utils.user.fetch_account_from_webfinger')
+    def test_it_does_not_create_mentions_when_mentioned_user_does_not_exist(
+        self,
+        fetch_mock: Mock,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{self.random_string()} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+        fetch_mock.side_effect = Exception()
+
+        comment.create_mentions()
+
+        assert Mention.query.filter_by().first() is None
+
+    def test_it_returns_empty_dict_when_mentioned_user_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{self.random_string()} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        _, mentioned_users = comment.create_mentions()
+
+        assert mentioned_users == {"local": set(), "remote": set()}
+
+    def test_it_creates_mentions_when_mentioned_user_exists(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{user_3.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        comment.create_mentions()
+
+        mention = Mention.query.first()
+        assert mention.comment_id == comment.id
+        assert mention.user_id == user_3.id
+
+    def test_it_returns_mentioned_user(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        mention = f"@{user_3.username}"
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"{mention} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        _, mentioned_users = comment.create_mentions()
+
+        assert mentioned_users == {"local": {user_3}, "remote": set()}
+
+
 class TestWorkoutCommentModelSerializeForMentions(WorkoutCommentMixin):
     def test_it_serializes_comment_with_mentions_as_link(
         self,
diff --git a/fittrackee/tests/comments/test_mentions_models.py b/fittrackee/tests/comments/test_mentions_models.py
new file mode 100644
index 000000000..3dec36c65
--- /dev/null
+++ b/fittrackee/tests/comments/test_mentions_models.py
@@ -0,0 +1,50 @@
+from datetime import datetime
+
+from flask import Flask
+from freezegun import freeze_time
+
+from fittrackee.comments.models import Mention
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Sport, Workout
+
+from ..workouts.utils import WorkoutCommentMixin
+
+
+class TestMentionModel(WorkoutCommentMixin):
+    def test_mention_model(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+        )
+        created_at = datetime.utcnow()
+
+        mention = Mention(
+            comment_id=comment.id, user_id=user_1.id, created_at=created_at
+        )
+
+        assert mention.user_id == user_1.id
+        assert mention.comment_id == comment.id
+        assert mention.created_at == created_at
+
+    def test_created_date_is_initialized_on_creation_when_not_provided(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+        )
+        now = datetime.utcnow()
+        with freeze_time(now):
+            mention = Mention(comment_id=comment.id, user_id=user_1.id)
+
+        assert mention.created_at == now
diff --git a/fittrackee/tests/comments/test_utils.py b/fittrackee/tests/comments/test_utils.py
index 77a0f5d2a..354d9abf0 100644
--- a/fittrackee/tests/comments/test_utils.py
+++ b/fittrackee/tests/comments/test_utils.py
@@ -5,54 +5,102 @@
 from fittrackee.users.models import User
 
 
-class TestHandleMentions:
-    def test_it_does_not_linkify_user_if_not_user_found(
+class TestGetMentionedUsers:
+    def test_it_returns_empty_dict_when_no_mentions(self, app: Flask) -> None:
+        text = random_string()
+
+        _, mentioned_users = handle_mentions(text)
+
+        assert mentioned_users == {"local": set(), "remote": set()}
+
+    def test_it_returns_unchanged_text_when_no_mentions(
+        self, app: Flask
+    ) -> None:
+        text = ' '.join([random_string()] * 5)
+
+        linkified_text, _ = handle_mentions(text)
+
+        assert linkified_text == text
+
+    def test_it_returns_empty_dict_when_user_not_found_by_username(
+        self, app: Flask
+    ) -> None:
+        text = f"@{random_string()} {random_string()}"
+
+        _, mentioned_users = handle_mentions(text)
+
+        assert mentioned_users == {"local": set(), "remote": set()}
+
+    def test_it_returns_unchanged_text_when_user_not_found_by_username(
+        self, app: Flask
+    ) -> None:
+        text = f"@{random_string()} {random_string()}"
+
+        linkified_text, _ = handle_mentions(text)
+
+        assert linkified_text == text
+
+    def test_it_returns_empty_dict_when_user_not_found_by_fullname(
         self, app: Flask
     ) -> None:
-        text = f"@{random_string()} nice!"
+        text = f"@{random_string()}@{random_string()} {random_string()}"
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        _, mentioned_users = handle_mentions(text)
 
-        assert converted_text == text
-        assert mentioned_actors == set()
+        assert mentioned_users == {"local": set(), "remote": set()}
 
-    def test_it_linkifies_user_when_local_user_found(
+    def test_it_returns_user_when_mentioned_by_username(
         self, app: Flask, user_1: User
     ) -> None:
-        text = f"@{user_1.username} nice!"
+        text = f"@{user_1.username} {random_string()}"
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        _, mentioned_users = handle_mentions(text)
 
-        assert converted_text == (
-            f'<a href="{user_1.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{user_1.username}</a> nice!'
-        )
-        assert mentioned_actors == {user_1.actor}
+        assert mentioned_users == {"local": {user_1}, "remote": set()}
 
-    def test_it_linkifies_user_when_local_user_found_with_domain(
+    def test_it_returns_text_with_link_when_user_found_by_username(
         self, app: Flask, user_1: User
     ) -> None:
-        text = f"@{user_1.fullname} nice!"
+        mention = f"@{user_1.fullname}"
+        text = f"{mention} {random_string()}"
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        linkified_text, _ = handle_mentions(text)
 
-        assert converted_text == (
-            f'<a href="{user_1.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{user_1.username}</a> nice!'
+        assert linkified_text == text.replace(
+            mention,
+            f'<a href="{user_1.get_user_url()}" target="_blank" '
+            f'rel="noopener noreferrer">{mention}</a>',
         )
-        assert mentioned_actors == {user_1.actor}
 
-    def test_it_linkifies_multiple_users(
-        self, app: Flask, user_1: User, user_2: User
+    def test_it_returns_user_when_mentioned_by_actor_fullname(
+        self, app: Flask, user_1: User
     ) -> None:
-        text = f"@{user_1.username} @{user_2.username} nice!"
+        text = f"@{user_1.fullname} {random_string()}"
+
+        _, mentioned_users = handle_mentions(text)
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        assert mentioned_users == {"local": {user_1}, "remote": set()}
 
-        assert converted_text == (
-            f'<a href="{user_1.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{user_1.username}</a> '
-            f'<a href="{user_2.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{user_2.username}</a> nice!'
+    def test_it_returns_text_with_link_when_user_found_by_actor_fullname(
+        self, app: Flask, user_1: User
+    ) -> None:
+        mention = f"@{user_1.fullname}"
+        text = f"{mention} {random_string()}"
+
+        linkified_text, _ = handle_mentions(text)
+
+        assert linkified_text == text.replace(
+            mention,
+            f'<a href="{user_1.get_user_url()}" target="_blank" '
+            f'rel="noopener noreferrer">{mention}</a>',
         )
-        assert mentioned_actors == {user_1.actor, user_2.actor}
+
+    def test_it_returns_deduplicated_user_when_mentioned_twice(
+        self, app: Flask, user_1: User
+    ) -> None:
+        mention = f"@{user_1.username} " * 2
+        text = f"{mention} {random_string()}"
+
+        _, mentioned_users = handle_mentions(text)
+
+        assert mentioned_users == {"local": {user_1}, "remote": set()}
diff --git a/fittrackee/tests/federation/comments/test_comments_api.py b/fittrackee/tests/federation/comments/test_comments_api.py
index 992defab5..fd7e5fc21 100644
--- a/fittrackee/tests/federation/comments/test_comments_api.py
+++ b/fittrackee/tests/federation/comments/test_comments_api.py
@@ -4,7 +4,7 @@
 import pytest
 from flask import Flask
 
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Mention, WorkoutComment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
@@ -341,6 +341,47 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
 
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_creates_mention(
+        self,
+        update_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        remote_user.send_follow_request_to(user_1)
+        user_1.approves_follow_request_from(remote_user)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=f"@{remote_user.fullname}",
+                    text_visibility=PrivacyLevel.PUBLIC,
+                )
+            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        assert (
+            Mention.query.filter_by(
+                comment_id=new_comment.id, user_id=remote_user.id
+            ).first()
+            is not None
+        )
+
 
 class TestGetWorkoutCommentAsUser(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
@@ -1085,6 +1126,38 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
 
+    def test_it_deletes_mentions(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        user_1.approves_follow_request_from(remote_user)
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{remote_user.fullname}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        comment_id = comment.id
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert Mention.query.filter_by(comment_id=comment_id).all() == []
+
 
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestPatchWorkoutComment(
@@ -1165,3 +1238,94 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_instance(
             activity=update_comment_activity,
             recipients=[remote_user.actor.shared_inbox_url],
         )
+
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_updates_mentions_to_remove_mention(
+        self,
+        update_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        user_1.approves_follow_request_from(remote_user)
+        remote_user_2.send_follow_request_to(user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{remote_user.fullname} @{remote_user_2.fullname}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.patch(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=f"@{remote_user.fullname}")),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        mentions = Mention.query.filter_by(comment_id=new_comment.id).all()
+        assert len(mentions) == 1
+        assert mentions[0] == (
+            Mention.query.filter_by(
+                comment_id=new_comment.id, user_id=remote_user.id
+            ).first()
+        )
+
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_updates_mentions_to_add_mention(
+        self,
+        update_mock: Mock,
+        send_to_remote_inbox_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        remote_user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_remote_user_to_user_1: FollowRequest,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        user_1.approves_follow_request_from(remote_user)
+        remote_user_2.send_follow_request_to(user_1)
+        user_1.approves_follow_request_from(remote_user_2)
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{remote_user.fullname}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.patch(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(
+                dict(text=f"@{remote_user.fullname} @{remote_user_2.fullname}")
+            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        new_comment = WorkoutComment.query.filter_by(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        ).first()
+        mentions = Mention.query.filter_by(comment_id=new_comment.id).all()
+        assert len(mentions) == 2
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 64e6528ad..9eacc4907 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -1,8 +1,10 @@
+from unittest.mock import Mock, patch
+
 import pytest
 from flask import Flask
 
 from fittrackee.comments.exceptions import CommentForbiddenException
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Mention, WorkoutComment
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.utils import WorkoutCommentMixin
@@ -10,6 +12,7 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ...mixins import RandomMixin
+from ...utils import RandomActor
 
 
 class TestWorkoutCommentModel(RandomMixin):
@@ -292,9 +295,96 @@ class TestWorkoutCommentModelGetDeleteActivity(
     expected_object_type = 'Tombstone'
 
 
+@patch('fittrackee.federation.utils.user.update_remote_user')
+class TestWorkoutCommentModelWithMentions(WorkoutCommentMixin):
+    def test_it_creates_mentions_when_mentioned_user_exists(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{remote_user.fullname} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        comment.create_mentions()
+
+        mention = Mention.query.first()
+        assert mention.comment_id == comment.id
+        assert mention.user_id == remote_user.id
+
+    def test_it_creates_mentions_when_mentioned_user_does_not_exist(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        random_actor: RandomActor,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{random_actor.fullname} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        with patch(
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            comment.create_mentions()
+
+        remote_user = User.query.filter_by(username=random_actor.name).first()
+        mention = Mention.query.first()
+        assert mention.comment_id == comment.id
+        assert mention.user_id == remote_user.id
+
+    def test_it_returns_mentioned_user(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        mention = f"@{remote_user.fullname}"
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"{mention} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+            with_mentions=False,
+        )
+
+        _, mentioned_users = comment.create_mentions()
+
+        assert mentioned_users == {"local": set(), "remote": {remote_user}}
+
+
+@patch('fittrackee.federation.utils.user.update_remote_user')
 class TestWorkoutCommentModelSerializeForMentions(WorkoutCommentMixin):
     def test_it_serializes_comment_with_mentions_as_link(
         self,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
diff --git a/fittrackee/tests/federation/comments/test_utils.py b/fittrackee/tests/federation/comments/test_utils.py
index d7235fbc2..2249710c7 100644
--- a/fittrackee/tests/federation/comments/test_utils.py
+++ b/fittrackee/tests/federation/comments/test_utils.py
@@ -1,47 +1,85 @@
+from unittest.mock import Mock, patch
+
 from flask import Flask
 
 from fittrackee.comments.utils import handle_mentions
-from fittrackee.tests.utils import random_domain, random_string
+from fittrackee.tests.utils import RandomActor, random_string
 from fittrackee.users.models import User
 
 
-class TestHandleMentions:
-    def test_it_does_not_linkify_user_if_not_user_found(
-        self, app_with_federation: Flask
+@patch('fittrackee.federation.utils.user.update_remote_user')
+class TestGetMentionedUsers:
+    def test_it_does_not_return_remote_user_when_mentioned_by_username(
+        self, update_mock: Mock, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        text = f"@{remote_user.username} {random_string()}"
+
+        _, mentioned_users = handle_mentions(text)
+
+        assert mentioned_users == {"local": set(), "remote": set()}
+
+    def test_it_returns_remote_user(
+        self, update_mock: Mock, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        text = f"@{remote_user.fullname} {random_string()}"
+
+        _, mentioned_users = handle_mentions(text)
+
+        assert mentioned_users == {"local": set(), "remote": {remote_user}}
+
+    def test_it_creates_remote_user(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        random_actor: RandomActor,
     ) -> None:
-        text = f"@{random_string()}@{random_domain()} nice!"
+        text = f"@{random_actor.fullname} {random_string()}"
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        with patch(
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            _, mentioned_users = handle_mentions(text)
 
-        assert converted_text == text
-        assert mentioned_actors == set()
+        remote_user = User.query.filter_by(username=random_actor.name).first()
+        assert mentioned_users == {"local": set(), "remote": {remote_user}}
 
-    def test_it_linkifies_user_when_remote_user_found(
-        self, app_with_federation: Flask, remote_user: User
+    def test_it_returns_text_with_link_when_remote_user_found(
+        self, update_mock: Mock, app_with_federation: Flask, remote_user: User
     ) -> None:
-        text = f"@{remote_user.fullname} nice!"
+        mention = f"@{remote_user.fullname}"
+        text = f"{mention} {random_string()}"
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        linkified_text, _ = handle_mentions(text)
 
-        assert converted_text == (
+        assert linkified_text == text.replace(
+            mention,
             f'<a href="{remote_user.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{remote_user.fullname}'
-            '</a> nice!'
+            f'rel="noopener noreferrer">{mention}</a>',
         )
-        assert mentioned_actors == {remote_user.actor}
 
-    def test_it_linkifies_multiple_users(
-        self, app_with_federation: Flask, user_1: User, remote_user: User
+    def test_it_returns_text_when_multiple_users(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
     ) -> None:
-        text = f"@{user_1.fullname} @{remote_user.fullname} nice!"
+        local_mention = f"@{user_1.username}"
+        remote_mention = f"@{remote_user.fullname}"
+        text = f"{local_mention} {remote_mention} {random_string()}"
 
-        converted_text, mentioned_actors = handle_mentions(text)
+        linkified_text, _ = handle_mentions(text)
 
-        assert converted_text == (
+        assert linkified_text == text.replace(
+            local_mention,
             f'<a href="{user_1.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{user_1.username}</a> '
+            f'rel="noopener noreferrer">{local_mention}</a>',
+        ).replace(
+            remote_mention,
             f'<a href="{remote_user.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">@{remote_user.fullname}'
-            '</a> nice!'
+            f'rel="noopener noreferrer">{remote_mention}</a>',
         )
-        assert mentioned_actors == {user_1.actor, remote_user.actor}
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 604d1e1ec..f345afc73 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -5,7 +5,7 @@
 import pytest
 from flask import Flask
 
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Mention, WorkoutComment
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
@@ -1110,6 +1110,7 @@ def generate_random_object(
         remote_actor: Union[RandomActor, Actor],
         workout: Optional[Workout] = None,
         visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
+        text: Optional[str] = None,
     ) -> Dict:
         remote_domain = (
             remote_actor.domain
@@ -1153,7 +1154,7 @@ def generate_random_object(
                 "url": comment_url,
                 "attributedTo": remote_actor.activitypub_id,
                 "inReplyTo": workout_api_id,
-                "content": self.random_string(),
+                "content": self.random_string() if not text else text,
                 "to": [remote_actor.followers_url],
                 "cc": [],
             },
@@ -1180,9 +1181,10 @@ def generate_workout_comment_create_activity(
         remote_actor: Union[RandomActor, Actor],
         workout: Optional[Workout] = None,
         visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
+        text: Optional[str] = None,
     ) -> Dict:
         return self.generate_random_object(
-            "Create", remote_actor, workout, visibility
+            "Create", remote_actor, workout, visibility, text
         )
 
     def generate_workout_comment_update_activity(
@@ -1228,43 +1230,108 @@ def generate_workout_comment_delete_activity(
 
 
 class TestCreateActivityForWorkoutComment(WorkoutCommentActivitiesTestCase):
-    def test_it_raises_error_if_comment_actor_does_not_exist(
+    def test_it_raises_error_if_comment_workout_does_not_exist(
         self,
         app_with_federation: Flask,
-        random_actor: RandomActor,
+        remote_user: User,
     ) -> None:
-
         comment_activity = self.generate_workout_comment_create_activity(
-            remote_actor=random_actor
+            remote_actor=remote_user.actor
         )
         activity = get_activity_instance({'type': comment_activity['type']})(
             activity_dict=comment_activity
         )
 
         with pytest.raises(
-            ActorNotFoundException,
-            match='actor not found for CreateActivity',
+            ObjectNotFoundException,
+            match='workout not found for CreateActivity',
         ):
             activity.process_activity()
 
-    def test_it_raises_error_if_comment_workout_does_not_exist(
+    def test_it_creates_remote_workout_comment_when_remote_user_does_not_exist(
         self,
         app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        random_actor: RandomActor,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
+        comment_activity = self.generate_workout_comment_create_activity(
+            remote_actor=random_actor,
+            workout=workout_cycling_user_1,
+            visibility=PrivacyLevel.PUBLIC,
+        )
+        activity = get_activity_instance({'type': comment_activity['type']})(
+            activity_dict=comment_activity
+        )
+
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ), patch(
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
+        ):
+            activity.process_activity()
+
+        remote_comment = WorkoutComment.query.filter_by().first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        assert (
+            User.query.filter_by(username=random_actor.name).first()
+            is not None
+        )
+
+    def test_it_creates_mentioned_users_when_comment_has_mention(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
         remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        random_actor: RandomActor,
     ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = (
+            f'{user_1.actor.activitypub_id}/workouts/'
+            f'{workout_cycling_user_1.short_id}'
+        )
         comment_activity = self.generate_workout_comment_create_activity(
-            remote_actor=remote_user.actor
+            remote_actor=random_actor,
+            workout=workout_cycling_user_1,
+            text=f"@{random_actor.fullname}",
+            visibility=PrivacyLevel.PUBLIC,
         )
         activity = get_activity_instance({'type': comment_activity['type']})(
             activity_dict=comment_activity
         )
 
-        with pytest.raises(
-            ObjectNotFoundException,
-            match='workout not found for CreateActivity',
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ), patch(
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
         ):
             activity.process_activity()
 
+        remote_comment = WorkoutComment.query.filter_by().first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        new_user = User.query.filter_by(username=random_actor.name).first()
+        assert new_user is not None
+        assert (
+            Mention.query.filter_by(
+                comment_id=remote_comment.id, user_id=new_user.id
+            ).first()
+            is not None
+        )
+
     @pytest.mark.parametrize(
         'input_visibility',
         [
@@ -1500,6 +1567,55 @@ def test_it_updates_remote_workout_comment_text(
 
         assert remote_comment.text == comment_activity["object"]["content"]
 
+    def test_it_updates_mentioned_users_when_comment_has_mention(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        random_actor: RandomActor,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+
+        with patch('fittrackee.federation.utils.user.update_remote_user'):
+            remote_comment = self.create_comment(
+                remote_user,
+                workout_cycling_user_1,
+                text=f"@{remote_user.fullname}",
+                text_visibility=PrivacyLevel.PUBLIC,
+            )
+            remote_comment.modification_date = datetime.utcnow()
+            comment_activity = remote_comment.get_activity("Update")
+            comment_activity["object"]["content"] = f"@{random_actor.fullname}"
+            activity = get_activity_instance(
+                {'type': comment_activity['type']}
+            )(activity_dict=comment_activity)
+
+        with patch(
+            'fittrackee.federation.utils.user.fetch_account_from_webfinger',
+            return_value=random_actor.get_webfinger(),
+        ), patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ), patch(
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
+        ):
+            activity.process_activity()
+
+        new_user = User.query.filter_by(username=random_actor.name).first()
+        assert new_user is not None
+        mentions = Mention.query.filter_by(comment_id=remote_comment.id).all()
+        assert len(mentions) == 1
+        assert (
+            Mention.query.filter_by(
+                comment_id=remote_comment.id, user_id=new_user.id
+            ).first()
+            is not None
+        )
+
     def test_it_updates_remote_workout_modification_date(
         self,
         app_with_federation: Flask,
@@ -1665,6 +1781,7 @@ def test_it_raises_error_when_activity_actor_is_not_comment_actor(
     def test_it_deletes_remote_workout(
         self,
         app_with_federation: Flask,
+        user_1: User,
         remote_user: User,
         sport_1_cycling: Sport,
         remote_cycling_workout: Workout,
@@ -1673,6 +1790,7 @@ def test_it_deletes_remote_workout(
         remote_comment = self.create_comment(
             remote_user,
             remote_cycling_workout,
+            text=f"@{user_1.fullname}",
             text_visibility=PrivacyLevel.PUBLIC,
         )
         delete_activity = self.generate_workout_comment_delete_activity(
@@ -1687,6 +1805,7 @@ def test_it_deletes_remote_workout(
         activity.process_activity()
 
         assert WorkoutComment.query.filter_by(id=comment_id).first() is None
+        assert Mention.query.filter_by(comment_id=comment_id).all() == []
 
     def test_it_deletes_remote_workout_with_reply(
         self,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index 23f2ffd45..c5a526460 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+from unittest.mock import Mock, patch
 
 import pytest
 from flask import Flask
@@ -184,8 +185,10 @@ def test_it_generates_activity_when_comment_has_parent_comment(
             },
         }
 
+    @patch('fittrackee.federation.utils.user.update_remote_user')
     def test_it_generates_activity_with_mentioned_users(
         self,
+        update_remote_user_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -353,8 +356,10 @@ def test_it_generates_activity_when_visibility_is_public(
             },
         }
 
+    @patch('fittrackee.federation.utils.user.update_remote_user')
     def test_it_generates_activity_with_mentioned_users(
         self,
+        update_remote_user_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
diff --git a/fittrackee/tests/federation/federation/test_federation_utils_user.py b/fittrackee/tests/federation/federation/test_federation_utils_user.py
index bdaddfcaf..b6d9c4551 100644
--- a/fittrackee/tests/federation/federation/test_federation_utils_user.py
+++ b/fittrackee/tests/federation/federation/test_federation_utils_user.py
@@ -15,7 +15,6 @@
     create_remote_user_from_username,
     get_or_create_remote_domain_from_url,
     get_user_from_username,
-    get_user_from_username_if_exists,
     get_username_and_domain,
     store_or_delete_user_picture,
     update_remote_actor_stats,
@@ -25,12 +24,7 @@
 from fittrackee.users.exceptions import UserNotFoundException
 from fittrackee.users.models import User
 
-from ...utils import (
-    RandomActor,
-    generate_response,
-    random_domain,
-    random_string,
-)
+from ...utils import RandomActor, generate_response, random_string
 
 
 class TestGetUsernameAndDomain:
@@ -684,72 +678,6 @@ def test_it_does_not_raise_error_if_refresh_fails(
         assert user == remote_user
 
 
-class TestGetUserFromUsernameIfExists:
-    def test_it_returns_none_if_no_local_user(
-        self, app_with_federation: Flask
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(username=random_string()) is None
-        )
-
-    def test_it_returns_none_if_no_remote_user(
-        self, app_with_federation: Flask
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(
-                username=random_string(), domain=random_domain()
-            )
-            is None
-        )
-
-    def test_it_returns_none_if_no_remote_user_with_existing(
-        self, app_with_federation: Flask, remote_domain: Domain
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(
-                username=random_string(), domain=remote_domain.name
-            )
-            is None
-        )
-
-    def test_it_returns_none_if_only_remote_user_exists_when_username_provided(
-        self, app_with_federation: Flask, user_1: User, remote_user: User
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(username=remote_user.username)
-            is None
-        )
-
-    def test_it_returns_local_user(
-        self, app_with_federation: Flask, user_1: User
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(username=user_1.username)
-            == user_1
-        )
-
-    def test_it_returns_local_user_from_fullname(
-        self, app_with_federation: Flask, user_1: User
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(
-                username=user_1.username, domain=user_1.actor.domain.name
-            )
-            == user_1
-        )
-
-    def test_it_returns_remote_user(
-        self, app_with_federation: Flask, remote_user: User
-    ) -> None:
-        assert (
-            get_user_from_username_if_exists(
-                username=remote_user.username,
-                domain=remote_user.actor.domain.name,
-            )
-            == remote_user
-        )
-
-
 class TestStoreOrDeleteUserPicture:
     @pytest.mark.parametrize(
         'input_description, input_icon',
diff --git a/fittrackee/tests/users/test_users_model.py b/fittrackee/tests/users/test_users_model.py
index 411532c31..a09f0c1bf 100644
--- a/fittrackee/tests/users/test_users_model.py
+++ b/fittrackee/tests/users/test_users_model.py
@@ -715,3 +715,25 @@ def test_it_returns_user_actor_fullname(
         user_1: User,
     ) -> None:
         assert user_1.fullname == user_1.actor.fullname
+
+
+class TestUserLinkifyMention:
+    def test_it_returns_linkified_mention_with_username(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        assert user_1.linkify_mention(with_domain=False) == (
+            f'<a href="{user_1.get_user_url()}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_1.username}</a>'
+        )
+
+    def test_it_returns_linkified_mention_with_fullname(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        assert user_1.linkify_mention(with_domain=True) == (
+            f'<a href="{user_1.get_user_url()}" target="_blank" '
+            f'rel="noopener noreferrer">@{user_1.fullname}</a>'
+        )
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 733b3d2e4..8d766c2a1 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -2,6 +2,7 @@
 from datetime import datetime
 from io import BytesIO
 from typing import Optional, Tuple
+from unittest.mock import patch
 
 from flask import Flask
 
@@ -61,6 +62,7 @@ def create_comment(
         text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
         created_at: Optional[datetime] = None,
         parent_comment: Optional[WorkoutComment] = None,
+        with_mentions: bool = True,
     ) -> WorkoutComment:
         text = self.random_string() if text is None else text
         comment = WorkoutComment(
@@ -74,6 +76,9 @@ def create_comment(
         )
         db.session.add(comment)
         db.session.flush()
+        if with_mentions:
+            with patch('fittrackee.federation.utils.user.update_remote_user'):
+                comment.create_mentions()
         actor = comment.user.actor
         comment.ap_id = (
             f'{actor.activitypub_id}/workouts/{workout.short_id}'
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 60e602671..3be5d6f1b 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -25,6 +25,11 @@
 from .roles import UserRole
 from .utils.token import decode_user_token, get_user_token
 
+USER_LINK_TEMPLATE = (
+    '<a href="{profile_url}" target="_blank" rel="noopener noreferrer">'
+    '{username}</a>'
+)
+
 
 class FollowRequest(BaseModel):
     """Follow request between two users"""
@@ -459,6 +464,14 @@ def create_actor(self) -> None:
     def fullname(self) -> str:
         return self.actor.fullname
 
+    def linkify_mention(self, with_domain: bool) -> str:
+        mention = f"@{self.username}"
+        if with_domain:
+            mention += f"@{self.actor.domain.name}"
+        return USER_LINK_TEMPLATE.format(
+            profile_url=self.actor.profile_url, username=mention
+        )
+
     def serialize(self, current_user: Optional['User'] = None) -> Dict:
         if current_user is None:
             role = None

From ad26288d6ecd38fcf3fc7f515b50fa96a7da7993 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 11 Feb 2023 19:38:24 +0100
Subject: [PATCH 210/238] API - handle visibility for mentioned users

---
 fittrackee/comments/comments.py               |   1 -
 fittrackee/comments/models.py                 |  58 ++----
 .../federation/activities/activities.py       |   1 -
 fittrackee/federation/objects/base_object.py  |  12 --
 fittrackee/federation/objects/comment.py      |  26 ++-
 fittrackee/federation/objects/workout.py      |  12 ++
 fittrackee/privacy_levels.py                  |  11 +-
 .../tests/comments/test_comments_api.py       |   8 +-
 .../tests/comments/test_comments_models.py    |  87 +--------
 .../tests/comments/test_mentions_models.py    |  95 +++++++++-
 .../comments/test_comments_models.py          |  68 +------
 .../comments/test_mentions_models.py          | 137 ++++++++++++++
 ...test_federation_objects_workout_comment.py | 174 +++++++++++++++++-
 fittrackee/tests/fixtures/fixtures_users.py   |  12 ++
 fittrackee/tests/workouts/utils.py            |   1 -
 15 files changed, 482 insertions(+), 221 deletions(-)
 create mode 100644 fittrackee/tests/federation/comments/test_mentions_models.py

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index ad4e3f13a..55b4b1494 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -65,7 +65,6 @@ def add_workout_comment(
         new_comment = WorkoutComment(
             user_id=auth_user.id,
             workout_id=workout.id,
-            workout_visibility=workout.workout_visibility,
             text=clean_input(comment_data['text']),
             text_visibility=PrivacyLevel(comment_data['text_visibility']),
             reply_to=workout_comment.id if workout_comment else None,
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index 0f153c995..f01b3039c 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -99,6 +99,14 @@ class WorkoutComment(BaseModel):
     parent_comment = db.relationship(
         'WorkoutComment', remote_side=[id], lazy='joined'
     )
+    mentions = db.relationship(
+        "User",
+        secondary="mentions",
+        primaryjoin="WorkoutComment.id == Mention.comment_id",
+        secondaryjoin="Mention.user_id == User.id",
+        lazy="dynamic",
+        viewonly=True,
+    )
 
     def __repr__(self) -> str:
         return f'<WorkoutComment {self.id}>'
@@ -107,57 +115,28 @@ def __init__(
         self,
         user_id: int,
         workout_id: int,
-        workout_visibility: PrivacyLevel,
         text: str,
-        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
+        text_visibility: PrivacyLevel,
         created_at: Optional[datetime.datetime] = None,
         reply_to: Optional[int] = None,
     ) -> None:
+        if (
+            text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
+            and not current_app.config['federation_enabled']
+        ):
+            raise InvalidVisibilityException(
+                "invalid visibility: followers_and_remote_only, "
+                "federation is disabled."
+            )
         self.user_id = user_id
         self.workout_id = workout_id
         self.text = text
-        self.text_visibility = self._check_visibility(
-            workout_visibility, text_visibility
-        )
+        self.text_visibility = text_visibility
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
         self.reply_to = reply_to
 
-    @staticmethod
-    def _check_visibility(
-        workout_visibility: PrivacyLevel, text_visibility: PrivacyLevel
-    ) -> PrivacyLevel:
-        if (
-            text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-            and not current_app.config['federation_enabled']
-        ):
-            raise InvalidVisibilityException(
-                f'invalid visibility: {text_visibility},'
-                f' federation is disabled.'
-            )
-
-        if (
-            (
-                workout_visibility == PrivacyLevel.PRIVATE
-                and text_visibility != PrivacyLevel.PRIVATE
-            )
-            or (
-                workout_visibility == PrivacyLevel.FOLLOWERS
-                and text_visibility
-                in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE]
-            )
-            or (
-                workout_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-                and text_visibility == PrivacyLevel.PUBLIC
-            )
-        ):
-            raise InvalidVisibilityException(
-                f'invalid visibility: {text_visibility} '
-                f'(workout visibility: {workout_visibility})'
-            )
-        return text_visibility
-
     @property
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
@@ -208,7 +187,6 @@ def update_mentions(self) -> None:
             db.session.flush()
 
     def serialize(self, user: Optional['User'] = None) -> Dict:
-        # TODO: mentions
         if not can_view(self, 'text_visibility', user):
             raise CommentForbiddenException
 
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 987c74b40..1e9dbad4f 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -226,7 +226,6 @@ def create_remote_note(self, actor: Actor) -> None:
         new_comment = WorkoutComment(
             user_id=actor.user.id,
             workout_id=workout.id,
-            workout_visibility=workout.workout_visibility,
             text=note_data["content"],
             text_visibility=self._get_visibility(note_data, actor),
             reply_to=parent_comment.id if parent_comment else None,
diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index 893ab21f6..e51f0e46b 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -2,7 +2,6 @@
 from datetime import datetime
 from typing import TYPE_CHECKING, Dict, Union
 
-from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
@@ -24,16 +23,6 @@ class BaseObject(ABC):
     object_url: str
     published: str
 
-    @staticmethod
-    def _check_visibility(visibility: PrivacyLevel) -> None:
-        if visibility in [
-            PrivacyLevel.PRIVATE,
-            PrivacyLevel.FOLLOWERS,
-        ]:
-            raise InvalidVisibilityException(
-                f"object visibility is: '{visibility.value}'"
-            )
-
     def _init_activity_dict(self) -> Dict:
         activity = {
             '@context': AP_CTX,
@@ -48,7 +37,6 @@ def _init_activity_dict(self) -> Dict:
                 'attributedTo': self.actor.activitypub_id,
             },
         }
-        # TODO: handle mention and private visibility for comment
         if self.visibility == PrivacyLevel.PUBLIC:
             activity['to'] = [PUBLIC_STREAM]
             activity['cc'] = [self.actor.followers_url]
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index c0f00d791..66a1d7167 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -1,5 +1,8 @@
 from typing import TYPE_CHECKING, Dict
 
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.privacy_levels import PrivacyLevel
+
 from ..enums import ActivityType
 from .base_object import BaseObject
 
@@ -16,7 +19,7 @@ class WorkoutCommentObject(BaseObject):
     def __init__(
         self, workout_comment: 'WorkoutComment', activity_type: str
     ) -> None:
-        self._check_visibility(workout_comment.text_visibility)
+        self._check_visibility(workout_comment)
         self.workout_comment = workout_comment
         self.visibility = workout_comment.text_visibility
         self.workout = workout_comment.workout
@@ -29,6 +32,17 @@ def __init__(
         self.object_url = self.workout_comment.remote_url
         self.activity_dict = self._init_activity_dict()
 
+    @staticmethod
+    def _check_visibility(comment: 'WorkoutComment') -> None:
+        if (
+            comment.text_visibility
+            in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+            and not comment.mentions.all()
+        ):
+            raise InvalidVisibilityException(
+                f"object visibility is: '{comment.text_visibility.value}'"
+            )
+
     def get_activity(self) -> Dict:
         (
             text_with_mention,
@@ -52,6 +66,12 @@ def get_activity(self) -> Dict:
                 mentioned_users["remote"]
             )
         ]
-        self.activity_dict['cc'].extend(mentions)
-        self.activity_dict['object']['cc'].extend(mentions)
+        if self.visibility == PrivacyLevel.PRIVATE:
+            self.activity_dict['to'] = mentions
+            self.activity_dict['cc'] = [self.actor.activitypub_id]
+            self.activity_dict['object']['to'] = mentions
+            self.activity_dict['object']['cc'] = [self.actor.activitypub_id]
+        else:
+            self.activity_dict['cc'].extend(mentions)
+            self.activity_dict['object']['cc'].extend(mentions)
         return self.activity_dict
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index 5b4db81fe..0d5792766 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -1,5 +1,7 @@
 from typing import TYPE_CHECKING, Dict
 
+from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 
 from ..enums import ActivityType
@@ -25,6 +27,16 @@ def __init__(self, workout: 'Workout', activity_type: str) -> None:
         self.object_url = self.workout.remote_url
         self.activity_dict = self._init_activity_dict()
 
+    @staticmethod
+    def _check_visibility(visibility: PrivacyLevel) -> None:
+        if visibility in [
+            PrivacyLevel.PRIVATE,
+            PrivacyLevel.FOLLOWERS,
+        ]:
+            raise InvalidVisibilityException(
+                f"object visibility is: '{visibility.value}'"
+            )
+
     def _get_note_content(self) -> str:
         # TODO:
         # handle translation and imperial units depending on user preferences
diff --git a/fittrackee/privacy_levels.py b/fittrackee/privacy_levels.py
index 4aaa51b73..9729cf3f2 100644
--- a/fittrackee/privacy_levels.py
+++ b/fittrackee/privacy_levels.py
@@ -11,7 +11,7 @@ class PrivacyLevel(str, Enum):  # to make enum serializable
     PUBLIC = 'public'
     FOLLOWERS_AND_REMOTE = 'followers_and_remote_only'
     FOLLOWERS = 'followers_only'  # only local followers in federated instances
-    PRIVATE = 'private'
+    PRIVATE = 'private'  # in case of comments, for mentioned users only
 
 
 def get_map_visibility(
@@ -39,7 +39,6 @@ def can_view(
     visibility: str,
     user: Optional['User'] = None,
 ) -> bool:
-    # TODO: handle mentions and private visibility for comments
     if (
         target_object.__getattribute__(visibility) == PrivacyLevel.PUBLIC
         or user == target_object.user
@@ -49,10 +48,16 @@ def can_view(
     if not user:
         return False
 
+    if (
+        target_object.__class__.__name__ == "WorkoutComment"
+        and user in target_object.mentions.all()
+    ):
+        return True
+
     if (
         target_object.__getattribute__(visibility) == PrivacyLevel.FOLLOWERS
-        and user in target_object.user.followers
         and user.is_remote is False
+        and user in target_object.user.followers
         and target_object.user.is_remote is False
     ):
         return True
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index 475b937c1..f3b95718c 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -169,7 +169,7 @@ def test_it_returns_400_when_comment_visibility_is_invalid(
         follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
         user_2.approves_follow_request_from(user_1)
-        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -180,7 +180,7 @@ def test_it_returns_400_when_comment_visibility_is_invalid(
             data=json.dumps(
                 dict(
                     text=self.random_string(),
-                    text_visibility=PrivacyLevel.PUBLIC,
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
                 )
             ),
             headers=dict(
@@ -190,8 +190,8 @@ def test_it_returns_400_when_comment_visibility_is_invalid(
 
         self.assert_400(
             response,
-            f"invalid visibility: {PrivacyLevel.PUBLIC} "
-            f"(workout visibility: {PrivacyLevel.FOLLOWERS})",
+            "invalid visibility: followers_and_remote_only, "
+            "federation is disabled.",
         )
 
     def test_it_returns_500_when_data_is_invalid(
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index e4df567da..1ae8f5d4e 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -38,6 +38,7 @@ def test_comment_model(
         assert comment.text == text
         assert comment.created_at == created_at
         assert comment.modification_date is None
+        assert comment.text_visibility == PrivacyLevel.PRIVATE
 
     def test_created_date_is_initialized_on_creation_when_not_provided(
         self,
@@ -56,26 +57,6 @@ def test_created_date_is_initialized_on_creation_when_not_provided(
 
         assert comment.created_at == now
 
-    def test_privacy_is_private_when_not_provided_on_creation(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        now = datetime.utcnow()
-        with freeze_time(now):
-
-            comment = WorkoutComment(
-                user_id=user_1.id,
-                workout_id=workout_cycling_user_1.id,
-                workout_visibility=workout_cycling_user_1.workout_visibility,
-                text=self.random_string(),
-                created_at=now,
-            )
-
-        assert comment.text_visibility == PrivacyLevel.PRIVATE
-
     def test_it_raises_error_when_privacy_is_invalid(
         self,
         app: Flask,
@@ -95,76 +76,10 @@ def test_it_raises_error_when_privacy_is_invalid(
             WorkoutComment(
                 user_id=user_1.id,
                 workout_id=workout_cycling_user_1.id,
-                workout_visibility=workout_cycling_user_1.workout_visibility,
                 text=self.random_string(),
                 text_visibility=text_visibility,
             )
 
-    @pytest.mark.parametrize(
-        'input_workout_visibility, input_text_visibility',
-        [
-            (PrivacyLevel.PRIVATE, PrivacyLevel.PRIVATE),
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS),
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE),
-            (PrivacyLevel.PUBLIC, PrivacyLevel.PUBLIC),
-            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS),
-            (PrivacyLevel.PUBLIC, PrivacyLevel.PRIVATE),
-        ],
-    )
-    def test_it_initializes_text_visibility_when_workout_visibility_is_not_stricter(  # noqa
-        self,
-        input_workout_visibility: PrivacyLevel,
-        input_text_visibility: PrivacyLevel,
-        app: Flask,
-        sport_1_cycling: Sport,
-        user_1: User,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.workout_visibility = input_workout_visibility
-
-        comment = WorkoutComment(
-            user_id=user_1.id,
-            workout_id=workout_cycling_user_1.id,
-            workout_visibility=workout_cycling_user_1.workout_visibility,
-            text=self.random_string(),
-            text_visibility=input_text_visibility,
-        )
-
-        assert comment.text_visibility == input_text_visibility
-
-    @pytest.mark.parametrize(
-        'input_workout_visibility, input_text_visibility',
-        [
-            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS),
-            (PrivacyLevel.PRIVATE, PrivacyLevel.PUBLIC),
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC),
-        ],
-    )
-    def test_it_raises_when_workout_visibility_is_stricter(
-        self,
-        input_workout_visibility: PrivacyLevel,
-        input_text_visibility: PrivacyLevel,
-        app: Flask,
-        sport_1_cycling: Sport,
-        user_1: User,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.workout_visibility = input_workout_visibility
-        with pytest.raises(
-            InvalidVisibilityException,
-            match=(
-                f'invalid visibility: {input_text_visibility} '
-                f'\\(workout visibility: {input_workout_visibility}\\)'
-            ),
-        ):
-            WorkoutComment(
-                user_id=user_1.id,
-                workout_id=workout_cycling_user_1.id,
-                workout_visibility=workout_cycling_user_1.workout_visibility,
-                text=self.random_string(),
-                text_visibility=input_text_visibility,
-            )
-
     def test_short_id_returns_encoded_comment_uuid(
         self,
         app: Flask,
diff --git a/fittrackee/tests/comments/test_mentions_models.py b/fittrackee/tests/comments/test_mentions_models.py
index 3dec36c65..4193f3752 100644
--- a/fittrackee/tests/comments/test_mentions_models.py
+++ b/fittrackee/tests/comments/test_mentions_models.py
@@ -1,14 +1,23 @@
 from datetime import datetime
 
+import pytest
 from flask import Flask
 from freezegun import freeze_time
 
+from fittrackee.comments.exceptions import CommentForbiddenException
 from fittrackee.comments.models import Mention
-from fittrackee.users.models import User
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
 from ..workouts.utils import WorkoutCommentMixin
 
+ALL_VISIBILITIES = [
+    PrivacyLevel.PUBLIC,
+    PrivacyLevel.FOLLOWERS,
+    PrivacyLevel.PRIVATE,
+]
+
 
 class TestMentionModel(WorkoutCommentMixin):
     def test_mention_model(
@@ -48,3 +57,87 @@ def test_created_date_is_initialized_on_creation_when_not_provided(
             mention = Mention(comment_id=comment.id, user_id=user_1.id)
 
         assert mention.created_at == now
+
+
+class TestCommentWithMentionSerializeVisibility(WorkoutCommentMixin):
+    @pytest.mark.parametrize('workout_visibility', ALL_VISIBILITIES)
+    def test_public_comment_is_visible_to_all_users(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=f"@{user_2.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        comment.serialize(user_1)  # author
+        comment.serialize(user_2)  # mentioned user
+        comment.serialize(user_3)  # user
+        comment.serialize()  # unauthenticated user
+
+    @pytest.mark.parametrize('workout_visibility', ALL_VISIBILITIES)
+    def test_comment_for_followers_is_visible_to_followers_and_mentioned_users(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        user_4: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=f"@{user_3.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+
+        assert comment.serialize(user_1)  # author
+        assert comment.serialize(user_2)  # follower
+        assert comment.serialize(user_3)  # mentioned user
+        with pytest.raises(CommentForbiddenException):
+            assert comment.serialize(user_4)  # user
+            assert comment.serialize()  # unauthenticated user
+
+    @pytest.mark.parametrize('workout_visibility', ALL_VISIBILITIES)
+    def test_private_comment_is_only_visible_to_author_and_mentioned_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        user_4: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        workout_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = workout_visibility
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=f"@{user_3.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+
+        assert comment.serialize(user_1)  # author
+        assert comment.serialize(user_3)  # mentioned user
+        with pytest.raises(CommentForbiddenException):
+            assert comment.serialize(user_2)  # follower
+            assert comment.serialize(user_4)  # user
+            assert comment.serialize()  # unauthenticated user
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 9eacc4907..4a3ebef66 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -4,82 +4,16 @@
 from flask import Flask
 
 from fittrackee.comments.exceptions import CommentForbiddenException
-from fittrackee.comments.models import Mention, WorkoutComment
+from fittrackee.comments.models import Mention
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
-from ...mixins import RandomMixin
 from ...utils import RandomActor
 
 
-class TestWorkoutCommentModel(RandomMixin):
-    @pytest.mark.parametrize(
-        'input_workout_visibility, input_text_visibility',
-        [
-            (PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.FOLLOWERS),
-            (
-                PrivacyLevel.FOLLOWERS_AND_REMOTE,
-                PrivacyLevel.FOLLOWERS_AND_REMOTE,
-            ),
-            (PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS_AND_REMOTE),
-        ],
-    )
-    def test_it_initializes_text_visibility_when_workout_visibility_is_not_stricter(  # noqa
-        self,
-        input_workout_visibility: PrivacyLevel,
-        input_text_visibility: PrivacyLevel,
-        app_with_federation: Flask,
-        sport_1_cycling: Sport,
-        user_1: User,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.workout_visibility = input_workout_visibility
-        comment = WorkoutComment(
-            user_id=user_1.id,
-            workout_id=workout_cycling_user_1.id,
-            workout_visibility=workout_cycling_user_1.workout_visibility,
-            text=self.random_string(),
-            text_visibility=input_text_visibility,
-        )
-
-        assert comment.text_visibility == input_text_visibility
-
-    @pytest.mark.parametrize(
-        'input_workout_visibility, input_text_visibility',
-        [
-            (PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS_AND_REMOTE),
-            (PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE),
-        ],
-    )
-    def test_it_raises_when_workout_visibility_is_stricter(
-        self,
-        input_workout_visibility: PrivacyLevel,
-        input_text_visibility: PrivacyLevel,
-        app_with_federation: Flask,
-        sport_1_cycling: Sport,
-        user_1: User,
-        workout_cycling_user_1: Workout,
-    ) -> None:
-        workout_cycling_user_1.workout_visibility = input_workout_visibility
-        with pytest.raises(
-            InvalidVisibilityException,
-            match=(
-                f'invalid visibility: {input_text_visibility} '
-                f'\\(workout visibility: {input_workout_visibility}\\)'
-            ),
-        ):
-            WorkoutComment(
-                user_id=user_1.id,
-                workout_id=workout_cycling_user_1.id,
-                workout_visibility=workout_cycling_user_1.workout_visibility,
-                text=self.random_string(),
-                text_visibility=input_text_visibility,
-            )
-
-
 class TestWorkoutCommentModelSerializeForCommentOwner(WorkoutCommentMixin):
     def test_it_serializes_owner_comment(
         self,
diff --git a/fittrackee/tests/federation/comments/test_mentions_models.py b/fittrackee/tests/federation/comments/test_mentions_models.py
new file mode 100644
index 000000000..162c62615
--- /dev/null
+++ b/fittrackee/tests/federation/comments/test_mentions_models.py
@@ -0,0 +1,137 @@
+from unittest.mock import Mock, patch
+
+import pytest
+from flask import Flask
+
+from fittrackee.comments.exceptions import CommentForbiddenException
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ...workouts.utils import WorkoutCommentMixin
+
+
+class TestCommentWithMentionSerializeVisibility(WorkoutCommentMixin):
+    def test_public_comment_is_visible_to_all_users(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=f"@{user_2.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        comment.serialize(user_1)  # author
+        comment.serialize(user_2)  # mentioned user
+        comment.serialize(user_3)  # user
+        comment.serialize()  # unauthenticated user
+
+    @pytest.mark.parametrize(
+        'text_visibility',
+        [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE],
+    )
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_comment_for_followers_is_visible_to_followers_and_mentioned_users(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        user_4: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        text_visibility: PrivacyLevel,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=(
+                f"@{user_3.username} {remote_user.fullname} "
+                f"{self.random_string()}"
+            ),
+            text_visibility=text_visibility,
+        )
+
+        assert comment.serialize(user_1)  # author
+        assert comment.serialize(user_2)  # follower
+        assert comment.serialize(user_3)  # mentioned user
+        with pytest.raises(CommentForbiddenException):
+            assert comment.serialize(user_4)  # user
+            assert comment.serialize()  # unauthenticated user
+
+    def test_private_comment_is_only_visible_to_author_and_mentioned_user(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        user_4: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=f"@{user_3.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+
+        assert comment.serialize(user_1)  # author
+        assert comment.serialize(user_3)  # mentioned user
+        with pytest.raises(CommentForbiddenException):
+            assert comment.serialize(user_2)  # follower
+            assert comment.serialize(user_4)  # user
+            assert comment.serialize()  # unauthenticated user
+
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_private_comment_with_remote_mention_is_only_visible_to_author(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        comment = self.create_comment(
+            user=user_1,
+            workout=workout_cycling_user_1,
+            text=f"@{remote_user.fullname} {self.random_string()}",
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+
+        assert comment.serialize(user_1)  # author
+        with pytest.raises(CommentForbiddenException):
+            assert comment.serialize(user_2)  # follower
+            assert comment.serialize(user_3)  # user
+            assert comment.serialize()  # unauthenticated user
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index c5a526460..4350ee20c 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -27,6 +27,7 @@ def test_it_raises_error_when_visibility_is_invalid(
         input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        # no mentioned users
         workout_comment = self.create_comment(
             user_2, workout_cycling_user_1, text_visibility=input_visibility
         )
@@ -186,7 +187,7 @@ def test_it_generates_activity_when_comment_has_parent_comment(
         }
 
     @patch('fittrackee.federation.utils.user.update_remote_user')
-    def test_it_generates_activity_with_mentioned_users(
+    def test_it_generates_activity_for_public_comment_with_mentioned_users(
         self,
         update_remote_user_mock: Mock,
         app_with_federation: Flask,
@@ -222,6 +223,89 @@ def test_it_generates_activity_with_mentioned_users(
         }
         assert serialized_comment['object']['content'] == text_with_mentions
 
+    @pytest.mark.parametrize(
+        'text_visibility',
+        [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE],
+    )
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_generates_activity_with_mentioned_users(
+        self,
+        update_remote_user_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        text_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text=f"@{user_3.username} @{remote_user.fullname} great!",
+            text_visibility=text_visibility,
+        )
+        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+
+        serialized_comment = comment_object.get_activity()
+
+        text_with_mentions, _ = workout_comment.handle_mentions()
+        assert set(serialized_comment['cc']) == {
+            user_2.actor.activitypub_id,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['cc']) == {
+            user_2.actor.activitypub_id,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert serialized_comment['object']['content'] == text_with_mentions
+
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_generates_activity_for_private_comment_with_mentioned_users(
+        self,
+        update_remote_user_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text=f"@{user_3.username} @{remote_user.fullname} great!",
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+
+        serialized_comment = comment_object.get_activity()
+
+        text_with_mentions, _ = workout_comment.handle_mentions()
+        assert set(serialized_comment['to']) == {
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['cc']) == {
+            user_2.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['to']) == {
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['cc']) == {
+            user_2.actor.activitypub_id,
+        }
+        assert serialized_comment['object']['content'] == text_with_mentions
+
 
 class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
     @pytest.mark.parametrize(
@@ -237,6 +321,7 @@ def test_it_raises_error_when_visibility_is_invalid(
         input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        # no mentioned users
         workout_comment = self.create_comment(
             user_2, workout_cycling_user_1, text_visibility=input_visibility
         )
@@ -356,6 +441,48 @@ def test_it_generates_activity_when_visibility_is_public(
             },
         }
 
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_generates_activity_for_public_comment_with_mentioned_users(
+        self,
+        update_remote_user_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text=f"@{user_3.username} @{remote_user.fullname} great!",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        workout_comment.modification_date = datetime.utcnow()
+        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+
+        serialized_comment = comment_object.get_activity()
+
+        text_with_mentions, _ = workout_comment.handle_mentions()
+        assert set(serialized_comment['cc']) == {
+            user_2.actor.followers_url,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['cc']) == {
+            user_2.actor.followers_url,
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert serialized_comment['object']['content'] == text_with_mentions
+
+    @pytest.mark.parametrize(
+        'text_visibility',
+        [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE],
+    )
     @patch('fittrackee.federation.utils.user.update_remote_user')
     def test_it_generates_activity_with_mentioned_users(
         self,
@@ -367,6 +494,7 @@ def test_it_generates_activity_with_mentioned_users(
         remote_user: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        text_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
@@ -374,7 +502,7 @@ def test_it_generates_activity_with_mentioned_users(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
-            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            text_visibility=text_visibility,
         )
         workout_comment.modification_date = datetime.utcnow()
         comment_object = WorkoutCommentObject(workout_comment, 'Update')
@@ -393,3 +521,45 @@ def test_it_generates_activity_with_mentioned_users(
             remote_user.actor.activitypub_id,
         }
         assert serialized_comment['object']['content'] == text_with_mentions
+
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_generates_activity_for_private_comment_with_mentioned_users(
+        self,
+        update_remote_user_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        workout_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text=f"@{user_3.username} @{remote_user.fullname} great!",
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        workout_comment.modification_date = datetime.utcnow()
+        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+
+        serialized_comment = comment_object.get_activity()
+
+        text_with_mentions, _ = workout_comment.handle_mentions()
+        assert set(serialized_comment['to']) == {
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['cc']) == {
+            user_2.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['to']) == {
+            user_3.actor.activitypub_id,
+            remote_user.actor.activitypub_id,
+        }
+        assert set(serialized_comment['object']['cc']) == {
+            user_2.actor.activitypub_id,
+        }
+        assert serialized_comment['object']['content'] == text_with_mentions
diff --git a/fittrackee/tests/fixtures/fixtures_users.py b/fittrackee/tests/fixtures/fixtures_users.py
index 09c42afc6..fd31af9bc 100644
--- a/fittrackee/tests/fixtures/fixtures_users.py
+++ b/fittrackee/tests/fixtures/fixtures_users.py
@@ -110,6 +110,18 @@ def user_3() -> User:
     return user
 
 
+@pytest.fixture()
+def user_4() -> User:
+    user = User(username='john', email='john@doe.com', password='12345678')
+    user.is_active = True
+    user.weekm = True
+    db.session.add(user)
+    db.session.flush()
+    user.create_actor()
+    db.session.commit()
+    return user
+
+
 @pytest.fixture()
 def inactive_user() -> User:
     user = User(
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 8d766c2a1..a382251e6 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -68,7 +68,6 @@ def create_comment(
         comment = WorkoutComment(
             user_id=user.id,
             workout_id=workout.id,
-            workout_visibility=workout.workout_visibility,
             text=text,
             text_visibility=text_visibility,
             created_at=created_at,

From 487181bd81d559116fd32726aa7360615eff75a0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 12 Feb 2023 19:02:23 +0100
Subject: [PATCH 211/238] API - update comment-related activity models (WIP)

---
 fittrackee/federation/objects/base_object.py  |   6 +-
 fittrackee/federation/objects/comment.py      |   6 +-
 .../test_federation_objects_tombstone.py      |   4 +-
 .../test_federation_objects_workout.py        |   8 +-
 ...test_federation_objects_workout_comment.py | 101 +++++++++---------
 5 files changed, 62 insertions(+), 63 deletions(-)

diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index e51f0e46b..c41b152eb 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -42,11 +42,11 @@ def _init_activity_dict(self) -> Dict:
             activity['cc'] = [self.actor.followers_url]
             activity['object']['to'] = [PUBLIC_STREAM]
             activity['object']['cc'] = [self.actor.followers_url]
-        else:
+        else:  # for followers
             activity['to'] = [self.actor.followers_url]
-            activity['cc'] = [self.actor.activitypub_id]
+            activity['cc'] = []
             activity['object']['to'] = [self.actor.followers_url]
-            activity['object']['cc'] = [self.actor.activitypub_id]
+            activity['object']['cc'] = []
         return activity
 
     @staticmethod
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index 66a1d7167..4f8c8b544 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -66,11 +66,11 @@ def get_activity(self) -> Dict:
                 mentioned_users["remote"]
             )
         ]
-        if self.visibility == PrivacyLevel.PRIVATE:
+        if self.visibility in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]:
             self.activity_dict['to'] = mentions
-            self.activity_dict['cc'] = [self.actor.activitypub_id]
+            self.activity_dict['cc'] = []
             self.activity_dict['object']['to'] = mentions
-            self.activity_dict['object']['cc'] = [self.actor.activitypub_id]
+            self.activity_dict['object']['cc'] = []
         else:
             self.activity_dict['cc'].extend(mentions)
             self.activity_dict['object']['cc'].extend(mentions)
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
index a0617f8b5..32970bb0c 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -98,7 +98,7 @@ class TestTombstoneObjectForWorkoutComment(WorkoutCommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
-    def test_it_raises_error_when_visibility_is_private(
+    def test_it_raises_error_when_comment_has_no_mention(
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -152,7 +152,7 @@ def test_it_generates_delete_activity_for_comment_with_public_visibility(
             "cc": [user_1.actor.followers_url],
         }
 
-    def test_it_generates_delete_activity_for_workout_with_follower_visibility(
+    def test_it_generates_delete_activity_for_comment_with_follower_visibility(
         self,
         app_with_federation: Flask,
         user_1: User,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index 48f612e4b..b43e865be 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -94,7 +94,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
-            'cc': [user_1.actor.activitypub_id],
+            'cc': [],
             'object': {
                 'id': workout_cycling_user_1.ap_id,
                 'type': 'Workout',
@@ -102,7 +102,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
-                'cc': [user_1.actor.activitypub_id],
+                'cc': [],
                 'ave_speed': float(workout_cycling_user_1.ave_speed),
                 'distance': float(workout_cycling_user_1.distance),
                 'duration': str(workout_cycling_user_1.duration),
@@ -211,7 +211,7 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
             'actor': user_1.actor.activitypub_id,
             'published': published,
             'to': [user_1.actor.followers_url],
-            'cc': [user_1.actor.activitypub_id],
+            'cc': [],
             'object': {
                 'id': workout_cycling_user_1.ap_id,
                 'type': 'Note',
@@ -222,7 +222,7 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
                     workout_cycling_user_1, workout_cycling_user_1.remote_url
                 ),
                 'to': [user_1.actor.followers_url],
-                'cc': [user_1.actor.activitypub_id],
+                'cc': [],
                 **updated,
             },
         }
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index 4350ee20c..017cca6b4 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -83,7 +83,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": [user_2.actor.followers_url],
-            "cc": [user_2.actor.activitypub_id],
+            "cc": [],
             "object": {
                 "id": workout_comment.ap_id,
                 "type": "Note",
@@ -93,7 +93,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 "inReplyTo": workout_cycling_user_1.ap_id,
                 "content": workout_comment.text,
                 "to": [user_2.actor.followers_url],
-                "cc": [user_2.actor.activitypub_id],
+                "cc": [],
             },
         }
 
@@ -186,8 +186,10 @@ def test_it_generates_activity_when_comment_has_parent_comment(
             },
         }
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
-    def test_it_generates_activity_for_public_comment_with_mentioned_users(
+
+@patch('fittrackee.federation.utils.user.update_remote_user')
+class TestWorkoutCommentWithMentionsCreateObject(WorkoutCommentMixin):
+    def test_it_generates_activity_for_public_comment(
         self,
         update_remote_user_mock: Mock,
         app_with_federation: Flask,
@@ -211,24 +213,24 @@ def test_it_generates_activity_for_public_comment_with_mentioned_users(
         serialized_comment = comment_object.get_activity()
 
         text_with_mentions, _ = workout_comment.handle_mentions()
+        assert serialized_comment['to'] == [
+            "https://www.w3.org/ns/activitystreams#Public"
+        ]
         assert set(serialized_comment['cc']) == {
             user_2.actor.followers_url,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
+        assert serialized_comment['object']['to'] == [
+            "https://www.w3.org/ns/activitystreams#Public"
+        ]
         assert set(serialized_comment['object']['cc']) == {
             user_2.actor.followers_url,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert serialized_comment['object']['content'] == text_with_mentions
 
-    @pytest.mark.parametrize(
-        'text_visibility',
-        [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE],
-    )
-    @patch('fittrackee.federation.utils.user.update_remote_user')
-    def test_it_generates_activity_with_mentioned_users(
+    def test_it_generates_activity_with_followers_and_remote_visibility(
         self,
         update_remote_user_mock: Mock,
         app_with_federation: Flask,
@@ -238,7 +240,6 @@ def test_it_generates_activity_with_mentioned_users(
         remote_user: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
-        text_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
@@ -246,27 +247,30 @@ def test_it_generates_activity_with_mentioned_users(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
-            text_visibility=text_visibility,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
         comment_object = WorkoutCommentObject(workout_comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
         text_with_mentions, _ = workout_comment.handle_mentions()
+        assert serialized_comment['to'] == [user_2.actor.followers_url]
         assert set(serialized_comment['cc']) == {
-            user_2.actor.activitypub_id,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
+        assert serialized_comment['object']['to'] == [
+            user_2.actor.followers_url
+        ]
         assert set(serialized_comment['object']['cc']) == {
-            user_2.actor.activitypub_id,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert serialized_comment['object']['content'] == text_with_mentions
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
-    def test_it_generates_activity_for_private_comment_with_mentioned_users(
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_generates_activity_with_mentioned_users(
         self,
         update_remote_user_mock: Mock,
         app_with_federation: Flask,
@@ -276,6 +280,7 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
         remote_user: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
@@ -283,7 +288,7 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
-            text_visibility=PrivacyLevel.PRIVATE,
+            text_visibility=input_visibility,
         )
         comment_object = WorkoutCommentObject(workout_comment, 'Create')
 
@@ -294,17 +299,12 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert set(serialized_comment['cc']) == {
-            user_2.actor.activitypub_id,
-        }
+        assert serialized_comment['cc'] == []
         assert set(serialized_comment['object']['to']) == {
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert set(serialized_comment['object']['cc']) == {
-            user_2.actor.activitypub_id,
-        }
-        assert serialized_comment['object']['content'] == text_with_mentions
+        assert serialized_comment['object']['cc'] == []
 
 
 class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
@@ -378,7 +378,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": [user_2.actor.followers_url],
-            "cc": [user_2.actor.activitypub_id],
+            "cc": [],
             "object": {
                 "id": workout_comment.ap_id,
                 "type": "Note",
@@ -388,7 +388,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 "inReplyTo": workout_cycling_user_1.ap_id,
                 "content": workout_comment.text,
                 "to": [user_2.actor.followers_url],
-                "cc": [user_2.actor.activitypub_id],
+                "cc": [],
                 "updated": workout_comment.modification_date.strftime(
                     DATE_FORMAT
                 ),
@@ -410,7 +410,6 @@ def test_it_generates_activity_when_visibility_is_public(
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
         )
-
         workout_comment.modification_date = datetime.utcnow()
         published = workout_comment.created_at.strftime(DATE_FORMAT)
         comment_object = WorkoutCommentObject(workout_comment, 'Update')
@@ -441,8 +440,10 @@ def test_it_generates_activity_when_visibility_is_public(
             },
         }
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
-    def test_it_generates_activity_for_public_comment_with_mentioned_users(
+
+@patch('fittrackee.federation.utils.user.update_remote_user')
+class TestWorkoutCommentWithMentionsUpdateObject(WorkoutCommentMixin):
+    def test_it_generates_activity_for_public_comment(
         self,
         update_remote_user_mock: Mock,
         app_with_federation: Flask,
@@ -467,24 +468,24 @@ def test_it_generates_activity_for_public_comment_with_mentioned_users(
         serialized_comment = comment_object.get_activity()
 
         text_with_mentions, _ = workout_comment.handle_mentions()
+        assert serialized_comment['to'] == [
+            "https://www.w3.org/ns/activitystreams#Public"
+        ]
         assert set(serialized_comment['cc']) == {
             user_2.actor.followers_url,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
+        assert serialized_comment['object']['to'] == [
+            "https://www.w3.org/ns/activitystreams#Public"
+        ]
         assert set(serialized_comment['object']['cc']) == {
             user_2.actor.followers_url,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert serialized_comment['object']['content'] == text_with_mentions
 
-    @pytest.mark.parametrize(
-        'text_visibility',
-        [PrivacyLevel.FOLLOWERS, PrivacyLevel.FOLLOWERS_AND_REMOTE],
-    )
-    @patch('fittrackee.federation.utils.user.update_remote_user')
-    def test_it_generates_activity_with_mentioned_users(
+    def test_it_generates_activity_with_followers_and_remote_visibility(
         self,
         update_remote_user_mock: Mock,
         app_with_federation: Flask,
@@ -494,7 +495,6 @@ def test_it_generates_activity_with_mentioned_users(
         remote_user: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
-        text_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
@@ -502,7 +502,7 @@ def test_it_generates_activity_with_mentioned_users(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
-            text_visibility=text_visibility,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
         workout_comment.modification_date = datetime.utcnow()
         comment_object = WorkoutCommentObject(workout_comment, 'Update')
@@ -510,19 +510,22 @@ def test_it_generates_activity_with_mentioned_users(
         serialized_comment = comment_object.get_activity()
 
         text_with_mentions, _ = workout_comment.handle_mentions()
+        assert serialized_comment['to'] == [user_2.actor.followers_url]
         assert set(serialized_comment['cc']) == {
-            user_2.actor.activitypub_id,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
+        assert serialized_comment['object']['to'] == [
+            user_2.actor.followers_url
+        ]
         assert set(serialized_comment['object']['cc']) == {
-            user_2.actor.activitypub_id,
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert serialized_comment['object']['content'] == text_with_mentions
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
     def test_it_generates_activity_for_private_comment_with_mentioned_users(
         self,
         update_remote_user_mock: Mock,
@@ -533,6 +536,7 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
         remote_user: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
@@ -552,14 +556,9 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert set(serialized_comment['cc']) == {
-            user_2.actor.activitypub_id,
-        }
+        assert serialized_comment['cc'] == []
         assert set(serialized_comment['object']['to']) == {
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
         }
-        assert set(serialized_comment['object']['cc']) == {
-            user_2.actor.activitypub_id,
-        }
-        assert serialized_comment['object']['content'] == text_with_mentions
+        assert serialized_comment['object']['cc'] == []

From e0abde5e85c4d257151efb7529e50521646e1b3e Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 15 Feb 2023 11:47:09 +0100
Subject: [PATCH 212/238] API - handle activities related to comment with
 mentions

---
 fittrackee/comments/comments.py               |  57 +++-
 fittrackee/comments/models.py                 |  34 ++-
 fittrackee/federation/objects/comment.py      |  16 +-
 fittrackee/federation/objects/tombstone.py    |  23 +-
 .../tests/comments/test_comments_api.py       |  20 +-
 .../federation/comments/test_comments_api.py  | 289 +++++++++++++++++-
 .../comments/test_mentions_models.py          |  63 ++++
 .../test_federation_objects_tombstone.py      |  48 +++
 ...test_federation_objects_workout_comment.py |  61 ++--
 9 files changed, 551 insertions(+), 60 deletions(-)

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index 55b4b1494..445f33614 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -1,5 +1,5 @@
 from datetime import datetime
-from typing import Dict, Optional, Tuple, Union
+from typing import Dict, List, Optional, Set, Tuple, Union
 
 from flask import Blueprint, current_app, request
 from sqlalchemy import exc
@@ -7,7 +7,6 @@
 from fittrackee import db
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.tasks.inbox import send_to_remote_inbox
-from fittrackee.federation.utils import sending_activities_allowed
 from fittrackee.oauth2.server import require_auth
 from fittrackee.privacy_levels import PrivacyLevel, can_view
 from fittrackee.responses import (
@@ -26,6 +25,39 @@
 comments_blueprint = Blueprint('comments', __name__)
 
 
+def get_all_recipients(
+    user: User,
+    comment: WorkoutComment,
+    deleted_mentioned_users: Optional[Set] = None,
+) -> List[str]:
+    recipients = user.get_followers_shared_inboxes_as_list()
+    mentions = [
+        user.actor.shared_inbox_url for user in comment.remote_mentions.all()
+    ]
+    if deleted_mentioned_users is None:
+        deleted_mentioned_users = set()
+    deleted_mentions = [
+        user.actor.shared_inbox_url for user in deleted_mentioned_users
+    ]
+    return list(set(recipients + mentions + deleted_mentions))
+
+
+def sending_comment_activities_allowed(
+    comment: WorkoutComment, deleted_mentioned_users: Optional[Set] = None
+) -> bool:
+    if deleted_mentioned_users is None:
+        deleted_mentioned_users = set()
+    return current_app.config['federation_enabled'] and (
+        comment.has_remote_mentions
+        or len(deleted_mentioned_users) > 0
+        or comment.text_visibility
+        in (
+            PrivacyLevel.PUBLIC,
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+    )
+
+
 @comments_blueprint.route(
     "/workouts/<string:workout_short_id>/comments", methods=["POST"]
 )
@@ -72,7 +104,7 @@ def add_workout_comment(
         db.session.add(new_comment)
         db.session.flush()
         new_comment.create_mentions()
-        if sending_activities_allowed(new_comment.text_visibility):
+        if sending_comment_activities_allowed(new_comment):
             new_comment.ap_id = (
                 f'{auth_user.actor.activitypub_id}/'
                 f'workouts/{workout.short_id}/'
@@ -84,7 +116,7 @@ def add_workout_comment(
                 f'comments/{new_comment.short_id}'
             )
             note_activity = new_comment.get_activity(activity_type='Create')
-            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            recipients = get_all_recipients(auth_user, new_comment)
             if recipients:
                 send_to_remote_inbox.send(
                     sender_id=auth_user.actor.id,
@@ -170,11 +202,11 @@ def delete_workout_comment(
     auth_user: User, workout_comment: WorkoutComment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     try:
-        if sending_activities_allowed(workout_comment.text_visibility):
+        if sending_comment_activities_allowed(workout_comment):
             note_activity = workout_comment.get_activity(
                 activity_type='Delete'
             )
-            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            recipients = get_all_recipients(auth_user, workout_comment)
             if recipients:
                 send_to_remote_inbox.send(
                     sender_id=auth_user.actor.id,
@@ -210,16 +242,15 @@ def update_workout_comment(
     try:
         workout_comment.text = clean_input(comment_data['text'])
         workout_comment.modification_date = datetime.utcnow()
-        workout_comment.update_mentions()
+        deleted_mentioned_users = workout_comment.update_mentions()
         db.session.commit()
 
-        if current_app.config[
-            'federation_enabled'
-        ] and workout_comment.text_visibility in (
-            PrivacyLevel.PUBLIC,
-            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        if sending_comment_activities_allowed(
+            workout_comment, deleted_mentioned_users
         ):
-            recipients = auth_user.get_followers_shared_inboxes_as_list()
+            recipients = get_all_recipients(
+                auth_user, workout_comment, deleted_mentioned_users
+            )
             if recipients:
                 note_activity = workout_comment.get_activity(
                     activity_type='Update'
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index f01b3039c..ad9209fdc 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -5,6 +5,8 @@
 from flask import current_app
 from sqlalchemy import and_, or_
 from sqlalchemy.dialects import postgresql
+from sqlalchemy.ext.hybrid import hybrid_property
+from sqlalchemy.orm.query import Query
 from sqlalchemy.types import Enum
 
 from fittrackee import BaseModel, db
@@ -28,11 +30,14 @@ def get_comments(
 ) -> List['WorkoutComment']:
     if user:
         local_following_ids, remote_following_ids = get_following(user)
-        comments_filter = WorkoutComment.query.filter(
+        comments_filter = WorkoutComment.query.join(
+            Mention, Mention.comment_id == WorkoutComment.id, isouter=True
+        ).filter(
             WorkoutComment.workout_id == workout_id,
             WorkoutComment.reply_to == reply_to,
             or_(
                 WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+                or_(user.id == Mention.user_id),
                 or_(
                     WorkoutComment.user_id == user.id,
                     and_(
@@ -141,6 +146,21 @@ def __init__(
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
 
+    @hybrid_property
+    def remote_mentions(self) -> Query:
+        from fittrackee.users.models import User
+
+        return (
+            db.session.query(User)
+            .join(Mention, User.id == Mention.user_id)
+            .filter(Mention.comment_id == self.id)
+            .filter(User.is_remote == True)  # noqa
+        )
+
+    @hybrid_property
+    def has_remote_mentions(self) -> bool:
+        return self.remote_mentions.count() > 0
+
     def handle_mentions(self) -> Tuple[str, Dict[str, Set['User']]]:
         from .utils import handle_mentions
 
@@ -154,7 +174,7 @@ def create_mentions(self) -> Tuple[str, Dict[str, Set['User']]]:
             db.session.flush()
         return linkified_text, mentioned_users
 
-    def update_mentions(self) -> None:
+    def update_mentions(self) -> Set['User']:
         from fittrackee.users.models import User
 
         existing_mentioned_users = set(
@@ -171,9 +191,8 @@ def update_mentions(self) -> None:
         )
 
         # delete removed mentions
-        mentions_to_delete = {
-            user.id for user in (existing_mentioned_users - intersection)
-        }
+        deleted_mentioned_users = existing_mentioned_users - intersection
+        mentions_to_delete = {user.id for user in deleted_mentioned_users}
         Mention.query.filter(
             Mention.comment_id == self.id,
             Mention.user_id.in_(mentions_to_delete),
@@ -184,7 +203,10 @@ def update_mentions(self) -> None:
         for user in updated_mentioned_users - intersection:
             mention = Mention(comment_id=self.id, user_id=user.id)
             db.session.add(mention)
-            db.session.flush()
+        db.session.flush()
+
+        # return users associated to deleted mention to send delete
+        return deleted_mentioned_users
 
     def serialize(self, user: Optional['User'] = None) -> Dict:
         if not can_view(self, 'text_visibility', user):
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index 4f8c8b544..e12355016 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -19,7 +19,13 @@ class WorkoutCommentObject(BaseObject):
     def __init__(
         self, workout_comment: 'WorkoutComment', activity_type: str
     ) -> None:
-        self._check_visibility(workout_comment)
+        """
+        Note: No visibility check on instantiation if activity is not a
+        creation.
+        It should be possible, for instance, to send an Update activity for a
+        comment with remote mentions removed.
+        """
+        self._check_visibility(workout_comment, activity_type)
         self.workout_comment = workout_comment
         self.visibility = workout_comment.text_visibility
         self.workout = workout_comment.workout
@@ -33,9 +39,12 @@ def __init__(
         self.activity_dict = self._init_activity_dict()
 
     @staticmethod
-    def _check_visibility(comment: 'WorkoutComment') -> None:
+    def _check_visibility(
+        comment: 'WorkoutComment', activity_type: str
+    ) -> None:
         if (
-            comment.text_visibility
+            activity_type == 'Create'
+            and comment.text_visibility
             in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
             and not comment.mentions.all()
         ):
@@ -60,6 +69,7 @@ def get_activity(self) -> Dict:
                 **self.activity_dict['object'],
                 'updated': self._get_modification_date(self.workout_comment),
             }
+        # existing mentions (local and remote)
         mentions = [
             user.actor.activitypub_id
             for user in mentioned_users["local"].union(
diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
index 355e5f114..cd392d8de 100644
--- a/fittrackee/federation/objects/tombstone.py
+++ b/fittrackee/federation/objects/tombstone.py
@@ -24,8 +24,16 @@ def __init__(
         self.type = ActivityType.DELETE
         self.actor = self.object_to_delete.user.actor
         self.visibility = self._get_object_visibility()
-        # TODO: handle comments with mentions
-        if self.visibility in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]:
+        if self.visibility in [
+            PrivacyLevel.PRIVATE,
+            PrivacyLevel.FOLLOWERS,
+        ] and (
+            self.object_to_delete_type != 'WorkoutComment'
+            or (
+                self.object_to_delete_type == 'WorkoutComment'
+                and not self.object_to_delete.has_remote_mentions
+            )
+        ):
             raise InvalidVisibilityException(
                 f"object visibility is: '{self.visibility.value}'"
             )
@@ -50,6 +58,17 @@ def get_activity(self) -> Dict:
         if self.visibility == PrivacyLevel.PUBLIC:
             delete_activity['to'] = [PUBLIC_STREAM]
             delete_activity['cc'] = [self.actor.followers_url]
+        elif self.visibility in [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]:
+            # for comments w/ mentions
+            _, mentioned_users = self.object_to_delete.handle_mentions()
+            mentions = [
+                user.actor.activitypub_id
+                for user in mentioned_users["local"].union(
+                    mentioned_users["remote"]
+                )
+            ]
+            delete_activity['to'] = mentions
+            delete_activity['cc'] = []
         else:
             delete_activity['to'] = [self.actor.followers_url]
             delete_activity['cc'] = []
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index f3b95718c..1458f6d53 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -1281,20 +1281,24 @@ def test_it_returns_only_comments_user_can_access(
                 text_visibility=PrivacyLevel.PUBLIC,
             )
         ]
-        for privacy_levels in [
-            PrivacyLevel.FOLLOWERS,
-            PrivacyLevel.PRIVATE,
-        ]:
+        for privacy_levels in [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]:
             self.create_comment(
                 user_3,
                 workout_cycling_user_2,
                 text_visibility=privacy_levels,
             )
+        for privacy_levels in [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]:
+            # user_1 is mentioned in private comment
+            visible_comments.append(
+                self.create_comment(
+                    user_3,
+                    workout_cycling_user_2,
+                    text=f"@{user_1.username}",
+                    text_visibility=privacy_levels,
+                )
+            )
         # user 2 followed by user 1
-        for privacy_levels in [
-            PrivacyLevel.PUBLIC,
-            PrivacyLevel.FOLLOWERS,
-        ]:
+        for privacy_levels in [PrivacyLevel.PUBLIC, PrivacyLevel.FOLLOWERS]:
             visible_comments.append(
                 self.create_comment(
                     user_2,
diff --git a/fittrackee/tests/federation/comments/test_comments_api.py b/fittrackee/tests/federation/comments/test_comments_api.py
index fd7e5fc21..629af7bcd 100644
--- a/fittrackee/tests/federation/comments/test_comments_api.py
+++ b/fittrackee/tests/federation/comments/test_comments_api.py
@@ -15,6 +15,7 @@
 from ...workouts.utils import WorkoutCommentMixin
 
 
+@patch('fittrackee.federation.utils.user.update_remote_user')
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestPostWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
@@ -30,6 +31,7 @@ class TestPostWorkoutComment(
     def test_it_returns_404_when_user_can_not_access_workout(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -37,6 +39,7 @@ def test_it_returns_404_when_user_can_not_access_workout(
         remote_cycling_workout: Workout,
         input_workout_visibility: PrivacyLevel,
     ) -> None:
+        # user_1 does not follow remote_user
         remote_cycling_workout.workout_visibility = input_workout_visibility
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -64,6 +67,7 @@ def test_it_returns_404_when_user_can_not_access_workout(
     def test_it_returns_404_when_follower_can_not_access_workout(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -71,6 +75,7 @@ def test_it_returns_404_when_follower_can_not_access_workout(
         remote_cycling_workout: Workout,
         follow_request_from_user_1_to_remote_user: FollowRequest,
     ) -> None:
+        # user_1 follows remote_user but the workout is private
         remote_user.approves_follow_request_from(user_1)
         remote_cycling_workout.workout_visibility = PrivacyLevel.PRIVATE
         client, auth_token = self.get_test_client_and_auth_token(
@@ -99,6 +104,7 @@ def test_it_returns_404_when_follower_can_not_access_workout(
     def test_it_returns_201_when_comment_is_created(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -150,6 +156,7 @@ def test_it_returns_201_when_comment_is_created(
     def test_it_returns_201_when_user_replies_to_a_remote_comment(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
@@ -185,9 +192,17 @@ def test_it_returns_201_when_user_replies_to_a_remote_comment(
         data = json.loads(response.data.decode())
         assert data['comment']['reply_to'] == workout_comment.short_id
 
-    def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
+    @pytest.mark.parametrize(
+        'input_workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_does_not_call_sent_to_inbox_if_privacy_is_private_or_local_followers_only_and_no_mentions(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -196,6 +211,7 @@ def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
         workout_cycling_user_2: Workout,
         follow_request_from_remote_user_to_user_1: FollowRequest,
         follow_request_from_user_2_to_user_1: FollowRequest,
+        input_workout_visibility: PrivacyLevel,
     ) -> None:
         user_1.approves_follow_request_from(remote_user)
         user_1.approves_follow_request_from(user_2)
@@ -209,7 +225,7 @@ def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
             data=json.dumps(
                 dict(
                     text=self.random_string(),
-                    text_visibility=PrivacyLevel.FOLLOWERS,
+                    text_visibility=input_workout_visibility,
                 )
             ),
             headers=dict(
@@ -222,6 +238,7 @@ def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
     def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -251,6 +268,50 @@ def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
 
         send_to_remote_inbox_mock.send.assert_not_called()
 
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
+    )
+    def test_it_calls_sent_to_inbox_if_comment_has_mention(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        # remote_user is mentioned but does not follow user_1
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=f"@{remote_user.fullname} {self.random_string()}",
+                    text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        note_activity = WorkoutComment.query.first().get_activity(
+            activity_type='Create'
+        )
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
     @pytest.mark.parametrize(
         'input_visibility',
         [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
@@ -258,6 +319,7 @@ def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
     def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -303,6 +365,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
     def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -341,11 +404,10 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             recipients=[remote_user_2.actor.shared_inbox_url],
         )
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
     def test_it_creates_mention(
         self,
-        update_mock: Mock,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -820,11 +882,28 @@ def test_it_returns_only_comments_user_can_access(
             PrivacyLevel.FOLLOWERS,
             PrivacyLevel.PRIVATE,
         ]:
+            # user_1 is not mentioned
             self.create_comment(
                 remote_user_2,
                 workout_cycling_user_2,
                 text_visibility=privacy_levels,
             )
+
+        for privacy_levels in [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ]:
+            # user_1 is mentioned
+            visible_comments.append(
+                self.create_comment(
+                    remote_user_2,
+                    workout_cycling_user_2,
+                    text=f"@{user_1.username}",
+                    text_visibility=privacy_levels,
+                )
+            )
+
         # remote user followed by user 1
         for privacy_levels in [
             PrivacyLevel.PUBLIC,
@@ -908,7 +987,56 @@ def test_it_returns_only_comments_user_can_access(
         ]
 
 
-class TestGetWorkoutsCommentWithReplies(
+class TestGetWorkoutCommentWithMention(
+    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    @pytest.mark.parametrize(
+        'input_workout_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_user_can_access_comment_when_mentioned(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_workout_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        workout_comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text=f"@{user_1.username} {self.random_string()}",
+            text_visibility=input_workout_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/"
+            f"comments/{workout_comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(
+            workout_comment.serialize(user_1)
+        )
+
+
+class TestGetWorkoutsCommentsWithReplies(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_gets_reply(
@@ -950,6 +1078,7 @@ def test_it_gets_reply(
         ]
 
 
+@patch('fittrackee.federation.utils.user.update_remote_user')
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestDeleteWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
@@ -957,6 +1086,7 @@ class TestDeleteWorkoutComment(
     def test_it_returns_404_if_comment_is_not_visible_to_user(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -987,6 +1117,7 @@ def test_it_returns_404_if_comment_is_not_visible_to_user(
     def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -1019,6 +1150,7 @@ def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
     def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -1046,6 +1178,45 @@ def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
 
         send_to_remote_inbox_mock.send.assert_not_called()
 
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
+    )
+    def test_it_calls_sent_to_inbox_if_comment_has_mention(  # noqa
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{remote_user.fullname} {self.random_string()}",
+            text_visibility=input_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        note_activity = comment.get_activity(activity_type='Delete')
+
+        client.delete(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=note_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
     @pytest.mark.parametrize(
         'input_visibility',
         [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
@@ -1053,6 +1224,7 @@ def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
     def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_instance(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -1093,6 +1265,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
     def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -1129,6 +1302,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
     def test_it_deletes_mentions(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -1159,13 +1333,15 @@ def test_it_deletes_mentions(
         assert Mention.query.filter_by(comment_id=comment_id).all() == []
 
 
+@patch('fittrackee.federation.utils.user.update_remote_user')
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestPatchWorkoutComment(
     WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
-    def test_it_does_not_call_sent_to_inbox_when_comment_is_local(  # noqa
+    def test_it_does_not_call_sent_to_inbox_when_comment_is_local_with_no_mentions(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -1196,6 +1372,100 @@ def test_it_does_not_call_sent_to_inbox_when_comment_is_local(  # noqa
         assert response.status_code == 200
         send_to_remote_inbox_mock.send.assert_not_called()
 
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_calls_sent_to_inbox_with_update_when_comment_has_mention(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{remote_user.fullname} foo",
+            text_visibility=input_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=f"@{remote_user.fullname} bar")),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        update_comment_activity = comment.get_activity(activity_type='Update')
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=update_comment_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [
+            PrivacyLevel.FOLLOWERS_AND_REMOTE,
+            PrivacyLevel.FOLLOWERS,
+            PrivacyLevel.PRIVATE,
+        ],
+    )
+    def test_it_calls_sent_to_inbox_with_update_when_mention_is_removed(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text=f"@{remote_user.fullname} foo",
+            text_visibility=input_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.patch(
+            f"/api/workouts/{workout_cycling_user_2.short_id}"
+            f"/comments/{comment.short_id}",
+            content_type="application/json",
+            data=json.dumps(dict(text=self.random_string())),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        update_comment_activity = comment.get_activity(activity_type='Update')
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=update_comment_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
     @pytest.mark.parametrize(
         'text_visibility',
         [PrivacyLevel.FOLLOWERS_AND_REMOTE, PrivacyLevel.PUBLIC],
@@ -1203,6 +1473,7 @@ def test_it_does_not_call_sent_to_inbox_when_comment_is_local(  # noqa
     def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_instance(
         self,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
@@ -1239,11 +1510,10 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_instance(
             recipients=[remote_user.actor.shared_inbox_url],
         )
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
     def test_it_updates_mentions_to_remove_mention(
         self,
-        update_mock: Mock,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -1286,11 +1556,10 @@ def test_it_updates_mentions_to_remove_mention(
             ).first()
         )
 
-    @patch('fittrackee.federation.utils.user.update_remote_user')
     def test_it_updates_mentions_to_add_mention(
         self,
-        update_mock: Mock,
         send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
diff --git a/fittrackee/tests/federation/comments/test_mentions_models.py b/fittrackee/tests/federation/comments/test_mentions_models.py
index 162c62615..0241dcd57 100644
--- a/fittrackee/tests/federation/comments/test_mentions_models.py
+++ b/fittrackee/tests/federation/comments/test_mentions_models.py
@@ -135,3 +135,66 @@ def test_private_comment_with_remote_mention_is_only_visible_to_author(
             assert comment.serialize(user_2)  # follower
             assert comment.serialize(user_3)  # user
             assert comment.serialize()  # unauthenticated user
+
+
+class TestWorkoutCommentRemoteMentions(WorkoutCommentMixin):
+    def test_it_gets_remote_followers_count(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+        remote_user: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=(
+                f"@{user_3.username} {self.random_string()} "
+                f"@{remote_user.fullname}"
+            ),
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        assert comment.remote_mentions.count() == 1
+
+    def test_has_remote_mentions_returns_false_when_no_remote_mentions(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{user_3.username} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        assert comment.has_remote_mentions is False
+
+    def test_has_remote_mentions_returns_true_when_remote_mentions(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        remote_user: User,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text=f"@{remote_user.fullname} {self.random_string()}",
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        assert comment.has_remote_mentions is True
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
index 32970bb0c..cb4d734aa 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -1,3 +1,5 @@
+from unittest.mock import Mock, patch
+
 import pytest
 from flask import Flask
 
@@ -189,3 +191,49 @@ def test_it_generates_delete_activity_for_comment_with_follower_visibility(
             "to": [user_1.actor.followers_url],
             "cc": [],
         }
+
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    @patch('fittrackee.federation.utils.user.update_remote_user')
+    def test_it_generates_delete_activity_for_comment_with_private_or_local_followers_visibility_and_mention(  # noqa
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text=f"@{remote_user.fullname}",
+            text_visibility=input_visibility,
+        )
+        tombstone = TombstoneObject(comment)
+
+        delete_activity = tombstone.get_activity()
+
+        assert delete_activity == {
+            "@context": AP_CTX,
+            "id": (
+                f'{user_1.actor.activitypub_id}/workouts/'
+                f'{workout_cycling_user_1.short_id}/comments/'
+                f'{comment.short_id}/delete'
+            ),
+            "type": "Delete",
+            "actor": user_1.actor.activitypub_id,
+            "object": {
+                "type": "Tombstone",
+                "id": (
+                    f'{user_1.actor.activitypub_id}/workouts/'
+                    f'{workout_cycling_user_1.short_id}/comments/'
+                    f'{comment.short_id}'
+                ),
+            },
+            "to": [remote_user.actor.activitypub_id],
+            "cc": [],
+        }
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
index 017cca6b4..161639d18 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
@@ -308,47 +308,72 @@ def test_it_generates_activity_with_mentioned_users(
 
 
 class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
-    @pytest.mark.parametrize(
-        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
-    )
-    def test_it_raises_error_when_visibility_is_invalid(
+    def test_it_raises_error_when_activity_type_is_invalid(
         self,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
-        input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        # no mentioned users
         workout_comment = self.create_comment(
-            user_2, workout_cycling_user_1, text_visibility=input_visibility
+            user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
         )
+        invalid_activity_type = self.random_string()
         with pytest.raises(
-            InvalidVisibilityException,
-            match=f"object visibility is: '{input_visibility.value}'",
+            ValueError,
+            match=f"'{invalid_activity_type}' is not a valid ActivityType",
         ):
-            WorkoutCommentObject(workout_comment, 'Update')
+            WorkoutCommentObject(workout_comment, invalid_activity_type)
 
-    def test_it_raises_error_when_activity_type_is_invalid(
+    @pytest.mark.parametrize(
+        'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
+    )
+    def test_it_generates_activity_when_visibility_is_private_or_for_local_followers(  # noqa
         self,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
+        input_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        workout_cycling_user_1.ap_id = self.random_string()
+        # case of mention removed
         workout_comment = self.create_comment(
-            user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
+            user_2, workout_cycling_user_1, text_visibility=input_visibility
         )
-        invalid_activity_type = self.random_string()
-        with pytest.raises(
-            ValueError,
-            match=f"'{invalid_activity_type}' is not a valid ActivityType",
-        ):
-            WorkoutCommentObject(workout_comment, invalid_activity_type)
+        workout_comment.modification_date = datetime.utcnow()
+        published = workout_comment.created_at.strftime(DATE_FORMAT)
+        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+
+        serialized_comment = comment_object.get_activity()
+
+        assert serialized_comment == {
+            "@context": AP_CTX,
+            "id": f"{workout_comment.ap_id}/update",
+            "type": "Update",
+            "actor": user_2.actor.activitypub_id,
+            "published": published,
+            "to": [],  # mention removed
+            "cc": [],
+            "object": {
+                "id": workout_comment.ap_id,
+                "type": "Note",
+                "published": published,
+                "url": workout_comment.remote_url,
+                "attributedTo": user_2.actor.activitypub_id,
+                "inReplyTo": workout_cycling_user_1.ap_id,
+                "content": workout_comment.text,
+                "to": [],
+                "cc": [],
+                "updated": workout_comment.modification_date.strftime(
+                    DATE_FORMAT
+                ),
+            },
+        }
 
     def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  # noqa
         self,

From f722c3e5edcf7da2ba6104a333a5dd0cdbfdf3fd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 15 Feb 2023 17:07:43 +0100
Subject: [PATCH 213/238] API & Client - refacto

---
 e2e/test_registration.py                      |   2 +-
 fittrackee/comments/comments.py               |  50 +++---
 fittrackee/comments/decorators.py             |  12 +-
 fittrackee/comments/models.py                 |  54 +++---
 .../federation/activities/activities.py       |  14 +-
 fittrackee/federation/objects/base_object.py  |   4 +-
 fittrackee/federation/objects/comment.py      |  40 ++---
 fittrackee/federation/objects/tombstone.py    |  14 +-
 .../30_8842c351a2d8_init_social_features.py   |  14 +-
 fittrackee/privacy_levels.py                  |   6 +-
 .../tests/comments/test_comments_api.py       | 110 ++++++------
 .../tests/comments/test_comments_models.py    |   6 +-
 .../federation/comments/test_comments_api.py  |  90 +++++-----
 .../test_federation_activities_activities.py  |  21 ++-
 ....py => test_federation_objects_comment.py} | 158 +++++++++---------
 fittrackee/tests/workouts/utils.py            |   8 +-
 fittrackee/users/models.py                    |   4 +-
 fittrackee/workouts/models.py                 |   4 +-
 .../Comment.vue}                              |   4 +-
 .../CommentEdition.vue}                       |   0
 .../Comments.vue}                             |   4 +-
 fittrackee_client/src/custom-components.ts    |   4 +-
 .../src/views/workouts/Workout.vue            |  10 +-
 23 files changed, 290 insertions(+), 343 deletions(-)
 rename fittrackee/tests/federation/federation/{test_federation_objects_workout_comment.py => test_federation_objects_comment.py} (79%)
 rename fittrackee_client/src/components/{WorkoutComment/WorkoutComment.vue => Comment/Comment.vue} (98%)
 rename fittrackee_client/src/components/{WorkoutComment/WorkoutCommentEdition.vue => Comment/CommentEdition.vue} (100%)
 rename fittrackee_client/src/components/{WorkoutComment/WorkoutComments.vue => Comment/Comments.vue} (95%)

diff --git a/e2e/test_registration.py b/e2e/test_registration.py
index 5279972dc..7994fda37 100644
--- a/e2e/test_registration.py
+++ b/e2e/test_registration.py
@@ -51,7 +51,7 @@ def test_user_can_register(self, selenium):
         }
 
         register(selenium, user)
-
+        print(selenium.find_element)
         message = selenium.find_element(By.CLASS_NAME, 'success-message').text
         assert (
             'A link to activate your account has been '
diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index 445f33614..bab3d434f 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -20,14 +20,14 @@
 from fittrackee.workouts.models import Workout
 
 from .decorators import check_workout_comment
-from .models import WorkoutComment, get_comments
+from .models import Comment, get_comments
 
 comments_blueprint = Blueprint('comments', __name__)
 
 
 def get_all_recipients(
     user: User,
-    comment: WorkoutComment,
+    comment: Comment,
     deleted_mentioned_users: Optional[Set] = None,
 ) -> List[str]:
     recipients = user.get_followers_shared_inboxes_as_list()
@@ -43,7 +43,7 @@ def get_all_recipients(
 
 
 def sending_comment_activities_allowed(
-    comment: WorkoutComment, deleted_mentioned_users: Optional[Set] = None
+    comment: Comment, deleted_mentioned_users: Optional[Set] = None
 ) -> bool:
     if deleted_mentioned_users is None:
         deleted_mentioned_users = set()
@@ -86,20 +86,20 @@ def add_workout_comment(
             )
 
         reply_to = comment_data.get('reply_to')
-        workout_comment = None
+        comment = None
         if reply_to:
-            workout_comment = WorkoutComment.query.filter_by(
+            comment = Comment.query.filter_by(
                 uuid=decode_short_id(reply_to)
             ).first()
-            if not workout_comment:
+            if not comment:
                 return InvalidPayloadErrorResponse("'reply_to' is invalid")
 
-        new_comment = WorkoutComment(
+        new_comment = Comment(
             user_id=auth_user.id,
             workout_id=workout.id,
             text=clean_input(comment_data['text']),
             text_visibility=PrivacyLevel(comment_data['text_visibility']),
-            reply_to=workout_comment.id if workout_comment else None,
+            reply_to=comment.id if comment else None,
         )
         db.session.add(new_comment)
         db.session.flush()
@@ -150,12 +150,12 @@ def add_workout_comment(
 @require_auth(scopes=['workouts:read'], optional_auth_user=True)
 @check_workout_comment(check_owner=False)
 def get_workout_comment(
-    auth_user: Optional[User], workout_comment: WorkoutComment
+    auth_user: Optional[User], comment: Comment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     return (
         {
             'status': 'success',
-            'comment': workout_comment.serialize(auth_user),
+            'comment': comment.serialize(auth_user),
         },
         200,
     )
@@ -199,14 +199,12 @@ def get_workout_comments(
 @require_auth(scopes=['workouts:write'])
 @check_workout_comment()
 def delete_workout_comment(
-    auth_user: User, workout_comment: WorkoutComment
+    auth_user: User, comment: Comment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     try:
-        if sending_comment_activities_allowed(workout_comment):
-            note_activity = workout_comment.get_activity(
-                activity_type='Delete'
-            )
-            recipients = get_all_recipients(auth_user, workout_comment)
+        if sending_comment_activities_allowed(comment):
+            note_activity = comment.get_activity(activity_type='Delete')
+            recipients = get_all_recipients(auth_user, comment)
             if recipients:
                 send_to_remote_inbox.send(
                     sender_id=auth_user.actor.id,
@@ -214,7 +212,7 @@ def delete_workout_comment(
                     recipients=recipients,
                 )
 
-        db.session.delete(workout_comment)
+        db.session.delete(comment)
         db.session.commit()
         return {'status': 'no content'}, 204
     except (
@@ -233,28 +231,26 @@ def delete_workout_comment(
 @require_auth(scopes=['workouts:write'])
 @check_workout_comment()
 def update_workout_comment(
-    auth_user: User, workout_comment: WorkoutComment
+    auth_user: User, comment: Comment
 ) -> Union[Dict, HttpResponse]:
     comment_data = request.get_json()
     if not comment_data or not comment_data.get('text'):
         return InvalidPayloadErrorResponse()
 
     try:
-        workout_comment.text = clean_input(comment_data['text'])
-        workout_comment.modification_date = datetime.utcnow()
-        deleted_mentioned_users = workout_comment.update_mentions()
+        comment.text = clean_input(comment_data['text'])
+        comment.modification_date = datetime.utcnow()
+        deleted_mentioned_users = comment.update_mentions()
         db.session.commit()
 
         if sending_comment_activities_allowed(
-            workout_comment, deleted_mentioned_users
+            comment, deleted_mentioned_users
         ):
             recipients = get_all_recipients(
-                auth_user, workout_comment, deleted_mentioned_users
+                auth_user, comment, deleted_mentioned_users
             )
             if recipients:
-                note_activity = workout_comment.get_activity(
-                    activity_type='Update'
-                )
+                note_activity = comment.get_activity(activity_type='Update')
                 send_to_remote_inbox.send(
                     sender_id=auth_user.actor.id,
                     activity=note_activity,
@@ -263,7 +259,7 @@ def update_workout_comment(
 
         return {
             'status': 'success',
-            'comment': workout_comment.serialize(auth_user),
+            'comment': comment.serialize(auth_user),
         }
 
     except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
diff --git a/fittrackee/comments/decorators.py b/fittrackee/comments/decorators.py
index 1251b75d6..d5f7e8111 100644
--- a/fittrackee/comments/decorators.py
+++ b/fittrackee/comments/decorators.py
@@ -6,7 +6,7 @@
 from fittrackee.utils import decode_short_id
 from fittrackee.workouts.models import Workout
 
-from .models import WorkoutComment
+from .models import Comment
 
 
 def check_workout_comment(check_owner: bool = True) -> Callable:
@@ -26,24 +26,24 @@ def wrapper_check_workout_comment(
                 )
 
             workout_comment_uuid = decode_short_id(comment_short_id)
-            workout_comment = WorkoutComment.query.filter_by(
+            comment = Comment.query.filter_by(
                 uuid=workout_comment_uuid
             ).first()
-            if not workout_comment:
+            if not comment:
                 return NotFoundErrorResponse(
                     f"workout comment not found (id: {comment_short_id})"
                 )
 
-            if not can_view(workout_comment, "text_visibility", auth_user):
+            if not can_view(comment, "text_visibility", auth_user):
                 return NotFoundErrorResponse(
                     f"workout comment not found (id: {comment_short_id})"
                 )
 
             if check_owner and (
-                not auth_user or auth_user.id != workout_comment.user.id
+                not auth_user or auth_user.id != comment.user.id
             ):
                 return ForbiddenErrorResponse()
-            return f(auth_user, workout_comment)
+            return f(auth_user, comment)
 
         return wrapper_check_workout_comment
 
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index ad9209fdc..1fa0838d5 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -11,7 +11,7 @@
 
 from fittrackee import BaseModel, db
 from fittrackee.exceptions import InvalidVisibilityException
-from fittrackee.federation.objects.comment import WorkoutCommentObject
+from fittrackee.federation.objects.comment import CommentObject
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.privacy_levels import PrivacyLevel, can_view
 from fittrackee.users.utils.following import get_following
@@ -24,25 +24,23 @@
 
 
 def get_comments(
-    workout_id: int,
-    user: Optional['User'],
-    reply_to: Optional[int] = None,
-) -> List['WorkoutComment']:
+    workout_id: int, user: Optional['User'], reply_to: Optional[int] = None
+) -> List['Comment']:
     if user:
         local_following_ids, remote_following_ids = get_following(user)
-        comments_filter = WorkoutComment.query.join(
-            Mention, Mention.comment_id == WorkoutComment.id, isouter=True
+        comments_filter = Comment.query.join(
+            Mention, Mention.comment_id == Comment.id, isouter=True
         ).filter(
-            WorkoutComment.workout_id == workout_id,
-            WorkoutComment.reply_to == reply_to,
+            Comment.workout_id == workout_id,
+            Comment.reply_to == reply_to,
             or_(
-                WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+                Comment.text_visibility == PrivacyLevel.PUBLIC,
                 or_(user.id == Mention.user_id),
                 or_(
-                    WorkoutComment.user_id == user.id,
+                    Comment.user_id == user.id,
                     and_(
-                        WorkoutComment.user_id.in_(local_following_ids),
-                        WorkoutComment.text_visibility.in_(
+                        Comment.user_id.in_(local_following_ids),
+                        Comment.text_visibility.in_(
                             [
                                 PrivacyLevel.FOLLOWERS,
                                 PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -50,24 +48,24 @@ def get_comments(
                         ),
                     ),
                     and_(
-                        WorkoutComment.user_id.in_(remote_following_ids),
-                        WorkoutComment.text_visibility
+                        Comment.user_id.in_(remote_following_ids),
+                        Comment.text_visibility
                         == PrivacyLevel.FOLLOWERS_AND_REMOTE,
                     ),
                 ),
             ),
         )
     else:
-        comments_filter = WorkoutComment.query.filter(
-            WorkoutComment.workout_id == workout_id,
-            WorkoutComment.reply_to == reply_to,
-            WorkoutComment.text_visibility == PrivacyLevel.PUBLIC,
+        comments_filter = Comment.query.filter(
+            Comment.workout_id == workout_id,
+            Comment.reply_to == reply_to,
+            Comment.text_visibility == PrivacyLevel.PUBLIC,
         )
-    return comments_filter.order_by(WorkoutComment.created_at.asc()).all()
+    return comments_filter.order_by(Comment.created_at.asc()).all()
 
 
-class WorkoutComment(BaseModel):
-    __tablename__ = 'workout_comments'
+class Comment(BaseModel):
+    __tablename__ = 'comments'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
     uuid = db.Column(
         postgresql.UUID(as_uuid=True),
@@ -86,7 +84,7 @@ class WorkoutComment(BaseModel):
     )
     reply_to = db.Column(
         db.Integer,
-        db.ForeignKey('workout_comments.id', ondelete="SET NULL"),
+        db.ForeignKey('comments.id', ondelete="SET NULL"),
         index=True,
         nullable=True,
     )
@@ -102,19 +100,19 @@ class WorkoutComment(BaseModel):
     remote_url = db.Column(db.Text(), nullable=True)
 
     parent_comment = db.relationship(
-        'WorkoutComment', remote_side=[id], lazy='joined'
+        'Comment', remote_side=[id], lazy='joined'
     )
     mentions = db.relationship(
         "User",
         secondary="mentions",
-        primaryjoin="WorkoutComment.id == Mention.comment_id",
+        primaryjoin="Comment.id == Mention.comment_id",
         secondaryjoin="Mention.user_id == User.id",
         lazy="dynamic",
         viewonly=True,
     )
 
     def __repr__(self) -> str:
-        return f'<WorkoutComment {self.id}>'
+        return f'<Comment {self.id}>'
 
     def __init__(
         self,
@@ -236,7 +234,7 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
 
     def get_activity(self, activity_type: str) -> Dict:
         if activity_type in ['Create', 'Update']:
-            return WorkoutCommentObject(
+            return CommentObject(
                 self, activity_type=activity_type
             ).get_activity()
         if activity_type == 'Delete':
@@ -251,7 +249,7 @@ class Mention(BaseModel):
 
     comment_id = db.Column(
         db.Integer,
-        db.ForeignKey('workout_comments.id', ondelete="CASCADE"),
+        db.ForeignKey('comments.id', ondelete="CASCADE"),
         primary_key=True,
     )
     user_id = db.Column(
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 1e9dbad4f..02fc7442e 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -4,7 +4,7 @@
 from typing import Dict, Tuple
 
 from fittrackee import appLog, db
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Comment
 from fittrackee.federation.constants import PUBLIC_STREAM
 from fittrackee.federation.exceptions import (
     ActivityException,
@@ -205,12 +205,12 @@ def create_remote_note(self, actor: Actor) -> None:
                 r"https://(.*)/workouts/(.*)/comments/(.*)",
                 reply_to_object_api_id,
             ):
-                parent_comment = WorkoutComment.query.filter_by(
+                parent_comment = Comment.query.filter_by(
                     ap_id=reply_to_object_api_id
                 ).first()
                 if not parent_comment:
                     raise ObjectNotFoundException(
-                        "parent workout_comment", self.activity_name()
+                        "parent comment", self.activity_name()
                     )
                 workout = parent_comment.workout
             elif re.match(
@@ -223,7 +223,7 @@ def create_remote_note(self, actor: Actor) -> None:
         if not workout:
             raise ObjectNotFoundException("workout", self.activity_name())
 
-        new_comment = WorkoutComment(
+        new_comment = Comment(
             user_id=actor.user.id,
             workout_id=workout.id,
             text=note_data["content"],
@@ -252,9 +252,7 @@ def process_activity(self) -> None:
         object_ap_id = self.activity['object']['id']
 
         # check if related object is a comment
-        object_to_delete = WorkoutComment.query.filter_by(
-            ap_id=object_ap_id
-        ).first()
+        object_to_delete = Comment.query.filter_by(ap_id=object_ap_id).first()
 
         # if not, check if related object is a workout
         if not object_to_delete:
@@ -330,7 +328,7 @@ def update_remote_workout(self, actor: Actor) -> None:
 
     def update_remote_workout_comment(self, actor: Actor) -> None:
         note_data = self.activity['object']
-        comment_to_update = WorkoutComment.query.filter_by(
+        comment_to_update = Comment.query.filter_by(
             ap_id=note_data['id']
         ).first()
         if not comment_to_update:
diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index c41b152eb..f3de877da 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -7,7 +7,7 @@
 from ..constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 
 if TYPE_CHECKING:
-    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.comments.models import Comment
     from fittrackee.workouts.models import Workout
 
     from ..enums import ActivityType
@@ -55,7 +55,7 @@ def _get_published_date(object_date: datetime) -> str:
 
     @staticmethod
     def _get_modification_date(
-        activity_object: Union['Workout', 'WorkoutComment']
+        activity_object: Union['Workout', 'Comment']
     ) -> str:
         return activity_object.modification_date.strftime(DATE_FORMAT)
 
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index e12355016..106238e7e 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -7,41 +7,35 @@
 from .base_object import BaseObject
 
 if TYPE_CHECKING:
-    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.comments.models import Comment
     from fittrackee.workouts.models import Workout
 
 
-class WorkoutCommentObject(BaseObject):
+class CommentObject(BaseObject):
 
     workout: 'Workout'
-    workout_comment: 'WorkoutComment'
+    comment: 'Comment'
 
-    def __init__(
-        self, workout_comment: 'WorkoutComment', activity_type: str
-    ) -> None:
+    def __init__(self, comment: 'Comment', activity_type: str) -> None:
         """
         Note: No visibility check on instantiation if activity is not a
         creation.
         It should be possible, for instance, to send an Update activity for a
         comment with remote mentions removed.
         """
-        self._check_visibility(workout_comment, activity_type)
-        self.workout_comment = workout_comment
-        self.visibility = workout_comment.text_visibility
-        self.workout = workout_comment.workout
+        self._check_visibility(comment, activity_type)
+        self.comment = comment
+        self.visibility = comment.text_visibility
+        self.workout = comment.workout
         self.type = ActivityType(activity_type)
-        self.actor = self.workout_comment.user.actor
-        self.activity_id = self.workout_comment.ap_id
-        self.published = self._get_published_date(
-            self.workout_comment.created_at
-        )
-        self.object_url = self.workout_comment.remote_url
+        self.actor = self.comment.user.actor
+        self.activity_id = self.comment.ap_id
+        self.published = self._get_published_date(self.comment.created_at)
+        self.object_url = self.comment.remote_url
         self.activity_dict = self._init_activity_dict()
 
     @staticmethod
-    def _check_visibility(
-        comment: 'WorkoutComment', activity_type: str
-    ) -> None:
+    def _check_visibility(comment: 'Comment', activity_type: str) -> None:
         if (
             activity_type == 'Create'
             and comment.text_visibility
@@ -56,18 +50,18 @@ def get_activity(self) -> Dict:
         (
             text_with_mention,
             mentioned_users,
-        ) = self.workout_comment.handle_mentions()
+        ) = self.comment.handle_mentions()
         self.activity_dict['object']['type'] = 'Note'
         self.activity_dict['object']['content'] = text_with_mention
         self.activity_dict['object']['inReplyTo'] = (
-            self.workout_comment.parent_comment.ap_id
-            if self.workout_comment.reply_to
+            self.comment.parent_comment.ap_id
+            if self.comment.reply_to
             else self.workout.ap_id
         )
         if self.type == ActivityType.UPDATE:
             self.activity_dict['object'] = {
                 **self.activity_dict['object'],
-                'updated': self._get_modification_date(self.workout_comment),
+                'updated': self._get_modification_date(self.comment),
             }
         # existing mentions (local and remote)
         mentions = [
diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
index cd392d8de..40a9a5623 100644
--- a/fittrackee/federation/objects/tombstone.py
+++ b/fittrackee/federation/objects/tombstone.py
@@ -8,17 +8,15 @@
 from .base_object import BaseObject
 
 if TYPE_CHECKING:
-    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.comments.models import Comment
     from fittrackee.workouts.models import Workout
 
 
 class TombstoneObject(BaseObject):
     # WIP
-    object_to_delete: Union['Workout', 'WorkoutComment']
+    object_to_delete: Union['Workout', 'Comment']
 
-    def __init__(
-        self, object_to_delete: Union['Workout', 'WorkoutComment']
-    ) -> None:
+    def __init__(self, object_to_delete: Union['Workout', 'Comment']) -> None:
         self.object_to_delete = object_to_delete
         self.object_to_delete_type = object_to_delete.__class__.__name__
         self.type = ActivityType.DELETE
@@ -28,9 +26,9 @@ def __init__(
             PrivacyLevel.PRIVATE,
             PrivacyLevel.FOLLOWERS,
         ] and (
-            self.object_to_delete_type != 'WorkoutComment'
+            self.object_to_delete_type != 'Comment'
             or (
-                self.object_to_delete_type == 'WorkoutComment'
+                self.object_to_delete_type == 'Comment'
                 and not self.object_to_delete.has_remote_mentions
             )
         ):
@@ -39,7 +37,7 @@ def __init__(
             )
 
     def _get_object_visibility(self) -> PrivacyLevel:
-        if self.object_to_delete_type == 'WorkoutComment':
+        if self.object_to_delete_type == 'Comment':
             return self.object_to_delete.text_visibility
         return self.object_to_delete.workout_visibility
 
diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index d0700405b..a871bfd71 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -264,7 +264,7 @@ def upgrade():
     op.alter_column('workouts', 'map_visibility', nullable=False)
 
     privacy_levels.create(op.get_bind())
-    op.create_table('workout_comments',
+    op.create_table('comments',
     sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
     sa.Column('uuid', UUID(as_uuid=True), nullable=False),
     sa.Column('user_id', sa.Integer(), nullable=False),
@@ -277,12 +277,12 @@ def upgrade():
     sa.Column('remote_url', sa.Text(), nullable=True),
     sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
     sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ondelete='SET NULL'),
-    sa.ForeignKeyConstraint(['reply_to'], ['workout_comments.id'], ondelete='SET NULL'),
+    sa.ForeignKeyConstraint(['reply_to'], ['comments.id'], ondelete='SET NULL'),
     sa.PrimaryKeyConstraint('id'),
     sa.UniqueConstraint('uuid')
     )
     op.add_column(
-        'workout_comments',
+        'comments',
         sa.Column(
             'text_visibility',
             privacy_levels,
@@ -290,7 +290,7 @@ def upgrade():
             nullable=False
         )
     )
-    with op.batch_alter_table('workout_comments', schema=None) as batch_op:
+    with op.batch_alter_table('comments', schema=None) as batch_op:
         batch_op.create_index(batch_op.f('ix_workout_comments_user_id'), ['user_id'], unique=False)
         batch_op.create_index(batch_op.f('ix_workout_comments_workout_id'), ['workout_id'], unique=False)
         batch_op.create_index(batch_op.f('ix_workout_comments_reply_to'), ['reply_to'], unique=False)
@@ -299,7 +299,7 @@ def upgrade():
     sa.Column('comment_id', sa.Integer(), nullable=False),
     sa.Column('user_id', sa.Integer(), nullable=False),
     sa.Column('created_at', sa.DateTime(), nullable=False),
-    sa.ForeignKeyConstraint(['comment_id'], ['workout_comments.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['comment_id'], ['comments.id'], ondelete='CASCADE'),
     sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
     sa.PrimaryKeyConstraint('comment_id', 'user_id')
     )
@@ -308,11 +308,11 @@ def upgrade():
 def downgrade():
     op.drop_table('mentions')
 
-    with op.batch_alter_table('workout_comments', schema=None) as batch_op:
+    with op.batch_alter_table('comments', schema=None) as batch_op:
         batch_op.drop_index(batch_op.f('ix_workout_comments_user_id'))
         batch_op.drop_index(batch_op.f('ix_workout_comments_workout_id'))
         batch_op.drop_index(batch_op.f('ix_workout_comments_reply_to'))
-    op.drop_table('workout_comments')
+    op.drop_table('comments')
 
     op.drop_column('workouts', 'remote_url')
     op.drop_column('workouts', 'ap_id')
diff --git a/fittrackee/privacy_levels.py b/fittrackee/privacy_levels.py
index 9729cf3f2..df5364117 100644
--- a/fittrackee/privacy_levels.py
+++ b/fittrackee/privacy_levels.py
@@ -2,7 +2,7 @@
 from typing import TYPE_CHECKING, Optional, Union
 
 if TYPE_CHECKING:
-    from fittrackee.comments.models import WorkoutComment
+    from fittrackee.comments.models import Comment
     from fittrackee.users.models import User
     from fittrackee.workouts.models import Workout
 
@@ -35,7 +35,7 @@ def get_map_visibility(
 
 
 def can_view(
-    target_object: Union['Workout', 'WorkoutComment'],
+    target_object: Union['Workout', 'Comment'],
     visibility: str,
     user: Optional['User'] = None,
 ) -> bool:
@@ -49,7 +49,7 @@ def can_view(
         return False
 
     if (
-        target_object.__class__.__name__ == "WorkoutComment"
+        target_object.__class__.__name__ == "Comment"
         and user in target_object.mentions.all()
     ):
         return True
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index 1458f6d53..fd74389ff 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -5,7 +5,7 @@
 from flask import Flask
 from werkzeug import Response
 
-from fittrackee.comments.models import Mention, WorkoutComment
+from fittrackee.comments.models import Comment, Mention
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
@@ -224,7 +224,7 @@ def test_it_returns_500_when_data_is_invalid(
         )
 
         self.assert_500(response, 'Error during comment save.', 'fail')
-        assert WorkoutComment.query.all() == []
+        assert Comment.query.all() == []
 
     def test_it_returns_201_when_comment_is_created(
         self,
@@ -258,7 +258,7 @@ def test_it_returns_201_when_comment_is_created(
 
         assert response.status_code == 201
         data = json.loads(response.data.decode())
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
@@ -291,7 +291,7 @@ def test_it_sanitizes_text_before_storing_in_database(
         )
 
         assert response.status_code == 201
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_1.id
         ).first()
         assert new_comment.text == " Hello"
@@ -335,7 +335,7 @@ def test_it_returns_201_when_user_replies_to_a_comment(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -351,7 +351,7 @@ def test_it_returns_201_when_user_replies_to_a_comment(
                 dict(
                     text=self.random_string(),
                     text_visibility=PrivacyLevel.PUBLIC,
-                    reply_to=workout_comment.short_id,
+                    reply_to=comment.short_id,
                 )
             ),
             headers=dict(
@@ -361,7 +361,7 @@ def test_it_returns_201_when_user_replies_to_a_comment(
 
         assert response.status_code == 201
         data = json.loads(response.data.decode())
-        assert data['comment']['reply_to'] == workout_comment.short_id
+        assert data['comment']['reply_to'] == comment.short_id
 
     def test_it_creates_mention(
         self,
@@ -389,7 +389,7 @@ def test_it_creates_mention(
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         assert (
@@ -524,7 +524,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         input_text_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -535,7 +535,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -544,7 +544,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         self.assert_404_with_message(
             response,
-            f"workout comment not found (id: {workout_comment.short_id})",
+            f"workout comment not found (id: {comment.short_id})",
         )
 
     def test_it_returns_comment_when_visibility_is_public(
@@ -557,7 +557,7 @@ def test_it_returns_comment_when_visibility_is_public(
         workout_cycling_user_2: Workout,
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -568,7 +568,7 @@ def test_it_returns_comment_when_visibility_is_public(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -578,9 +578,7 @@ def test_it_returns_comment_when_visibility_is_public(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutCommentAsFollower(
@@ -600,7 +598,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         user_2.approves_follow_request_from(user_1)
         user_2.approves_follow_request_from(user_3)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.PRIVATE,
@@ -611,7 +609,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -620,7 +618,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         self.assert_404_with_message(
             response,
-            f"workout comment not found (id: {workout_comment.short_id})",
+            f"workout comment not found (id: {comment.short_id})",
         )
 
     @pytest.mark.parametrize(
@@ -639,7 +637,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         user_1.send_follow_request_to(user_3)
         user_3.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -650,7 +648,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -660,9 +658,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutCommentAsOwner(
@@ -684,7 +680,7 @@ def test_it_returns_comment_when_visibility_allows_access(
     ) -> None:
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -695,7 +691,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -705,9 +701,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutCommentAsUnauthenticatedUser(
@@ -729,7 +723,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
     ) -> None:
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -738,13 +732,13 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
         )
 
         self.assert_404_with_message(
             response,
-            f"workout comment not found (id: {workout_comment.short_id})",
+            f"workout comment not found (id: {comment.short_id})",
         )
 
     def test_it_returns_comment_when_visibility_is_public(
@@ -756,7 +750,7 @@ def test_it_returns_comment_when_visibility_is_public(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -765,14 +759,14 @@ def test_it_returns_comment_when_visibility_is_public(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_1.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(workout_comment.serialize())
+        assert data['comment'] == jsonify_dict(comment.serialize())
 
     @pytest.mark.parametrize(
         'client_scope, can_access',
@@ -809,7 +803,7 @@ def test_expected_scopes_are_defined(
         ) = self.create_oauth2_client_and_issue_token(
             app, user_1, scope=client_scope
         )
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -817,7 +811,7 @@ def test_expected_scopes_are_defined(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {access_token}",
@@ -838,7 +832,7 @@ def test_it_gets_reply(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS,
@@ -847,7 +841,7 @@ def test_it_gets_reply(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS,
-            parent_comment=workout_comment,
+            parent_comment=comment,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
@@ -855,7 +849,7 @@ def test_it_gets_reply(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_1.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
@@ -981,7 +975,7 @@ def test_it_returns_comment_when_visibility_is_public(
         workout_cycling_user_2: Workout,
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -1000,9 +994,7 @@ def test_it_returns_comment_when_visibility_is_public(
 
         self.assert_comments_response(
             response,
-            expected_comments=[
-                jsonify_dict(workout_comment.serialize(user_1))
-            ],
+            expected_comments=[jsonify_dict(comment.serialize(user_1))],
         )
 
     @pytest.mark.parametrize(
@@ -1102,7 +1094,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         user_1.send_follow_request_to(user_3)
         user_3.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -1121,9 +1113,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         self.assert_comments_response(
             response,
-            expected_comments=[
-                jsonify_dict(workout_comment.serialize(user_1))
-            ],
+            expected_comments=[jsonify_dict(comment.serialize(user_1))],
         )
 
 
@@ -1144,7 +1134,7 @@ def test_it_returns_comment_when_visibility_allows_access(
     ) -> None:
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -1163,9 +1153,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         self.assert_comments_response(
             response,
-            expected_comments=[
-                jsonify_dict(workout_comment.serialize(user_1))
-            ],
+            expected_comments=[jsonify_dict(comment.serialize(user_1))],
         )
 
 
@@ -1209,7 +1197,7 @@ def test_it_returns_comment_when_visibility_is_public(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -1223,9 +1211,7 @@ def test_it_returns_comment_when_visibility_is_public(
 
         self.assert_comments_response(
             response,
-            expected_comments=[
-                jsonify_dict(workout_comment.serialize(user_1))
-            ],
+            expected_comments=[jsonify_dict(comment.serialize(user_1))],
         )
 
 
@@ -1351,7 +1337,7 @@ def test_it_gets_reply(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS,
@@ -1360,7 +1346,7 @@ def test_it_gets_reply(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS,
-            parent_comment=workout_comment,
+            parent_comment=comment,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
@@ -1376,7 +1362,7 @@ def test_it_gets_reply(
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['comments']) == 1
-        assert data['data']['comments'][0]['id'] == workout_comment.short_id
+        assert data['data']['comments'][0]['id'] == comment.short_id
         assert data['data']['comments'][0]['replies'] == [
             jsonify_dict(reply.serialize(user_1))
         ]
@@ -1540,7 +1526,7 @@ def test_it_deletes_workout_comment(
         )
 
         assert response.status_code == 204
-        assert WorkoutComment.query.first() is None
+        assert Comment.query.first() is None
 
     def test_it_deletes_workout_comment_having_reply(
         self,
@@ -1932,7 +1918,7 @@ def test_it_updates_mentions_to_remove_mention(
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         assert Mention.query.filter_by(comment_id=new_comment.id).all() == []
@@ -1965,7 +1951,7 @@ def test_it_updates_mentions_to_add_mention(
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         assert (
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 1ae8f5d4e..0e060606f 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -6,7 +6,7 @@
 from freezegun import freeze_time
 
 from fittrackee.comments.exceptions import CommentForbiddenException
-from fittrackee.comments.models import Mention, WorkoutComment
+from fittrackee.comments.models import Comment, Mention
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
@@ -73,7 +73,7 @@ def test_it_raises_error_when_privacy_is_invalid(
                 'federation is disabled.'
             ),
         ):
-            WorkoutComment(
+            Comment(
                 user_id=user_1.id,
                 workout_id=workout_cycling_user_1.id,
                 text=self.random_string(),
@@ -106,7 +106,7 @@ def test_it_returns_string_representation(
             workout=workout_cycling_user_1,
         )
 
-        assert str(comment) == f'<WorkoutComment {comment.id}>'
+        assert str(comment) == f'<Comment {comment.id}>'
 
 
 class TestWorkoutCommentModelSerializeForCommentOwner(WorkoutCommentMixin):
diff --git a/fittrackee/tests/federation/comments/test_comments_api.py b/fittrackee/tests/federation/comments/test_comments_api.py
index 629af7bcd..350e9894e 100644
--- a/fittrackee/tests/federation/comments/test_comments_api.py
+++ b/fittrackee/tests/federation/comments/test_comments_api.py
@@ -4,7 +4,7 @@
 import pytest
 from flask import Flask
 
-from fittrackee.comments.models import Mention, WorkoutComment
+from fittrackee.comments.models import Comment, Mention
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
@@ -137,7 +137,7 @@ def test_it_returns_201_when_comment_is_created(
 
         assert response.status_code == 201
         data = json.loads(response.data.decode())
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=remote_cycling_workout.id
         ).first()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
@@ -164,7 +164,7 @@ def test_it_returns_201_when_user_replies_to_a_remote_comment(
         remote_user: User,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             remote_user,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
@@ -180,7 +180,7 @@ def test_it_returns_201_when_user_replies_to_a_remote_comment(
                 dict(
                     text=self.random_string(),
                     text_visibility=PrivacyLevel.PUBLIC,
-                    reply_to=workout_comment.short_id,
+                    reply_to=comment.short_id,
                 )
             ),
             headers=dict(
@@ -190,7 +190,7 @@ def test_it_returns_201_when_user_replies_to_a_remote_comment(
 
         assert response.status_code == 201
         data = json.loads(response.data.decode())
-        assert data['comment']['reply_to'] == workout_comment.short_id
+        assert data['comment']['reply_to'] == comment.short_id
 
     @pytest.mark.parametrize(
         'input_workout_visibility',
@@ -303,7 +303,7 @@ def test_it_calls_sent_to_inbox_if_comment_has_mention(  # noqa
             ),
         )
 
-        note_activity = WorkoutComment.query.first().get_activity(
+        note_activity = Comment.query.first().get_activity(
             activity_type='Create'
         )
         send_to_remote_inbox_mock.send.assert_called_once_with(
@@ -349,7 +349,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
             ),
         )
 
-        note_activity = WorkoutComment.query.first().get_activity(
+        note_activity = Comment.query.first().get_activity(
             activity_type='Create'
         )
         send_to_remote_inbox_mock.send.assert_called_once_with(
@@ -395,7 +395,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             ),
         )
 
-        note_activity = WorkoutComment.query.first().get_activity(
+        note_activity = Comment.query.first().get_activity(
             activity_type='Create'
         )
         send_to_remote_inbox_mock.send.assert_called_once_with(
@@ -434,7 +434,7 @@ def test_it_creates_mention(
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         assert (
@@ -458,7 +458,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         workout_cycling_user_2: Workout,
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -469,7 +469,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -478,7 +478,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         self.assert_404_with_message(
             response,
-            f"workout comment not found (id: {workout_comment.short_id})",
+            f"workout comment not found (id: {comment.short_id})",
         )
 
 
@@ -497,7 +497,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         user_1.send_follow_request_to(user_3)
         user_3.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -508,7 +508,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -518,9 +518,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutCommentAsRemoteFollower(
@@ -538,7 +536,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         user_1.send_follow_request_to(remote_user)
         remote_user.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             remote_user,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -549,7 +547,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -559,9 +557,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutCommentAsOwner(
@@ -576,7 +572,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         workout_cycling_user_2: Workout,
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -587,7 +583,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -597,9 +593,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutCommentAsUnauthenticatedUser(
@@ -616,7 +610,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
     ) -> None:
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -625,13 +619,13 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
         )
 
         self.assert_404_with_message(
             response,
-            f"workout comment not found (id: {workout_comment.short_id})",
+            f"workout comment not found (id: {comment.short_id})",
         )
 
 
@@ -646,7 +640,7 @@ def test_it_gets_reply(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -655,7 +649,7 @@ def test_it_gets_reply(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
-            parent_comment=workout_comment,
+            parent_comment=comment,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -663,7 +657,7 @@ def test_it_gets_reply(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_1.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
@@ -762,7 +756,7 @@ def test_it_returns_comment_when_visibility_allows_access(
         user_1.send_follow_request_to(user_3)
         user_3.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
@@ -781,9 +775,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
         self.assert_comments_response(
             response,
-            expected_comments=[
-                jsonify_dict(workout_comment.serialize(user_1))
-            ],
+            expected_comments=[jsonify_dict(comment.serialize(user_1))],
         )
 
 
@@ -799,7 +791,7 @@ def test_it_returns_comment_when_for_followers_and_remote(
     ) -> None:
         user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_2,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -818,9 +810,7 @@ def test_it_returns_comment_when_for_followers_and_remote(
 
         self.assert_comments_response(
             response,
-            expected_comments=[
-                jsonify_dict(workout_comment.serialize(user_1))
-            ],
+            expected_comments=[jsonify_dict(comment.serialize(user_1))],
         )
 
 
@@ -1009,7 +999,7 @@ def test_user_can_access_comment_when_mentioned(
         input_workout_visibility: PrivacyLevel,
     ) -> None:
         workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_3,
             workout_cycling_user_2,
             text=f"@{user_1.username} {self.random_string()}",
@@ -1021,7 +1011,7 @@ def test_user_can_access_comment_when_mentioned(
 
         response = client.get(
             f"/api/workouts/{workout_cycling_user_2.short_id}/"
-            f"comments/{workout_comment.short_id}",
+            f"comments/{comment.short_id}",
             content_type="application/json",
             headers=dict(
                 Authorization=f"Bearer {auth_token}",
@@ -1031,9 +1021,7 @@ def test_user_can_access_comment_when_mentioned(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(
-            workout_comment.serialize(user_1)
-        )
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
 
 
 class TestGetWorkoutsCommentsWithReplies(
@@ -1047,7 +1035,7 @@ def test_it_gets_reply(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
@@ -1056,7 +1044,7 @@ def test_it_gets_reply(
             user_1,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
-            parent_comment=workout_comment,
+            parent_comment=comment,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1072,7 +1060,7 @@ def test_it_gets_reply(
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert len(data['data']['comments']) == 1
-        assert data['data']['comments'][0]['id'] == workout_comment.short_id
+        assert data['data']['comments'][0]['id'] == comment.short_id
         assert data['data']['comments'][0]['replies'] == [
             jsonify_dict(reply.serialize(user_1))
         ]
@@ -1545,7 +1533,7 @@ def test_it_updates_mentions_to_remove_mention(
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         mentions = Mention.query.filter_by(comment_id=new_comment.id).all()
@@ -1593,7 +1581,7 @@ def test_it_updates_mentions_to_add_mention(
             headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        new_comment = WorkoutComment.query.filter_by(
+        new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
         ).first()
         mentions = Mention.query.filter_by(comment_id=new_comment.id).all()
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index f345afc73..17aba2148 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -5,7 +5,7 @@
 import pytest
 from flask import Flask
 
-from fittrackee.comments.models import Mention, WorkoutComment
+from fittrackee.comments.models import Comment, Mention
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
@@ -1200,7 +1200,7 @@ def generate_workout_comment_update_activity(
     def generate_workout_comment_delete_activity(
         self,
         remote_actor: Union[RandomActor, Actor],
-        remote_comment: Optional[WorkoutComment] = None,
+        remote_comment: Optional[Comment] = None,
     ) -> Dict:
         remote_domain = (
             remote_actor.domain
@@ -1280,7 +1280,7 @@ def test_it_creates_remote_workout_comment_when_remote_user_does_not_exist(
         ):
             activity.process_activity()
 
-        remote_comment = WorkoutComment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().first()
         assert remote_comment.ap_id == comment_activity['object']['id']
         assert (
             User.query.filter_by(username=random_actor.name).first()
@@ -1321,7 +1321,7 @@ def test_it_creates_mentioned_users_when_comment_has_mention(
         ):
             activity.process_activity()
 
-        remote_comment = WorkoutComment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().first()
         assert remote_comment.ap_id == comment_activity['object']['id']
         new_user = User.query.filter_by(username=random_actor.name).first()
         assert new_user is not None
@@ -1365,7 +1365,7 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
 
         activity.process_activity()
 
-        remote_comment = WorkoutComment.query.filter_by(
+        remote_comment = Comment.query.filter_by(
             user_id=remote_user.id
         ).first()
         assert remote_comment.ap_id == comment_activity['object']['id']
@@ -1404,7 +1404,7 @@ def test_it_raises_error_if_parent_comment_does_not_exist(
 
         with pytest.raises(
             ObjectNotFoundException,
-            match='parent workout_comment not found for CreateActivity',
+            match='parent comment not found for CreateActivity',
         ):
             activity.process_activity()
 
@@ -1450,7 +1450,7 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
 
         activity.process_activity()
 
-        remote_comment = WorkoutComment.query.filter_by(
+        remote_comment = Comment.query.filter_by(
             user_id=remote_user.id
         ).first()
         assert remote_comment.ap_id == comment_activity['object']['id']
@@ -1774,8 +1774,7 @@ def test_it_raises_error_when_activity_actor_is_not_comment_actor(
         ):
             activity.process_activity()
         assert (
-            WorkoutComment.query.filter_by(id=remote_comment.id).first()
-            is not None
+            Comment.query.filter_by(id=remote_comment.id).first() is not None
         )
 
     def test_it_deletes_remote_workout(
@@ -1804,7 +1803,7 @@ def test_it_deletes_remote_workout(
 
         activity.process_activity()
 
-        assert WorkoutComment.query.filter_by(id=comment_id).first() is None
+        assert Comment.query.filter_by(id=comment_id).first() is None
         assert Mention.query.filter_by(comment_id=comment_id).all() == []
 
     def test_it_deletes_remote_workout_with_reply(
@@ -1838,5 +1837,5 @@ def test_it_deletes_remote_workout_with_reply(
 
         activity.process_activity()
 
-        assert WorkoutComment.query.filter_by(id=comment_id).first() is None
+        assert Comment.query.filter_by(id=comment_id).first() is None
         assert reply.reply_to is None
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_comment.py
similarity index 79%
rename from fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
rename to fittrackee/tests/federation/federation/test_federation_objects_comment.py
index 161639d18..488bd7242 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_comment.py
@@ -6,7 +6,7 @@
 
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
-from fittrackee.federation.objects.comment import WorkoutCommentObject
+from fittrackee.federation.objects.comment import CommentObject
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import User
@@ -28,14 +28,14 @@ def test_it_raises_error_when_visibility_is_invalid(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         # no mentioned users
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2, workout_cycling_user_1, text_visibility=input_visibility
         )
         with pytest.raises(
             InvalidVisibilityException,
             match=f"object visibility is: '{input_visibility.value}'",
         ):
-            WorkoutCommentObject(workout_comment, 'Create')
+            CommentObject(comment, 'Create')
 
     def test_it_raises_error_when_activity_type_is_invalid(
         self,
@@ -46,7 +46,7 @@ def test_it_raises_error_when_activity_type_is_invalid(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
         )
         invalid_activity_type = self.random_string()
@@ -54,7 +54,7 @@ def test_it_raises_error_when_activity_type_is_invalid(
             ValueError,
             match=f"'{invalid_activity_type}' is not a valid ActivityType",
         ):
-            WorkoutCommentObject(workout_comment, invalid_activity_type)
+            CommentObject(comment, invalid_activity_type)
 
     def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  # noqa
         self,
@@ -66,32 +66,32 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
-        published = workout_comment.created_at.strftime(DATE_FORMAT)
-        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+        published = comment.created_at.strftime(DATE_FORMAT)
+        comment_object = CommentObject(comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/create",
+            "id": f"{comment.ap_id}/create",
             "type": "Create",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": [user_2.actor.followers_url],
             "cc": [],
             "object": {
-                "id": workout_comment.ap_id,
+                "id": comment.ap_id,
                 "type": "Note",
                 "published": published,
-                "url": workout_comment.remote_url,
+                "url": comment.remote_url,
                 "attributedTo": user_2.actor.activitypub_id,
                 "inReplyTo": workout_cycling_user_1.ap_id,
-                "content": workout_comment.text,
+                "content": comment.text,
                 "to": [user_2.actor.followers_url],
                 "cc": [],
             },
@@ -107,32 +107,32 @@ def test_it_generates_activity_when_visibility_is_public(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
         )
-        published = workout_comment.created_at.strftime(DATE_FORMAT)
-        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+        published = comment.created_at.strftime(DATE_FORMAT)
+        comment_object = CommentObject(comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/create",
+            "id": f"{comment.ap_id}/create",
             "type": "Create",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": ["https://www.w3.org/ns/activitystreams#Public"],
             "cc": [user_2.actor.followers_url],
             "object": {
-                "id": workout_comment.ap_id,
+                "id": comment.ap_id,
                 "type": "Note",
                 "published": published,
-                "url": workout_comment.remote_url,
+                "url": comment.remote_url,
                 "attributedTo": user_2.actor.activitypub_id,
                 "inReplyTo": workout_cycling_user_1.ap_id,
-                "content": workout_comment.text,
+                "content": comment.text,
                 "to": ["https://www.w3.org/ns/activitystreams#Public"],
                 "cc": [user_2.actor.followers_url],
             },
@@ -154,33 +154,33 @@ def test_it_generates_activity_when_comment_has_parent_comment(
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
         )
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
             parent_comment=parent_comment,
         )
-        published = workout_comment.created_at.strftime(DATE_FORMAT)
-        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+        published = comment.created_at.strftime(DATE_FORMAT)
+        comment_object = CommentObject(comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/create",
+            "id": f"{comment.ap_id}/create",
             "type": "Create",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": ["https://www.w3.org/ns/activitystreams#Public"],
             "cc": [user_2.actor.followers_url],
             "object": {
-                "id": workout_comment.ap_id,
+                "id": comment.ap_id,
                 "type": "Note",
                 "published": published,
-                "url": workout_comment.remote_url,
+                "url": comment.remote_url,
                 "attributedTo": user_2.actor.activitypub_id,
                 "inReplyTo": parent_comment.ap_id,
-                "content": workout_comment.text,
+                "content": comment.text,
                 "to": ["https://www.w3.org/ns/activitystreams#Public"],
                 "cc": [user_2.actor.followers_url],
             },
@@ -202,17 +202,17 @@ def test_it_generates_activity_for_public_comment(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.PUBLIC,
         )
-        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+        comment_object = CommentObject(comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
-        text_with_mentions, _ = workout_comment.handle_mentions()
+        text_with_mentions, _ = comment.handle_mentions()
         assert serialized_comment['to'] == [
             "https://www.w3.org/ns/activitystreams#Public"
         ]
@@ -243,17 +243,17 @@ def test_it_generates_activity_with_followers_and_remote_visibility(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
-        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+        comment_object = CommentObject(comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
-        text_with_mentions, _ = workout_comment.handle_mentions()
+        text_with_mentions, _ = comment.handle_mentions()
         assert serialized_comment['to'] == [user_2.actor.followers_url]
         assert set(serialized_comment['cc']) == {
             user_3.actor.activitypub_id,
@@ -284,17 +284,17 @@ def test_it_generates_activity_with_mentioned_users(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=input_visibility,
         )
-        comment_object = WorkoutCommentObject(workout_comment, 'Create')
+        comment_object = CommentObject(comment, 'Create')
 
         serialized_comment = comment_object.get_activity()
 
-        text_with_mentions, _ = workout_comment.handle_mentions()
+        text_with_mentions, _ = comment.handle_mentions()
         assert set(serialized_comment['to']) == {
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
@@ -317,7 +317,7 @@ def test_it_raises_error_when_activity_type_is_invalid(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2, workout_cycling_user_1, text_visibility=PrivacyLevel.PUBLIC
         )
         invalid_activity_type = self.random_string()
@@ -325,7 +325,7 @@ def test_it_raises_error_when_activity_type_is_invalid(
             ValueError,
             match=f"'{invalid_activity_type}' is not a valid ActivityType",
         ):
-            WorkoutCommentObject(workout_comment, invalid_activity_type)
+            CommentObject(comment, invalid_activity_type)
 
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
@@ -342,36 +342,34 @@ def test_it_generates_activity_when_visibility_is_private_or_for_local_followers
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
         # case of mention removed
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2, workout_cycling_user_1, text_visibility=input_visibility
         )
-        workout_comment.modification_date = datetime.utcnow()
-        published = workout_comment.created_at.strftime(DATE_FORMAT)
-        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+        comment.modification_date = datetime.utcnow()
+        published = comment.created_at.strftime(DATE_FORMAT)
+        comment_object = CommentObject(comment, 'Update')
 
         serialized_comment = comment_object.get_activity()
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/update",
+            "id": f"{comment.ap_id}/update",
             "type": "Update",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": [],  # mention removed
             "cc": [],
             "object": {
-                "id": workout_comment.ap_id,
+                "id": comment.ap_id,
                 "type": "Note",
                 "published": published,
-                "url": workout_comment.remote_url,
+                "url": comment.remote_url,
                 "attributedTo": user_2.actor.activitypub_id,
                 "inReplyTo": workout_cycling_user_1.ap_id,
-                "content": workout_comment.text,
+                "content": comment.text,
                 "to": [],
                 "cc": [],
-                "updated": workout_comment.modification_date.strftime(
-                    DATE_FORMAT
-                ),
+                "updated": comment.modification_date.strftime(DATE_FORMAT),
             },
         }
 
@@ -385,38 +383,36 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
-        workout_comment.modification_date = datetime.utcnow()
-        published = workout_comment.created_at.strftime(DATE_FORMAT)
-        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+        comment.modification_date = datetime.utcnow()
+        published = comment.created_at.strftime(DATE_FORMAT)
+        comment_object = CommentObject(comment, 'Update')
 
         serialized_comment = comment_object.get_activity()
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/update",
+            "id": f"{comment.ap_id}/update",
             "type": "Update",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": [user_2.actor.followers_url],
             "cc": [],
             "object": {
-                "id": workout_comment.ap_id,
+                "id": comment.ap_id,
                 "type": "Note",
                 "published": published,
-                "url": workout_comment.remote_url,
+                "url": comment.remote_url,
                 "attributedTo": user_2.actor.activitypub_id,
                 "inReplyTo": workout_cycling_user_1.ap_id,
-                "content": workout_comment.text,
+                "content": comment.text,
                 "to": [user_2.actor.followers_url],
                 "cc": [],
-                "updated": workout_comment.modification_date.strftime(
-                    DATE_FORMAT
-                ),
+                "updated": comment.modification_date.strftime(DATE_FORMAT),
             },
         }
 
@@ -430,38 +426,36 @@ def test_it_generates_activity_when_visibility_is_public(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=PrivacyLevel.PUBLIC,
         )
-        workout_comment.modification_date = datetime.utcnow()
-        published = workout_comment.created_at.strftime(DATE_FORMAT)
-        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+        comment.modification_date = datetime.utcnow()
+        published = comment.created_at.strftime(DATE_FORMAT)
+        comment_object = CommentObject(comment, 'Update')
 
         serialized_comment = comment_object.get_activity()
 
         assert serialized_comment == {
             "@context": AP_CTX,
-            "id": f"{workout_comment.ap_id}/update",
+            "id": f"{comment.ap_id}/update",
             "type": "Update",
             "actor": user_2.actor.activitypub_id,
             "published": published,
             "to": ["https://www.w3.org/ns/activitystreams#Public"],
             "cc": [user_2.actor.followers_url],
             "object": {
-                "id": workout_comment.ap_id,
+                "id": comment.ap_id,
                 "type": "Note",
                 "published": published,
-                "url": workout_comment.remote_url,
+                "url": comment.remote_url,
                 "attributedTo": user_2.actor.activitypub_id,
                 "inReplyTo": workout_cycling_user_1.ap_id,
-                "content": workout_comment.text,
+                "content": comment.text,
                 "to": ["https://www.w3.org/ns/activitystreams#Public"],
                 "cc": [user_2.actor.followers_url],
-                "updated": workout_comment.modification_date.strftime(
-                    DATE_FORMAT
-                ),
+                "updated": comment.modification_date.strftime(DATE_FORMAT),
             },
         }
 
@@ -481,18 +475,18 @@ def test_it_generates_activity_for_public_comment(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.PUBLIC,
         )
-        workout_comment.modification_date = datetime.utcnow()
-        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+        comment.modification_date = datetime.utcnow()
+        comment_object = CommentObject(comment, 'Update')
 
         serialized_comment = comment_object.get_activity()
 
-        text_with_mentions, _ = workout_comment.handle_mentions()
+        text_with_mentions, _ = comment.handle_mentions()
         assert serialized_comment['to'] == [
             "https://www.w3.org/ns/activitystreams#Public"
         ]
@@ -523,18 +517,18 @@ def test_it_generates_activity_with_followers_and_remote_visibility(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
         )
-        workout_comment.modification_date = datetime.utcnow()
-        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+        comment.modification_date = datetime.utcnow()
+        comment_object = CommentObject(comment, 'Update')
 
         serialized_comment = comment_object.get_activity()
 
-        text_with_mentions, _ = workout_comment.handle_mentions()
+        text_with_mentions, _ = comment.handle_mentions()
         assert serialized_comment['to'] == [user_2.actor.followers_url]
         assert set(serialized_comment['cc']) == {
             user_3.actor.activitypub_id,
@@ -565,18 +559,18 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         workout_cycling_user_1.ap_id = self.random_string()
-        workout_comment = self.create_comment(
+        comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=PrivacyLevel.PRIVATE,
         )
-        workout_comment.modification_date = datetime.utcnow()
-        comment_object = WorkoutCommentObject(workout_comment, 'Update')
+        comment.modification_date = datetime.utcnow()
+        comment_object = CommentObject(comment, 'Update')
 
         serialized_comment = comment_object.get_activity()
 
-        text_with_mentions, _ = workout_comment.handle_mentions()
+        text_with_mentions, _ = comment.handle_mentions()
         assert set(serialized_comment['to']) == {
             user_3.actor.activitypub_id,
             remote_user.actor.activitypub_id,
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index a382251e6..60a033218 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -7,7 +7,7 @@
 from flask import Flask
 
 from fittrackee import db
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Comment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Workout
@@ -61,11 +61,11 @@ def create_comment(
         text: Optional[str] = None,
         text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
         created_at: Optional[datetime] = None,
-        parent_comment: Optional[WorkoutComment] = None,
+        parent_comment: Optional[Comment] = None,
         with_mentions: bool = True,
-    ) -> WorkoutComment:
+    ) -> Comment:
         text = self.random_string() if text is None else text
-        comment = WorkoutComment(
+        comment = Comment(
             user_id=user.id,
             workout_id=workout.id,
             text=text,
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 3be5d6f1b..3b6aad55d 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -187,8 +187,8 @@ class User(BaseModel):
         lazy='dynamic',
         viewonly=True,
     )
-    workout_comments = db.relationship(
-        'WorkoutComment',
+    comments = db.relationship(
+        'Comment',
         lazy=True,
         backref=db.backref('user', lazy='joined', single_parent=True),
     )
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 315c16640..94d6c4a76 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -12,7 +12,7 @@
 from sqlalchemy.types import JSON, Enum
 
 from fittrackee import BaseModel, appLog, db
-from fittrackee.comments.models import WorkoutComment
+from fittrackee.comments.models import Comment
 from fittrackee.federation.decorators import federation_required
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
@@ -196,7 +196,7 @@ class Workout(BaseModel):
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
     comments = db.relationship(
-        WorkoutComment,
+        Comment,
         lazy=True,
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue b/fittrackee_client/src/components/Comment/Comment.vue
similarity index 98%
rename from fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
rename to fittrackee_client/src/components/Comment/Comment.vue
index b496e3d70..4614c9ce7 100644
--- a/fittrackee_client/src/components/WorkoutComment/WorkoutComment.vue
+++ b/fittrackee_client/src/components/Comment/Comment.vue
@@ -64,7 +64,7 @@
         :comment="comment"
         @closeEdition="() => commentToEdit = null"
       />
-      <WorkoutComment
+      <Comment
         v-for="reply in comment.replies"
         :key="reply.id"
         :comment="reply"
@@ -88,9 +88,9 @@
   import { Locale, formatDistance } from "date-fns"
   import { ComputedRef, Ref, computed, ref, toRefs } from "vue"
 
+  import WorkoutCommentEdition from "@/components/Comment/CommentEdition.vue"
   import Username from "@/components/User/Username.vue"
   import UserPicture from "@/components/User/UserPicture.vue"
-  import WorkoutCommentEdition from "@/components/WorkoutComment/WorkoutCommentEdition.vue"
   import { ROOT_STORE } from "@/store/constants"
   import { IDisplayOptions } from "@/types/application"
   import { IAuthUserProfile, IUserProfile } from "@/types/user"
diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue b/fittrackee_client/src/components/Comment/CommentEdition.vue
similarity index 100%
rename from fittrackee_client/src/components/WorkoutComment/WorkoutCommentEdition.vue
rename to fittrackee_client/src/components/Comment/CommentEdition.vue
diff --git a/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue b/fittrackee_client/src/components/Comment/Comments.vue
similarity index 95%
rename from fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
rename to fittrackee_client/src/components/Comment/Comments.vue
index 179473a9d..2e3a860fb 100644
--- a/fittrackee_client/src/components/WorkoutComment/WorkoutComments.vue
+++ b/fittrackee_client/src/components/Comment/Comments.vue
@@ -12,7 +12,7 @@
         {{ $t('workouts.COMMENTS.LABEL', 0) }}
       </template>
       <template #content>
-        <WorkoutComment
+        <Comment
           v-for="comment in workoutData.comments"
           :key="comment.id"
           :comment="comment"
@@ -42,7 +42,7 @@
 <script setup lang="ts">
   import { Ref, ref, toRefs, watch } from "vue"
 
-  import WorkoutCommentEdition from "@/components/WorkoutComment/WorkoutCommentEdition.vue"
+  import WorkoutCommentEdition from "@/components/Comment/CommentEdition.vue"
   import { WORKOUTS_STORE } from "@/store/constants"
   import { IAuthUserProfile } from "@/types/user"
   import { IComment, IWorkoutData } from "@/types/workouts"
diff --git a/fittrackee_client/src/custom-components.ts b/fittrackee_client/src/custom-components.ts
index 685ed0809..246596d84 100644
--- a/fittrackee_client/src/custom-components.ts
+++ b/fittrackee_client/src/custom-components.ts
@@ -1,3 +1,4 @@
+import Comment from '@/components/Comment/Comment.vue'
 import AlertMessage from '@/components/Common/AlertMessage.vue'
 import Card from '@/components/Common/Card.vue'
 import CustomTextArea from '@/components/Common/CustomTextArea.vue'
@@ -8,7 +9,6 @@ import SportImage from '@/components/Common/Images/SportImage/index.vue'
 import Loader from '@/components/Common/Loader.vue'
 import Modal from '@/components/Common/Modal.vue'
 import VisibilityIcon from '@/components/Common/VisibilityIcon.vue'
-import WorkoutComment from '@/components/WorkoutComment/WorkoutComment.vue'
 
 export const customComponents = [
   { target: AlertMessage, name: 'AlertMessage' },
@@ -21,5 +21,5 @@ export const customComponents = [
   { target: Modal, name: 'Modal' },
   { target: SportImage, name: 'SportImage' },
   { target: VisibilityIcon, name: 'VisibilityIcon' },
-  { target: WorkoutComment, name: 'WorkoutComment' },
+  { target: Comment, name: 'Comment' },
 ]
diff --git a/fittrackee_client/src/views/workouts/Workout.vue b/fittrackee_client/src/views/workouts/Workout.vue
index 5c359f68b..3ffb940e9 100644
--- a/fittrackee_client/src/views/workouts/Workout.vue
+++ b/fittrackee_client/src/views/workouts/Workout.vue
@@ -30,7 +30,7 @@
             v-if="!displaySegment && isWorkoutOwner"
             :notes="workoutData.workout.notes"
           />
-          <WorkoutComments :workoutData="workoutData" :auth-user="authUser"/>
+          <Comments :workoutData="workoutData" :auth-user="authUser"/>
           <div id="bottom" />
         </div>
         <div v-else>
@@ -54,18 +54,14 @@
   } from 'vue'
   import { useRoute } from 'vue-router'
 
+  import Comments from '@/components/Comment/Comments.vue'
   import NotFound from '@/components/Common/NotFound.vue'
   import WorkoutDetail from '@/components/Workout/WorkoutDetail/index.vue'
   import WorkoutChart from '@/components/Workout/WorkoutDetail/WorkoutChart/index.vue'
   import WorkoutNotes from '@/components/Workout/WorkoutDetail/WorkoutNotes.vue'
   import WorkoutSegments from '@/components/Workout/WorkoutDetail/WorkoutSegments.vue'
   import WorkoutUser from '@/components/Workout/WorkoutDetail/WorkoutUser.vue'
-  import WorkoutComments from '@/components/WorkoutComment/WorkoutComments.vue'
-  import {
-    AUTH_USER_STORE,
-    SPORTS_STORE,
-    WORKOUTS_STORE,
-  } from '@/store/constants'
+  import { AUTH_USER_STORE, SPORTS_STORE, WORKOUTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
   import { IAuthUserProfile } from '@/types/user'
   import { IWorkoutData, IWorkoutPayload, TCoordinates } from '@/types/workouts'

From c1d5e3f5e6f5339791b59545f0a5e9e4f923670c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 15 Feb 2023 18:34:28 +0100
Subject: [PATCH 214/238] API - create comment even a related workout does not
 exist

---
 .../federation/activities/activities.py       |  83 +++++++-------
 .../tests/comments/test_comments_api.py       |  28 ++---
 .../tests/comments/test_comments_models.py    |  20 ++--
 .../tests/comments/test_mentions_models.py    |   6 +-
 fittrackee/tests/comments/utils.py            |  49 ++++++++
 .../federation/comments/test_comments_api.py  |  30 ++---
 .../comments/test_comments_models.py          |  18 ++-
 .../comments/test_mentions_models.py          |   6 +-
 .../test_federation_activities_activities.py  | 107 +++++++++++-------
 .../test_federation_objects_comment.py        |  11 +-
 .../test_federation_objects_tombstone.py      |   5 +-
 .../workouts/test_workouts_api_3_delete.py    |   7 +-
 fittrackee/tests/workouts/utils.py            |  45 --------
 13 files changed, 218 insertions(+), 197 deletions(-)
 create mode 100644 fittrackee/tests/comments/utils.py

diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 02fc7442e..f882ca955 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -1,4 +1,3 @@
-import re
 from abc import ABC, abstractmethod
 from datetime import datetime, timedelta
 from typing import Dict, Tuple
@@ -177,6 +176,38 @@ def undoes_follow(self) -> None:
             raise e
 
 
+def create_comment(
+    note_data: Dict, actor: Actor, visibility: PrivacyLevel
+) -> Comment:
+    reply_to_object_api_id = note_data.get("inReplyTo")
+    workout = None
+    parent_comment = None
+    if reply_to_object_api_id:
+        # comment to a workout
+        workout = Workout.query.filter_by(ap_id=reply_to_object_api_id).first()
+        if not workout:
+            # reply to a comment
+            parent_comment = Comment.query.filter_by(
+                ap_id=reply_to_object_api_id
+            ).first()
+            if parent_comment:
+                # get workout from parent comment
+                workout = parent_comment.workout if parent_comment else None
+
+    new_comment = Comment(
+        user_id=actor.user.id,
+        workout_id=workout.id if workout else None,
+        text=note_data["content"],
+        text_visibility=visibility,
+        reply_to=parent_comment.id if parent_comment else None,
+    )
+    new_comment.ap_id = note_data["id"]
+    new_comment.remote_url = note_data["url"]
+    db.session.add(new_comment)
+    db.session.flush()
+    return new_comment
+
+
 class CreateActivity(AbstractActivity):
     def create_remote_workout(self, actor: Actor) -> None:
         workout_data = self.activity['object']
@@ -197,43 +228,9 @@ def create_remote_workout(self, actor: Actor) -> None:
 
     def create_remote_note(self, actor: Actor) -> None:
         note_data = self.activity["object"]
-        reply_to_object_api_id = note_data.get("inReplyTo")
-        workout = None
-        parent_comment = None
-        if reply_to_object_api_id:
-            if re.match(
-                r"https://(.*)/workouts/(.*)/comments/(.*)",
-                reply_to_object_api_id,
-            ):
-                parent_comment = Comment.query.filter_by(
-                    ap_id=reply_to_object_api_id
-                ).first()
-                if not parent_comment:
-                    raise ObjectNotFoundException(
-                        "parent comment", self.activity_name()
-                    )
-                workout = parent_comment.workout
-            elif re.match(
-                r"https://(.*)/workouts/(.*)", reply_to_object_api_id
-            ):
-                workout = Workout.query.filter_by(
-                    ap_id=reply_to_object_api_id
-                ).first()
-
-        if not workout:
-            raise ObjectNotFoundException("workout", self.activity_name())
-
-        new_comment = Comment(
-            user_id=actor.user.id,
-            workout_id=workout.id,
-            text=note_data["content"],
-            text_visibility=self._get_visibility(note_data, actor),
-            reply_to=parent_comment.id if parent_comment else None,
+        new_comment = create_comment(
+            note_data, actor, self._get_visibility(note_data, actor)
         )
-        new_comment.ap_id = note_data["id"]
-        new_comment.remote_url = note_data["url"]
-        db.session.add(new_comment)
-        db.session.flush()
         new_comment.create_mentions()
         db.session.commit()
 
@@ -332,7 +329,9 @@ def update_remote_workout_comment(self, actor: Actor) -> None:
             ap_id=note_data['id']
         ).first()
         if not comment_to_update:
-            raise ObjectNotFoundException('comment', self.activity_name())
+            comment_to_update = create_comment(
+                note_data, actor, self._get_visibility(note_data, actor)
+            )
 
         if comment_to_update.user.actor.id != actor.id:
             raise ActivityException(
@@ -355,9 +354,9 @@ def update_remote_workout_comment(self, actor: Actor) -> None:
             )
 
     def process_activity(self) -> None:
-        actor = self.get_actor()
-        if self.activity["object"]["type"] == "Workout":
+        object_type = self.activity['object']['type']
+        actor = self.get_actor(create_remote_actor=object_type == "Note")
+        if object_type == "Workout":
             self.update_remote_workout(actor)
-        if self.activity["object"]["type"] == "Note":
-            # Workout comment
+        if object_type == "Note":
             self.update_remote_workout_comment(actor)
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index fd74389ff..91c2e0b20 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -7,17 +7,15 @@
 
 from fittrackee.comments.models import Comment, Mention
 from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.tests.comments.utils import CommentMixin
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
 from ..mixins import ApiTestCaseMixin, BaseTestMixin
 from ..utils import jsonify_dict
-from ..workouts.utils import WorkoutCommentMixin
 
 
-class TestPostWorkoutComment(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
-):
+class TestPostWorkoutComment(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
     def test_it_returns_error_if_user_is_not_authenticated(
         self,
         app: Flask,
@@ -454,7 +452,7 @@ def test_expected_scopes_are_defined(
 
 
 class TestGetWorkoutCommentAsUser(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_404_when_workout_does_not_exist(
         self,
@@ -582,7 +580,7 @@ def test_it_returns_comment_when_visibility_is_public(
 
 
 class TestGetWorkoutCommentAsFollower(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         self,
@@ -662,7 +660,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
 
 class TestGetWorkoutCommentAsOwner(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     @pytest.mark.parametrize(
         'input_text_visibility',
@@ -705,7 +703,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
 
 class TestGetWorkoutCommentAsUnauthenticatedUser(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     @pytest.mark.parametrize(
         'input_text_visibility',
@@ -822,7 +820,7 @@ def test_expected_scopes_are_defined(
 
 
 class TestGetWorkoutCommentWithReplies(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_gets_reply(
         self,
@@ -863,7 +861,7 @@ def test_it_gets_reply(
 
 
 class GetWorkoutCommentsTestCase(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     @staticmethod
     def assert_comments_response(
@@ -1327,7 +1325,7 @@ def test_it_returns_only_comments_user_can_access(
 
 
 class TestGetWorkoutsCommentWithReplies(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_gets_reply(
         self,
@@ -1368,9 +1366,7 @@ def test_it_gets_reply(
         ]
 
 
-class TestDeleteWorkoutComment(
-    ApiTestCaseMixin, BaseTestMixin, WorkoutCommentMixin
-):
+class TestDeleteWorkoutComment(ApiTestCaseMixin, BaseTestMixin, CommentMixin):
     def test_it_returns_error_if_user_is_not_authenticated(
         self,
         app: Flask,
@@ -1636,9 +1632,7 @@ def test_expected_scopes_are_defined(
         self.assert_response_scope(response, can_access)
 
 
-class TestPatchWorkoutComment(
-    ApiTestCaseMixin, BaseTestMixin, WorkoutCommentMixin
-):
+class TestPatchWorkoutComment(ApiTestCaseMixin, BaseTestMixin, CommentMixin):
     def test_it_returns_error_if_user_is_not_authenticated(
         self,
         app: Flask,
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 0e060606f..9a1e0ed8e 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -13,10 +13,10 @@
 from fittrackee.utils import encode_uuid
 from fittrackee.workouts.models import Sport, Workout
 
-from ..workouts.utils import WorkoutCommentMixin
+from .utils import CommentMixin
 
 
-class TestWorkoutCommentModel(WorkoutCommentMixin):
+class TestWorkoutCommentModel(CommentMixin):
     def test_comment_model(
         self,
         app: Flask,
@@ -109,7 +109,7 @@ def test_it_returns_string_representation(
         assert str(comment) == f'<Comment {comment.id}>'
 
 
-class TestWorkoutCommentModelSerializeForCommentOwner(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForCommentOwner(CommentMixin):
     @pytest.mark.parametrize(
         'input_visibility',
         [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS, PrivacyLevel.PUBLIC],
@@ -145,7 +145,7 @@ def test_it_serializes_owner_comment(
         }
 
 
-class TestWorkoutCommentModelSerializeForFollower(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForFollower(CommentMixin):
     def test_it_raises_error_when_user_does_not_follow_comment_owner(
         self,
         app: Flask,
@@ -222,7 +222,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         }
 
 
-class TestWorkoutCommentModelSerializeForUser(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForUser(CommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
     )
@@ -277,9 +277,7 @@ def test_it_serializes_comment_when_comment_is_public(
         }
 
 
-class TestWorkoutCommentModelSerializeForUnauthenticatedUser(
-    WorkoutCommentMixin
-):
+class TestWorkoutCommentModelSerializeForUnauthenticatedUser(CommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.FOLLOWERS, PrivacyLevel.PRIVATE]
     )
@@ -332,7 +330,7 @@ def test_it_serializes_comment_when_comment_is_public(
         }
 
 
-class TestWorkoutCommentModelSerializeForReplies(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForReplies(CommentMixin):
     def test_it_serializes_comment_with_reply(
         self,
         app: Flask,
@@ -562,7 +560,7 @@ def test_it_returns_all_replies(
         ]
 
 
-class TestWorkoutCommentModelWithMentions(WorkoutCommentMixin):
+class TestWorkoutCommentModelWithMentions(CommentMixin):
     def test_it_returns_empty_dict_when_no_mentions(
         self,
         app: Flask,
@@ -677,7 +675,7 @@ def test_it_returns_mentioned_user(
         assert mentioned_users == {"local": {user_3}, "remote": set()}
 
 
-class TestWorkoutCommentModelSerializeForMentions(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForMentions(CommentMixin):
     def test_it_serializes_comment_with_mentions_as_link(
         self,
         app: Flask,
diff --git a/fittrackee/tests/comments/test_mentions_models.py b/fittrackee/tests/comments/test_mentions_models.py
index 4193f3752..d199b8adb 100644
--- a/fittrackee/tests/comments/test_mentions_models.py
+++ b/fittrackee/tests/comments/test_mentions_models.py
@@ -10,7 +10,7 @@
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
-from ..workouts.utils import WorkoutCommentMixin
+from .utils import CommentMixin
 
 ALL_VISIBILITIES = [
     PrivacyLevel.PUBLIC,
@@ -19,7 +19,7 @@
 ]
 
 
-class TestMentionModel(WorkoutCommentMixin):
+class TestMentionModel(CommentMixin):
     def test_mention_model(
         self,
         app: Flask,
@@ -59,7 +59,7 @@ def test_created_date_is_initialized_on_creation_when_not_provided(
         assert mention.created_at == now
 
 
-class TestCommentWithMentionSerializeVisibility(WorkoutCommentMixin):
+class TestCommentWithMentionSerializeVisibility(CommentMixin):
     @pytest.mark.parametrize('workout_visibility', ALL_VISIBILITIES)
     def test_public_comment_is_visible_to_all_users(
         self,
diff --git a/fittrackee/tests/comments/utils.py b/fittrackee/tests/comments/utils.py
new file mode 100644
index 000000000..c598cdfa3
--- /dev/null
+++ b/fittrackee/tests/comments/utils.py
@@ -0,0 +1,49 @@
+from datetime import datetime
+from typing import Optional
+from unittest.mock import patch
+
+from fittrackee import db
+from fittrackee.comments.models import Comment
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Workout
+
+from ..mixins import RandomMixin
+
+
+class CommentMixin(RandomMixin):
+    def create_comment(
+        self,
+        user: User,
+        workout: Workout,
+        text: Optional[str] = None,
+        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
+        created_at: Optional[datetime] = None,
+        parent_comment: Optional[Comment] = None,
+        with_mentions: bool = True,
+    ) -> Comment:
+        text = self.random_string() if text is None else text
+        comment = Comment(
+            user_id=user.id,
+            workout_id=workout.id,
+            text=text,
+            text_visibility=text_visibility,
+            created_at=created_at,
+            reply_to=parent_comment.id if parent_comment else None,
+        )
+        db.session.add(comment)
+        db.session.flush()
+        if with_mentions:
+            with patch('fittrackee.federation.utils.user.update_remote_user'):
+                comment.create_mentions()
+        actor = comment.user.actor
+        comment.ap_id = (
+            f'{actor.activitypub_id}/workouts/{workout.short_id}'
+            f'/comments/{comment.short_id}'
+        )
+        comment.remote_url = (
+            f'https://{actor.domain.name}/workouts/{workout.short_id}'
+            f'/comments/{comment.short_id}'
+        )
+        db.session.commit()
+        return comment
diff --git a/fittrackee/tests/federation/comments/test_comments_api.py b/fittrackee/tests/federation/comments/test_comments_api.py
index 350e9894e..76fccac67 100644
--- a/fittrackee/tests/federation/comments/test_comments_api.py
+++ b/fittrackee/tests/federation/comments/test_comments_api.py
@@ -10,16 +10,14 @@
 from fittrackee.workouts.models import Sport, Workout
 
 from ...comments.test_comments_api import GetWorkoutCommentsTestCase
+from ...comments.utils import CommentMixin
 from ...mixins import ApiTestCaseMixin, BaseTestMixin
 from ...utils import jsonify_dict
-from ...workouts.utils import WorkoutCommentMixin
 
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
-class TestPostWorkoutComment(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
-):
+class TestPostWorkoutComment(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
     @pytest.mark.parametrize(
         'input_workout_visibility',
         [
@@ -446,7 +444,7 @@ def test_it_creates_mention(
 
 
 class TestGetWorkoutCommentAsUser(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         self,
@@ -483,7 +481,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
 
 class TestGetWorkoutCommentAsFollower(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_comment_when_visibility_allows_access(
         self,
@@ -522,7 +520,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
 
 class TestGetWorkoutCommentAsRemoteFollower(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_comment_when_visibility_allows_access(
         self,
@@ -561,7 +559,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
 
 class TestGetWorkoutCommentAsOwner(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_comment_when_visibility_allows_access(
         self,
@@ -597,7 +595,7 @@ def test_it_returns_comment_when_visibility_allows_access(
 
 
 class TestGetWorkoutCommentAsUnauthenticatedUser(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_returns_404_when_comment_visibility_does_not_allow_access(
         self,
@@ -630,7 +628,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
 
 
 class TestGetWorkoutCommentWithReplies(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_gets_reply(
         self,
@@ -978,7 +976,7 @@ def test_it_returns_only_comments_user_can_access(
 
 
 class TestGetWorkoutCommentWithMention(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     @pytest.mark.parametrize(
         'input_workout_visibility',
@@ -1025,7 +1023,7 @@ def test_user_can_access_comment_when_mentioned(
 
 
 class TestGetWorkoutsCommentsWithReplies(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
     def test_it_gets_reply(
         self,
@@ -1068,9 +1066,7 @@ def test_it_gets_reply(
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
-class TestDeleteWorkoutComment(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
-):
+class TestDeleteWorkoutComment(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
     def test_it_returns_404_if_comment_is_not_visible_to_user(
         self,
         send_to_remote_inbox_mock: Mock,
@@ -1323,9 +1319,7 @@ def test_it_deletes_mentions(
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
 @patch('fittrackee.comments.comments.send_to_remote_inbox')
-class TestPatchWorkoutComment(
-    WorkoutCommentMixin, ApiTestCaseMixin, BaseTestMixin
-):
+class TestPatchWorkoutComment(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
     def test_it_does_not_call_sent_to_inbox_when_comment_is_local_with_no_mentions(  # noqa
         self,
         send_to_remote_inbox_mock: Mock,
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 4a3ebef66..7b330a73a 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -7,14 +7,14 @@
 from fittrackee.comments.models import Mention
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
+from ...comments.utils import CommentMixin
 from ...utils import RandomActor
 
 
-class TestWorkoutCommentModelSerializeForCommentOwner(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForCommentOwner(CommentMixin):
     def test_it_serializes_owner_comment(
         self,
         app_with_federation: Flask,
@@ -47,7 +47,7 @@ def test_it_serializes_owner_comment(
         }
 
 
-class TestWorkoutCommentModelSerializeForRemoteFollower(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForRemoteFollower(CommentMixin):
     def test_it_raises_error_when_user_does_not_follow_comment_user(
         self,
         app_with_federation: Flask,
@@ -128,7 +128,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
         }
 
 
-class TestWorkoutCommentModelSerializeForUser(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForUser(CommentMixin):
     def test_it_raises_error_when_comment_is_visible_to_remote_follower(
         self,
         app_with_federation: Flask,
@@ -148,9 +148,7 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
             comment.serialize(user_1)
 
 
-class TestWorkoutCommentModelSerializeForUnauthenticatedUser(
-    WorkoutCommentMixin
-):
+class TestWorkoutCommentModelSerializeForUnauthenticatedUser(CommentMixin):
     def test_it_raises_error_when_comment_is_visible_to_remote_follower(
         self,
         app_with_federation: Flask,
@@ -170,7 +168,7 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
             comment.serialize()
 
 
-class TestWorkoutCommentModelGetCreateActivity(WorkoutCommentMixin):
+class TestWorkoutCommentModelGetCreateActivity(CommentMixin):
     activity_type = 'Create'
     expected_object_type = 'Note'
 
@@ -230,7 +228,7 @@ class TestWorkoutCommentModelGetDeleteActivity(
 
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
-class TestWorkoutCommentModelWithMentions(WorkoutCommentMixin):
+class TestWorkoutCommentModelWithMentions(CommentMixin):
     def test_it_creates_mentions_when_mentioned_user_exists(
         self,
         update_mock: Mock,
@@ -315,7 +313,7 @@ def test_it_returns_mentioned_user(
 
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
-class TestWorkoutCommentModelSerializeForMentions(WorkoutCommentMixin):
+class TestWorkoutCommentModelSerializeForMentions(CommentMixin):
     def test_it_serializes_comment_with_mentions_as_link(
         self,
         update_mock: Mock,
diff --git a/fittrackee/tests/federation/comments/test_mentions_models.py b/fittrackee/tests/federation/comments/test_mentions_models.py
index 0241dcd57..734c73f7a 100644
--- a/fittrackee/tests/federation/comments/test_mentions_models.py
+++ b/fittrackee/tests/federation/comments/test_mentions_models.py
@@ -8,10 +8,10 @@
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
-from ...workouts.utils import WorkoutCommentMixin
+from ...comments.utils import CommentMixin
 
 
-class TestCommentWithMentionSerializeVisibility(WorkoutCommentMixin):
+class TestCommentWithMentionSerializeVisibility(CommentMixin):
     def test_public_comment_is_visible_to_all_users(
         self,
         app_with_federation: Flask,
@@ -137,7 +137,7 @@ def test_private_comment_with_remote_mention_is_only_visible_to_author(
             assert comment.serialize()  # unauthenticated user
 
 
-class TestWorkoutCommentRemoteMentions(WorkoutCommentMixin):
+class TestWorkoutCommentRemoteMentions(CommentMixin):
     def test_it_gets_remote_followers_count(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 17aba2148..c2989e2cd 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -20,7 +20,6 @@
 )
 from fittrackee.federation.tasks.activity import get_activity_instance
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.exceptions import (
     FollowRequestAlreadyProcessedError,
     FollowRequestAlreadyRejectedError,
@@ -31,6 +30,7 @@
 from fittrackee.workouts.exceptions import SportNotFoundException
 from fittrackee.workouts.models import Sport, Workout
 
+from ...comments.utils import CommentMixin
 from ...mixins import RandomMixin
 from ...utils import RandomActor
 
@@ -1103,7 +1103,7 @@ def test_it_raises_exception_when_activity_is_invalid(
             activity.process_activity()
 
 
-class WorkoutCommentActivitiesTestCase(RandomMixin):
+class CommentActivitiesTestCase(RandomMixin):
     def generate_random_object(
         self,
         activity_type: str,
@@ -1192,9 +1192,10 @@ def generate_workout_comment_update_activity(
         remote_actor: Union[RandomActor, Actor],
         workout: Optional[Workout] = None,
         visibility: Optional[PrivacyLevel] = PrivacyLevel.PUBLIC,
+        text: Optional[str] = None,
     ) -> Dict:
         return self.generate_random_object(
-            "Update", remote_actor, workout, visibility
+            "Update", remote_actor, workout, visibility, text
         )
 
     def generate_workout_comment_delete_activity(
@@ -1229,12 +1230,13 @@ def generate_workout_comment_delete_activity(
         }
 
 
-class TestCreateActivityForWorkoutComment(WorkoutCommentActivitiesTestCase):
-    def test_it_raises_error_if_comment_workout_does_not_exist(
+class TestCreateActivityForComment(CommentActivitiesTestCase):
+    def test_it_creates_remote_comment_when_no_related_workout_found(
         self,
         app_with_federation: Flask,
         remote_user: User,
     ) -> None:
+        """workout may be not visible"""
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=remote_user.actor
         )
@@ -1242,11 +1244,10 @@ def test_it_raises_error_if_comment_workout_does_not_exist(
             activity_dict=comment_activity
         )
 
-        with pytest.raises(
-            ObjectNotFoundException,
-            match='workout not found for CreateActivity',
-        ):
-            activity.process_activity()
+        activity.process_activity()
+
+        remote_comment = Comment.query.filter_by().first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
 
     def test_it_creates_remote_workout_comment_when_remote_user_does_not_exist(
         self,
@@ -1375,10 +1376,10 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         assert remote_comment.reply_to is None
 
 
-class TestCreateActivityForWorkoutCommentReply(
-    WorkoutCommentMixin, WorkoutCommentActivitiesTestCase
+class TestCreateActivityForCommentReply(
+    CommentMixin, CommentActivitiesTestCase
 ):
-    def test_it_raises_error_if_parent_comment_does_not_exist(
+    def test_it_creates_comment_when_parent_comment_does_not_exist(
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -1392,7 +1393,9 @@ def test_it_raises_error_if_parent_comment_does_not_exist(
             f'{workout_cycling_user_1.short_id}'
         )
         comment_activity = self.generate_workout_comment_create_activity(
-            remote_actor=remote_user.actor, workout=workout_cycling_user_1
+            remote_actor=remote_user.actor,
+            workout=workout_cycling_user_1,
+            visibility=PrivacyLevel.PUBLIC,
         )
         comment_activity["object"]["inReplyTo"] = (
             comment_activity["object"]["inReplyTo"]
@@ -1402,11 +1405,16 @@ def test_it_raises_error_if_parent_comment_does_not_exist(
             activity_dict=comment_activity
         )
 
-        with pytest.raises(
-            ObjectNotFoundException,
-            match='parent comment not found for CreateActivity',
-        ):
-            activity.process_activity()
+        activity.process_activity()
+
+        remote_comment = Comment.query.filter_by(
+            user_id=remote_user.id
+        ).first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        assert remote_comment.remote_url == comment_activity['object']['url']
+        assert remote_comment.text == comment_activity['object']['content']
+        assert remote_comment.text_visibility == PrivacyLevel.PUBLIC
+        assert remote_comment.reply_to is None
 
     @pytest.mark.parametrize(
         'input_visibility',
@@ -1460,32 +1468,39 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         assert remote_comment.reply_to == parent_comment.id
 
 
-class TestUpdateActivityForWorkoutComment(
-    WorkoutCommentMixin, WorkoutCommentActivitiesTestCase
-):
-    def test_it_raises_error_if_remote_workout_comment_does_not_exist(
+class TestUpdateActivityForComment(CommentMixin, CommentActivitiesTestCase):
+    def test_it_creates_comment_when_workout_actor_does_not_exist(
         self,
         app_with_federation: Flask,
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
-        remote_user: User,
+        random_actor: Actor,
     ) -> None:
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         comment_activity = self.generate_workout_comment_update_activity(
-            remote_user.actor
+            random_actor
         )
         activity = get_activity_instance({'type': comment_activity['type']})(
             activity_dict=comment_activity
         )
-        with pytest.raises(
-            ObjectNotFoundException,
-            match="comment not found for UpdateActivity",
-        ):
 
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ), patch(
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
+        ):
             activity.process_activity()
 
-    def test_it_raises_error_if_workout_actor_does_not_exist(
+        remote_comment = Comment.query.filter_by().first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        new_user = User.query.filter_by(username=random_actor.name).first()
+        assert new_user is not None
+
+    def test_it_creates_comment_when_original_comment_does_not_exist(
         self,
         app_with_federation: Flask,
         user_1: User,
@@ -1493,20 +1508,38 @@ def test_it_raises_error_if_workout_actor_does_not_exist(
         workout_cycling_user_1: Workout,
         random_actor: Actor,
     ) -> None:
+        # case of a comment edited to add a mention to a user (not-followers)
         workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
         comment_activity = self.generate_workout_comment_update_activity(
-            random_actor
+            random_actor, text=f"@{user_1.username}"
         )
         activity = get_activity_instance({'type': comment_activity['type']})(
             activity_dict=comment_activity
         )
-        with pytest.raises(
-            ActorNotFoundException,
-            match="actor not found for UpdateActivity",
-        ):
 
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ), patch(
+            'fittrackee.federation.utils.user.store_or_delete_user_picture'
+        ), patch(
+            'fittrackee.federation.utils.user.update_remote_actor_stats'
+        ):
             activity.process_activity()
 
+        remote_comment = Comment.query.filter_by().first()
+        assert remote_comment.ap_id == comment_activity['object']['id']
+        assert (
+            User.query.filter_by(username=random_actor.name).first()
+            is not None
+        )
+        assert (
+            Mention.query.filter_by(
+                user_id=user_1.id, comment_id=remote_comment.id
+            ).first()
+            is not None
+        )
+
     def test_it_raises_error_when_activity_actor_is_not_comment_actor(
         self,
         app_with_federation: Flask,
@@ -1701,9 +1734,7 @@ def test_it_raises_exception_when_activity_is_invalid(
             activity.process_activity()
 
 
-class TestDeleteActivityForWorkoutComment(
-    WorkoutCommentMixin, WorkoutCommentActivitiesTestCase
-):
+class TestDeleteActivityForComment(CommentMixin, CommentActivitiesTestCase):
     def test_it_raises_error_if_remote_workout_does_not_exist(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_comment.py
index 488bd7242..f29a64f1f 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_comment.py
@@ -8,12 +8,13 @@
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.federation.objects.comment import CommentObject
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
+from ...comments.utils import CommentMixin
 
-class TestWorkoutCommentCreateObject(WorkoutCommentMixin):
+
+class TestWorkoutCommentCreateObject(CommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
@@ -188,7 +189,7 @@ def test_it_generates_activity_when_comment_has_parent_comment(
 
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
-class TestWorkoutCommentWithMentionsCreateObject(WorkoutCommentMixin):
+class TestWorkoutCommentWithMentionsCreateObject(CommentMixin):
     def test_it_generates_activity_for_public_comment(
         self,
         update_remote_user_mock: Mock,
@@ -307,7 +308,7 @@ def test_it_generates_activity_with_mentioned_users(
         assert serialized_comment['object']['cc'] == []
 
 
-class TestWorkoutCommentUpdateObject(WorkoutCommentMixin):
+class TestWorkoutCommentUpdateObject(CommentMixin):
     def test_it_raises_error_when_activity_type_is_invalid(
         self,
         app_with_federation: Flask,
@@ -461,7 +462,7 @@ def test_it_generates_activity_when_visibility_is_public(
 
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
-class TestWorkoutCommentWithMentionsUpdateObject(WorkoutCommentMixin):
+class TestWorkoutCommentWithMentionsUpdateObject(CommentMixin):
     def test_it_generates_activity_for_public_comment(
         self,
         update_remote_user_mock: Mock,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
index cb4d734aa..862e761bc 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -7,10 +7,11 @@
 from fittrackee.federation.constants import AP_CTX, PUBLIC_STREAM
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.tests.workouts.utils import WorkoutCommentMixin
 from fittrackee.users.models import User
 from fittrackee.workouts.models import Sport, Workout
 
+from ...comments.utils import CommentMixin
+
 
 class TestTombstoneObjectForWorkout:
     @pytest.mark.parametrize(
@@ -96,7 +97,7 @@ def test_it_generates_delete_activity_for_workout_with_follower_visibility(
         }
 
 
-class TestTombstoneObjectForWorkoutComment(WorkoutCommentMixin):
+class TestTombstoneObjectForWorkoutComment(CommentMixin):
     @pytest.mark.parametrize(
         'input_visibility', [PrivacyLevel.PRIVATE, PrivacyLevel.FOLLOWERS]
     )
diff --git a/fittrackee/tests/workouts/test_workouts_api_3_delete.py b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
index 6822e3224..abb9a313c 100644
--- a/fittrackee/tests/workouts/test_workouts_api_3_delete.py
+++ b/fittrackee/tests/workouts/test_workouts_api_3_delete.py
@@ -6,8 +6,9 @@
 from fittrackee.utils import decode_short_id
 from fittrackee.workouts.models import Sport, Workout
 
+from ..comments.utils import CommentMixin
 from ..mixins import ApiTestCaseMixin
-from .utils import WorkoutCommentMixin, post_a_workout
+from .utils import post_a_workout
 
 
 def get_gpx_filepath(workout_id: int) -> str:
@@ -15,7 +16,7 @@ def get_gpx_filepath(workout_id: int) -> str:
     return workout.gpx
 
 
-class TestDeleteWorkoutWithGpx(WorkoutCommentMixin, ApiTestCaseMixin):
+class TestDeleteWorkoutWithGpx(CommentMixin, ApiTestCaseMixin):
     def test_it_deletes_a_workout_with_gpx(
         self, app: Flask, user_1: User, sport_1_cycling: Sport, gpx_file: str
     ) -> None:
@@ -259,7 +260,7 @@ def test_expected_scopes_are_defined(
         self.assert_response_scope(response, can_access)
 
 
-class TestDeleteWorkoutWithoutGpx(WorkoutCommentMixin, ApiTestCaseMixin):
+class TestDeleteWorkoutWithoutGpx(CommentMixin, ApiTestCaseMixin):
     def test_it_deletes_a_workout_wo_gpx(
         self,
         app: Flask,
diff --git a/fittrackee/tests/workouts/utils.py b/fittrackee/tests/workouts/utils.py
index 60a033218..983768409 100644
--- a/fittrackee/tests/workouts/utils.py
+++ b/fittrackee/tests/workouts/utils.py
@@ -1,18 +1,11 @@
 import json
-from datetime import datetime
 from io import BytesIO
 from typing import Optional, Tuple
-from unittest.mock import patch
 
 from flask import Flask
 
-from fittrackee import db
-from fittrackee.comments.models import Comment
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import User
-from fittrackee.workouts.models import Workout
-
-from ..mixins import RandomMixin
 
 
 def post_a_workout(
@@ -51,41 +44,3 @@ def post_a_workout(
 def add_follower(user: User, follower: User) -> None:
     follower.send_follow_request_to(user)
     user.approves_follow_request_from(follower)
-
-
-class WorkoutCommentMixin(RandomMixin):
-    def create_comment(
-        self,
-        user: User,
-        workout: Workout,
-        text: Optional[str] = None,
-        text_visibility: PrivacyLevel = PrivacyLevel.PRIVATE,
-        created_at: Optional[datetime] = None,
-        parent_comment: Optional[Comment] = None,
-        with_mentions: bool = True,
-    ) -> Comment:
-        text = self.random_string() if text is None else text
-        comment = Comment(
-            user_id=user.id,
-            workout_id=workout.id,
-            text=text,
-            text_visibility=text_visibility,
-            created_at=created_at,
-            reply_to=parent_comment.id if parent_comment else None,
-        )
-        db.session.add(comment)
-        db.session.flush()
-        if with_mentions:
-            with patch('fittrackee.federation.utils.user.update_remote_user'):
-                comment.create_mentions()
-        actor = comment.user.actor
-        comment.ap_id = (
-            f'{actor.activitypub_id}/workouts/{workout.short_id}'
-            f'/comments/{comment.short_id}'
-        )
-        comment.remote_url = (
-            f'https://{actor.domain.name}/workouts/{workout.short_id}'
-            f'/comments/{comment.short_id}'
-        )
-        db.session.commit()
-        return comment

From 6df8f3638372ae149c62d9f338d107bec05c24b4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 16 Feb 2023 08:40:12 +0100
Subject: [PATCH 215/238] Client - update visibility labels for comments

---
 .../src/components/Comment/Comment.vue              |  5 ++++-
 .../src/components/Comment/CommentEdition.vue       |  3 ++-
 .../src/components/Common/VisibilityIcon.vue        | 13 ++++++++-----
 fittrackee_client/src/locales/en/privacy.json       |  7 +++++++
 fittrackee_client/src/locales/fr/privacy.json       |  7 +++++++
 5 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/fittrackee_client/src/components/Comment/Comment.vue b/fittrackee_client/src/components/Comment/Comment.vue
index 4614c9ce7..e26db5ac5 100644
--- a/fittrackee_client/src/components/Comment/Comment.vue
+++ b/fittrackee_client/src/components/Comment/Comment.vue
@@ -34,7 +34,10 @@
         >
           ({{ $t('common.EDITED') }})
         </div>
-        <VisibilityIcon :visibility="comment.text_visibility" />
+        <VisibilityIcon
+          :visibility="comment.text_visibility"
+          :is-comment="true"
+        />
         <i
           class="fa fa-edit"
           v-if="isCommentOwner(authUser, comment.user)"
diff --git a/fittrackee_client/src/components/Comment/CommentEdition.vue b/fittrackee_client/src/components/Comment/CommentEdition.vue
index 81abb70bb..09e53ad30 100644
--- a/fittrackee_client/src/components/Comment/CommentEdition.vue
+++ b/fittrackee_client/src/components/Comment/CommentEdition.vue
@@ -29,7 +29,7 @@
             >
               {{
                 $t(
-                  `privacy.LEVELS.${getPrivacyLevelForLabel(
+                  `privacy.COMMENT_LEVELS.${getPrivacyLevelForLabel(
                     level,
                     appConfig.federation_enabled
                   )}`
@@ -135,6 +135,7 @@
     }
     .text-visibility {
       display: flex;
+      flex-wrap: wrap;
       gap: $default-padding;
       align-items: center;
       padding-top: $default-padding * 0.5;
diff --git a/fittrackee_client/src/components/Common/VisibilityIcon.vue b/fittrackee_client/src/components/Common/VisibilityIcon.vue
index 31ea04930..568779668 100644
--- a/fittrackee_client/src/components/Common/VisibilityIcon.vue
+++ b/fittrackee_client/src/components/Common/VisibilityIcon.vue
@@ -3,22 +3,25 @@
     <i
       :class="`fa fa-${getPrivacyIcon(visibility)}`"
       aria-hidden="true"
-      :title="$t(`privacy.LEVELS.${visibility}`)"
+      :title="$t(`privacy.${isComment ? 'COMMENT_': ''}LEVELS.${visibility}`)"
     />
   </div>
 </template>
 
 <script setup lang="ts">
-import { toRefs } from 'vue'
+import { toRefs, withDefaults } from 'vue'
 
 import { TPrivacyLevels } from "@/types/user";
 
 interface Props {
-  visibility: TPrivacyLevels
+  visibility: TPrivacyLevels,
+  isComment?: boolean
 }
 
-const props = defineProps<Props>()
-const { visibility } = toRefs(props)
+const props = withDefaults(defineProps<Props>(), {
+  isComment: false
+})
+const { visibility, isComment } = toRefs(props)
 
 function getPrivacyIcon(privacyLevel: TPrivacyLevels): string {
   switch (privacyLevel) {
diff --git a/fittrackee_client/src/locales/en/privacy.json b/fittrackee_client/src/locales/en/privacy.json
index 3a785a35d..645445252 100644
--- a/fittrackee_client/src/locales/en/privacy.json
+++ b/fittrackee_client/src/locales/en/privacy.json
@@ -1,4 +1,11 @@
 {
+    "COMMENT_LEVELS": {
+        "followers_and_remote_only": "Local and remote followers only",
+        "followers_only": "Followers only",
+        "local_followers_only": "Local followers only",
+        "private": "Private (only mentioned users)",
+        "public": "Public (everyone)"
+    },
     "LEVELS": {
         "followers_and_remote_only": "Local and remote followers only",
         "followers_only": "Followers only",
diff --git a/fittrackee_client/src/locales/fr/privacy.json b/fittrackee_client/src/locales/fr/privacy.json
index e688db8b5..85152c9fe 100644
--- a/fittrackee_client/src/locales/fr/privacy.json
+++ b/fittrackee_client/src/locales/fr/privacy.json
@@ -1,4 +1,11 @@
 {
+    "COMMENT_LEVELS": {
+        "followers_and_remote_only": "Abonnées locaux et distants uniquement",
+        "followers_only": "Abonnées uniquement",
+        "local_followers_only": "Abonnées locaux uniquement",
+        "private": "Privé (seulement les utilisateurs mentionnés)",
+        "public": "Public (tout le monde)"
+    },
     "LEVELS": {
         "followers_and_remote_only": "Abonnées locaux et distants uniquement",
         "followers_only": "Abonnées uniquement",

From 8fbd34876e6e851c4ef234c053717b5d8904fca6 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 16 Feb 2023 14:11:41 +0100
Subject: [PATCH 216/238] API - fix test

---
 fittrackee/tests/comments/test_comments_models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 695adc2ee..28a191d45 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -68,7 +68,7 @@ def test_it_raises_error_when_privacy_is_invalid(
         with pytest.raises(
             InvalidVisibilityException,
             match=(
-                f'invalid visibility: {text_visibility}, '
+                f'invalid visibility: {text_visibility.value}, '
                 'federation is disabled.'
             ),
         ):

From 15a5bc5cd87c7c1507be92e328838fe244afe140 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 16 Feb 2023 18:37:21 +0100
Subject: [PATCH 217/238] API & Client - move federation activation in a
 environment variable

 to avoid enable activation w/o restarting the application
---
 .env.docker                                   |  5 ++-
 .env.example                                  |  3 ++
 fittrackee/application/app_config.py          |  3 --
 fittrackee/application/models.py              |  3 +-
 fittrackee/application/utils.py               |  1 -
 fittrackee/comments/comments.py               |  2 +-
 fittrackee/comments/models.py                 |  2 +-
 fittrackee/config.py                          |  3 ++
 fittrackee/federation/decorators.py           |  4 +-
 fittrackee/federation/utils/__init__.py       |  2 +-
 .../30_8842c351a2d8_init_social_features.py   | 11 -----
 .../tests/application/test_app_config_api.py  |  2 -
 fittrackee/tests/fixtures/fixtures_app.py     | 31 ++++++++-----
 fittrackee/users/auth.py                      |  2 +-
 fittrackee/users/models.py                    |  6 +--
 fittrackee/workouts/workouts.py               |  6 +--
 .../Administration/AdminApplication.vue       | 44 -------------------
 .../components/Administration/AdminMenu.vue   | 12 ++---
 .../src/locales/en/administration.json        |  2 +-
 .../src/locales/fr/administration.json        |  2 +-
 20 files changed, 50 insertions(+), 96 deletions(-)

diff --git a/.env.docker b/.env.docker
index 2eaeb8045..645818135 100644
--- a/.env.docker
+++ b/.env.docker
@@ -38,4 +38,7 @@ export WORKERS_PROCESSES=2
 # Weather
 # available weather API providers: darksky, visualcrossing
 # export WEATHER_API_PROVIDER=
-# export WEATHER_API_KEY=
\ No newline at end of file
+# export WEATHER_API_KEY=
+
+# Federation
+# export FEDERATION_ENABLED=False
\ No newline at end of file
diff --git a/.env.example b/.env.example
index c4615bcbe..d4ca7ddf5 100644
--- a/.env.example
+++ b/.env.example
@@ -38,3 +38,6 @@ export SENDER_EMAIL=
 # available weather API providers: darksky, visualcrossing
 # export WEATHER_API_PROVIDER=
 # export WEATHER_API_KEY=
+
+# Federation
+# export FEDERATION_ENABLED=False
diff --git a/fittrackee/application/app_config.py b/fittrackee/application/app_config.py
index fdd7545cc..a86ea7de8 100644
--- a/fittrackee/application/app_config.py
+++ b/fittrackee/application/app_config.py
@@ -110,7 +110,6 @@ def update_application_config(auth_user: User) -> Union[Dict, HttpResponse]:
       }
 
     :<json string admin_contact: email to contact the administrator
-    :<json boolean federation_enabled: is federation enabled?
     :<json integer gpx_limit_import: max number of files in zip archive
     :<json boolean is_registration_enabled: is registration enabled?
     :<json integer max_single_file_size: max size of a single file
@@ -142,8 +141,6 @@ def update_application_config(auth_user: User) -> Union[Dict, HttpResponse]:
 
     try:
         config = AppConfig.query.one()
-        if 'federation_enabled' in config_data:
-            config.federation_enabled = config_data.get('federation_enabled')
         if 'gpx_limit_import' in config_data:
             config.gpx_limit_import = config_data.get('gpx_limit_import')
         if 'max_single_file_size' in config_data:
diff --git a/fittrackee/application/models.py b/fittrackee/application/models.py
index b5d695b8f..4a1ec78af 100644
--- a/fittrackee/application/models.py
+++ b/fittrackee/application/models.py
@@ -22,7 +22,6 @@ class AppConfig(BaseModel):
     )
     max_zip_file_size = db.Column(db.Integer, default=10485760, nullable=False)
     admin_contact = db.Column(db.String(255), nullable=True)
-    federation_enabled = db.Column(db.Boolean, default=False, nullable=False)
 
     @property
     def is_registration_enabled(self) -> bool:
@@ -47,7 +46,7 @@ def serialize(self) -> Dict:
         weather_provider = os.getenv('WEATHER_API_PROVIDER', '').lower()
         return {
             'admin_contact': self.admin_contact,
-            'federation_enabled': self.federation_enabled,
+            'federation_enabled': current_app.config['FEDERATION_ENABLED'],
             'gpx_limit_import': self.gpx_limit_import,
             'is_email_sending_enabled': current_app.config['CAN_SEND_EMAILS'],
             'is_registration_enabled': self.is_registration_enabled,
diff --git a/fittrackee/application/utils.py b/fittrackee/application/utils.py
index a03b66712..eb8183fc2 100644
--- a/fittrackee/application/utils.py
+++ b/fittrackee/application/utils.py
@@ -28,7 +28,6 @@ def get_or_init_config() -> AppConfig:
 def update_app_config_from_database(
     current_app: Flask, db_config: AppConfig
 ) -> None:
-    current_app.config['federation_enabled'] = db_config.federation_enabled
     current_app.config['gpx_limit_import'] = db_config.gpx_limit_import
     current_app.config['max_single_file_size'] = db_config.max_single_file_size
     current_app.config['MAX_CONTENT_LENGTH'] = db_config.max_zip_file_size
diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index bab3d434f..a9afa9d00 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -47,7 +47,7 @@ def sending_comment_activities_allowed(
 ) -> bool:
     if deleted_mentioned_users is None:
         deleted_mentioned_users = set()
-    return current_app.config['federation_enabled'] and (
+    return current_app.config['FEDERATION_ENABLED'] and (
         comment.has_remote_mentions
         or len(deleted_mentioned_users) > 0
         or comment.text_visibility
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index 1fa0838d5..4847278cc 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -125,7 +125,7 @@ def __init__(
     ) -> None:
         if (
             text_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE
-            and not current_app.config['federation_enabled']
+            and not current_app.config['FEDERATION_ENABLED']
         ):
             raise InvalidVisibilityException(
                 "invalid visibility: followers_and_remote_only, "
diff --git a/fittrackee/config.py b/fittrackee/config.py
index e58f6e72e..8add7e7e5 100644
--- a/fittrackee/config.py
+++ b/fittrackee/config.py
@@ -72,6 +72,9 @@ class BaseConfig:
     OAUTH2_REFRESH_TOKEN_GENERATOR = True
     VERSION = VERSION
     # ActivityPub
+    FEDERATION_ENABLED = (
+        os.environ.get('FEDERATION_ENABLED', 'false').lower() == 'true'
+    )
     AP_DOMAIN = remove_url_scheme(UI_URL)
 
 
diff --git a/fittrackee/federation/decorators.py b/fittrackee/federation/decorators.py
index 0ca4e6106..21b4104e8 100644
--- a/fittrackee/federation/decorators.py
+++ b/fittrackee/federation/decorators.py
@@ -17,7 +17,7 @@
 def federation_required(f: Callable) -> Callable:
     @wraps(f)
     def decorated_function(*args: Any, **kwargs: Any) -> Callable:
-        if not current_app.config['federation_enabled']:
+        if not current_app.config['FEDERATION_ENABLED']:
             raise FederationDisabledException()
         return f(*args, **kwargs)
 
@@ -27,7 +27,7 @@ def decorated_function(*args: Any, **kwargs: Any) -> Callable:
 def federation_required_for_route(f: Callable) -> Callable:
     @wraps(f)
     def decorated_function(*args: Any, **kwargs: Any) -> Callable:
-        if not current_app.config['federation_enabled']:
+        if not current_app.config['FEDERATION_ENABLED']:
             return DisabledFederationErrorResponse()
         app_domain = Domain.query.filter_by(
             name=current_app.config['AP_DOMAIN']
diff --git a/fittrackee/federation/utils/__init__.py b/fittrackee/federation/utils/__init__.py
index 14466c90a..d213fcfc5 100644
--- a/fittrackee/federation/utils/__init__.py
+++ b/fittrackee/federation/utils/__init__.py
@@ -62,7 +62,7 @@ def is_invalid_activity_data(activity_data: Dict) -> bool:
 
 
 def sending_activities_allowed(visibility: PrivacyLevel) -> bool:
-    return current_app.config['federation_enabled'] and visibility in (
+    return current_app.config['FEDERATION_ENABLED'] and visibility in (
         PrivacyLevel.PUBLIC,
         PrivacyLevel.FOLLOWERS_AND_REMOTE,
     )
diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index a871bfd71..e3cb91dc4 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -30,15 +30,6 @@
 
 
 def upgrade():
-    op.add_column(
-        'app_config',
-        sa.Column(
-            'federation_enabled', sa.Boolean(), nullable=True, default=False
-        ),
-    )
-    op.execute('UPDATE app_config SET federation_enabled = false')
-    op.alter_column('app_config', 'federation_enabled', nullable=False)
-
     domain_table = op.create_table(
         'domains',
         sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
@@ -353,5 +344,3 @@ def downgrade():
     op.create_unique_constraint('users_username_key', 'users', ['username'])
 
     op.drop_table('domains')
-
-    op.drop_column('app_config', 'federation_enabled')
diff --git a/fittrackee/tests/application/test_app_config_api.py b/fittrackee/tests/application/test_app_config_api.py
index a8f7c598b..49b353a03 100644
--- a/fittrackee/tests/application/test_app_config_api.py
+++ b/fittrackee/tests/application/test_app_config_api.py
@@ -111,7 +111,6 @@ def test_it_updates_all_config(
             data=json.dumps(
                 dict(
                     admin_contact=admin_email,
-                    federation_enabled=True,
                     gpx_limit_import=20,
                     max_single_file_size=10000,
                     max_zip_file_size=25000,
@@ -125,7 +124,6 @@ def test_it_updates_all_config(
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
         assert data['data']['admin_contact'] == admin_email
-        assert data['data']['federation_enabled'] is True
         assert data['data']['gpx_limit_import'] == 20
         assert data['data']['is_registration_enabled'] is True
         assert data['data']['max_single_file_size'] == 10000
diff --git a/fittrackee/tests/fixtures/fixtures_app.py b/fittrackee/tests/fixtures/fixtures_app.py
index 4d22c5f26..8198fff7f 100644
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@@ -25,7 +25,6 @@ def get_app_config(
     max_single_file_size: Optional[Union[int, float]] = None,
     max_zip_file_size: Optional[Union[int, float]] = None,
     max_users: Optional[int] = None,
-    with_federation: Optional[bool] = False,
 ) -> Optional[AppConfig]:
     if with_config:
         config = AppConfig.query.one_or_none()
@@ -33,7 +32,6 @@ def get_app_config(
             config = AppConfig()
             db.session.add(config)
             db.session.flush()
-        config.federation_enabled = with_federation
         config.gpx_limit_import = 10 if max_workouts is None else max_workouts
         config.max_single_file_size = (
             (1 if max_single_file_size is None else max_single_file_size)
@@ -57,7 +55,6 @@ def get_app(
     max_single_file_size: Optional[Union[int, float]] = None,
     max_zip_file_size: Optional[Union[int, float]] = None,
     max_users: Optional[int] = None,
-    with_federation: Optional[bool] = False,
     with_domain: Optional[bool] = True,
 ) -> Generator:
     app = create_app()
@@ -71,7 +68,6 @@ def get_app(
                 max_single_file_size,
                 max_zip_file_size,
                 max_users,
-                with_federation,
             )
             if app_db_config:
                 update_app_config_from_database(app, app_db_config)
@@ -103,6 +99,7 @@ def get_app(
 
 @pytest.fixture
 def app(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://none:none@0.0.0.0:1025')
     if os.getenv('TILE_SERVER_URL'):
         monkeypatch.delenv('TILE_SERVER_URL')
@@ -117,12 +114,14 @@ def app(monkeypatch: pytest.MonkeyPatch) -> Generator:
 
 @pytest.fixture
 def app_default_static_map(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('DEFAULT_STATICMAP', 'True')
     yield from get_app(with_config=True)
 
 
 @pytest.fixture
 def app_with_max_workouts(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://none:none@0.0.0.0:1025')
     yield from get_app(with_config=True, max_workouts=2)
 
@@ -131,35 +130,41 @@ def app_with_max_workouts(monkeypatch: pytest.MonkeyPatch) -> Generator:
 def app_with_max_file_size_equals_0(
     monkeypatch: pytest.MonkeyPatch,
 ) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://none:none@0.0.0.0:1025')
     yield from get_app(with_config=True, max_single_file_size=0)
 
 
 @pytest.fixture
 def app_with_max_file_size(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://none:none@0.0.0.0:1025')
     yield from get_app(with_config=True, max_single_file_size=0.001)
 
 
 @pytest.fixture
 def app_with_max_zip_file_size(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://none:none@0.0.0.0:1025')
     yield from get_app(with_config=True, max_zip_file_size=0.001)
 
 
 @pytest.fixture
 def app_with_3_users_max(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://none:none@0.0.0.0:1025')
     yield from get_app(with_config=True, max_users=3)
 
 
 @pytest.fixture
-def app_no_config() -> Generator:
+def app_no_config(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     yield from get_app(with_config=False)
 
 
 @pytest.fixture
 def app_ssl(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv(
         'EMAIL_URL', 'smtp://username:password@0.0.0.0:1025?ssl=True'
     )
@@ -168,6 +173,7 @@ def app_ssl(monkeypatch: pytest.MonkeyPatch) -> Generator:
 
 @pytest.fixture
 def app_tls(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv(
         'EMAIL_URL', 'smtp://username:password@0.0.0.0:1025?tls=True'
     )
@@ -176,32 +182,33 @@ def app_tls(monkeypatch: pytest.MonkeyPatch) -> Generator:
 
 @pytest.fixture
 def app_wo_email_auth(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', 'smtp://0.0.0.0:1025')
     yield from get_app(with_config=True)
 
 
 @pytest.fixture
 def app_wo_email_activation(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'False')
     monkeypatch.setenv('EMAIL_URL', '')
     yield from get_app(with_config=True)
 
 
 @pytest.fixture
-def app_with_federation() -> Generator:
-    yield from get_app(with_config=True, with_federation=True)
+def app_with_federation(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'True')
+    yield from get_app(with_config=True)
 
 
 @pytest.fixture
-def app_wo_domain() -> Generator:
-    yield from get_app(
-        with_config=True, with_federation=True, with_domain=False
-    )
+def app_wo_domain(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('FEDERATION_ENABLED', 'True')
+    yield from get_app(with_config=True, with_domain=False)
 
 
 @pytest.fixture()
 def app_config() -> AppConfig:
     config = AppConfig()
-    config.federation_enabled = False
     config.gpx_limit_import = 10
     config.max_single_file_size = 1048576
     config.max_zip_file_size = 10485760
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index 3e9049569..c53b597cc 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -935,7 +935,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
     map_visibility = post_data.get('map_visibility')
     workouts_visibility = post_data.get('workouts_visibility')
 
-    if not current_app.config['federation_enabled'] and (
+    if not current_app.config['FEDERATION_ENABLED'] and (
         map_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
         or workouts_visibility == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
     ):
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 3b6aad55d..d33f0dadd 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -300,7 +300,7 @@ def send_follow_request_to(self, target: 'User') -> FollowRequest:
             follow_request.updated_at = datetime.utcnow()
         db.session.commit()
 
-        if current_app.config['federation_enabled']:
+        if current_app.config['FEDERATION_ENABLED']:
             # send Follow activity to remote followed user
             if target.actor.is_remote:
                 send_to_remote_inbox.send(
@@ -327,7 +327,7 @@ def unfollows(self, target: 'User') -> None:
         if not existing_follow_request:
             raise NotExistingFollowRequestError()
 
-        if current_app.config['federation_enabled']:
+        if current_app.config['FEDERATION_ENABLED']:
             undo_activity = existing_follow_request.get_activity(undo=True)
 
             # send Undo activity to remote followed user
@@ -366,7 +366,7 @@ def _processes_follow_request_from(
         follow_request.updated_at = datetime.now()
         db.session.commit()
 
-        if current_app.config['federation_enabled'] and user.actor.is_remote:
+        if current_app.config['FEDERATION_ENABLED'] and user.actor.is_remote:
             send_to_remote_inbox.send(
                 sender_id=self.actor.id,
                 activity=follow_request.get_activity(),
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 391aa18c2..a6b6b29ca 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1016,7 +1016,7 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
     if not workout_data or workout_data.get('sport_id') is None:
         return InvalidPayloadErrorResponse()
 
-    if not current_app.config['federation_enabled'] and (
+    if not current_app.config['FEDERATION_ENABLED'] and (
         workout_data.get('workout_visibility')
         == PrivacyLevel.FOLLOWERS_AND_REMOTE.value
         or workout_data.get('map_visibility')
@@ -1205,7 +1205,7 @@ def post_workout_no_gpx(
         return InvalidPayloadErrorResponse()
 
     if (
-        not current_app.config['federation_enabled']
+        not current_app.config['FEDERATION_ENABLED']
         and workout_data.get('workout_visibility')
         == PrivacyLevel.FOLLOWERS_AND_REMOTE
     ):
@@ -1386,7 +1386,7 @@ def update_workout(
 
     try:
         old_workout = (
-            copy(workout) if current_app.config['federation_enabled'] else None
+            copy(workout) if current_app.config['FEDERATION_ENABLED'] else None
         )
 
         if not workout.gpx:
diff --git a/fittrackee_client/src/components/Administration/AdminApplication.vue b/fittrackee_client/src/components/Administration/AdminApplication.vue
index 67ab4ea22..83c450f7f 100644
--- a/fittrackee_client/src/components/Administration/AdminApplication.vue
+++ b/fittrackee_client/src/components/Administration/AdminApplication.vue
@@ -4,27 +4,6 @@
       <template #title>{{ $t('admin.APP_CONFIG.TITLE') }}</template>
       <template #content>
         <form class="admin-form" @submit.prevent="onSubmit">
-          <div class="federation">
-            <label for="federation_enabled">
-              {{ $t('admin.APP_CONFIG.FEDERATION_ENABLED') }}:
-            </label>
-            <div class="federation-checkbox">
-              <input
-                v-if="edition"
-                id="federation_enabled"
-                name="federation_enabled"
-                type="checkbox"
-                v-model="appData.federation_enabled"
-              />
-              <i
-                v-else
-                :class="`fa fa${
-                  appData.federation_enabled ? '-check' : ''
-                }-square-o`"
-                aria-hidden="true"
-              />
-            </div>
-          </div>
           <label for="admin_contact">
             {{ $t('admin.APP_CONFIG.ADMIN_CONTACT') }}:
             <input
@@ -203,29 +182,6 @@
     }
   }
 
-  .federation {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    margin: $default-margin 0;
-
-    .federation-checkbox {
-      width: 51%;
-      margin-right: $default-margin * 5;
-
-      input[type='checkbox'] {
-        margin-left: -$default-padding;
-      }
-
-      @media screen and (max-width: $medium-limit) {
-        margin-right: 0;
-        input[type='checkbox'] {
-          margin-left: -$default-padding;
-        }
-      }
-    }
-  }
-
   .no-contact {
     font-style: italic;
   }
diff --git a/fittrackee_client/src/components/Administration/AdminMenu.vue b/fittrackee_client/src/components/Administration/AdminMenu.vue
index 274457043..41c101f7b 100644
--- a/fittrackee_client/src/components/Administration/AdminMenu.vue
+++ b/fittrackee_client/src/components/Administration/AdminMenu.vue
@@ -13,20 +13,20 @@
             </dt>
             <dd class="application-config-details">
               {{ $t('admin.UPDATE_APPLICATION_DESCRIPTION') }}
-              <span class="federation-status">
+              <span class="registration-status">
                 {{
                   $t(
-                    `admin.FEDERATION_${
-                      appConfig.federation_enabled ? 'ENABLED' : 'DISABLED'
+                    `admin.REGISTRATION_${
+                      appConfig.is_registration_enabled ? 'ENABLED' : 'DISABLED'
                     }`
                   )
                 }}
               </span>
-              <span class="registration-status">
+              <span class="federation-status">
                 {{
                   $t(
-                    `admin.REGISTRATION_${
-                      appConfig.is_registration_enabled ? 'ENABLED' : 'DISABLED'
+                    `admin.FEDERATION_${
+                      appConfig.federation_enabled ? 'ENABLED' : 'DISABLED'
                     }`
                   )
                 }}
diff --git a/fittrackee_client/src/locales/en/administration.json b/fittrackee_client/src/locales/en/administration.json
index 18d9f3527..0b46fec36 100644
--- a/fittrackee_client/src/locales/en/administration.json
+++ b/fittrackee_client/src/locales/en/administration.json
@@ -40,7 +40,7 @@
         },
         "TITLE": "Sports administration"
     },
-    "UPDATE_APPLICATION_DESCRIPTION": "Update application configuration (maximum number of registered users, maximum files size).",
+    "UPDATE_APPLICATION_DESCRIPTION": "Update application configuration (maximum number of registered users, maximum files size, admin email).",
     "UPDATE_USER_EMAIL": "Update email",
     "USER": "user | users",
     "USERS": {
diff --git a/fittrackee_client/src/locales/fr/administration.json b/fittrackee_client/src/locales/fr/administration.json
index 1704d8b14..355d4116e 100644
--- a/fittrackee_client/src/locales/fr/administration.json
+++ b/fittrackee_client/src/locales/fr/administration.json
@@ -40,7 +40,7 @@
         },
         "TITLE": "Administration - Sports"
     },
-    "UPDATE_APPLICATION_DESCRIPTION": "Configurer l'application (nombre maximum d'utilisateurs inscrits, taille maximale des fichers).",
+    "UPDATE_APPLICATION_DESCRIPTION": "Configurer l'application (nombre maximum d'utilisateurs inscrits, taille maximale des fichiers, email de de d'administrateur).",
     "UPDATE_USER_EMAIL": "Changer l'email",
     "USER": "utilisateur | utilisateurs",
     "USERS": {

From ab46fa22d75f2a87c4d3d2c2cf6ca2aa41428f51 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Thu, 16 Feb 2023 18:46:53 +0100
Subject: [PATCH 218/238] API - minor fix

---
 e2e/test_registration.py                                    | 2 +-
 fittrackee/tests/emails/test_email_template_email_update.py | 5 -----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/e2e/test_registration.py b/e2e/test_registration.py
index 7994fda37..5279972dc 100644
--- a/e2e/test_registration.py
+++ b/e2e/test_registration.py
@@ -51,7 +51,7 @@ def test_user_can_register(self, selenium):
         }
 
         register(selenium, user)
-        print(selenium.find_element)
+
         message = selenium.find_element(By.CLASS_NAME, 'success-message').text
         assert (
             'A link to activate your account has been '
diff --git a/fittrackee/tests/emails/test_email_template_email_update.py b/fittrackee/tests/emails/test_email_template_email_update.py
index 9893ee50b..cd4451653 100644
--- a/fittrackee/tests/emails/test_email_template_email_update.py
+++ b/fittrackee/tests/emails/test_email_template_email_update.py
@@ -105,11 +105,6 @@ def test_it_gets_fr_html_body(self, app: Flask) -> None:
             'email_update_to_current_email', 'fr', 'body.html', self.EMAIL_DATA
         )
 
-        print('')
-        print(expected_fr_current_email_html_body)
-        print('')
-        print(text_body)
-
         assert expected_fr_current_email_html_body in text_body
 
 

From 46ca3b82ec5ebea1757a9d768767bee831a0ca0b Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 20 Feb 2023 17:08:20 +0100
Subject: [PATCH 219/238] API - fix mentions on remote comment

---
 fittrackee/comments/utils.py                  | 21 ++++++++++++-------
 fittrackee/tests/comments/test_utils.py       | 14 ++++++-------
 .../tests/federation/comments/test_utils.py   | 13 ++++++------
 .../test_federation_activities_activities.py  |  6 +++++-
 4 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/fittrackee/comments/utils.py b/fittrackee/comments/utils.py
index a2c66ffb3..1a4f7116c 100644
--- a/fittrackee/comments/utils.py
+++ b/fittrackee/comments/utils.py
@@ -9,24 +9,29 @@
 if TYPE_CHECKING:
     from fittrackee.users.models import User
 
-MENTION_REGEX = r'(@[\w_\-\.]+)(@[\w_\-\.]+\.[a-z]{2,})?'
+MENTION_REGEX = (
+    r'(@(<span\s*.*>)?([\w_\-\.]+))(@([\w_\-\.]+\.[a-z]{2,}))?(<\/span>)?'
+)
 LINK_TEMPLATE = (
-    '<a href="{url}" target="_blank" rel="noopener noreferrer">{username}</a>'
+    '<a href="{url}" target="_blank" rel="noopener noreferrer">'
+    '@<span>{username}</span></a>'
 )
 
 
 def handle_mentions(text: str) -> Tuple[str, Dict[str, Set['User']]]:
     mentioned_users: Dict[str, Set['User']] = {"local": set(), "remote": set()}
-    for username, domain in re.findall(re.compile(MENTION_REGEX), text):
-        mention = f"{username}{domain}"
+    for _, _, username, _, domain, _ in re.findall(
+        re.compile(MENTION_REGEX), text
+    ):
+        mention = f"{username}{f'@{domain}' if domain else ''}"
         remote_domain = (
-            domain
-            if domain.lstrip('@') != current_app.config['AP_DOMAIN']
+            f"@{domain}"
+            if domain and domain != current_app.config['AP_DOMAIN']
             else ''
         )
         try:
             user = get_user_from_username(
-                user_name=f"{username.lstrip('@')}{remote_domain}",
+                user_name=f"{username}{remote_domain}",
                 with_action="creation",
             )
         except UserNotFoundException:
@@ -37,7 +42,7 @@ def handle_mentions(text: str) -> Tuple[str, Dict[str, Set['User']]]:
             else:
                 mentioned_users["local"].add(user)
             text = text.replace(
-                mention,
+                f"@{mention}",
                 LINK_TEMPLATE.format(
                     url=user.actor.profile_url, username=mention
                 ),
diff --git a/fittrackee/tests/comments/test_utils.py b/fittrackee/tests/comments/test_utils.py
index 354d9abf0..ed2bce53d 100644
--- a/fittrackee/tests/comments/test_utils.py
+++ b/fittrackee/tests/comments/test_utils.py
@@ -61,15 +61,14 @@ def test_it_returns_user_when_mentioned_by_username(
     def test_it_returns_text_with_link_when_user_found_by_username(
         self, app: Flask, user_1: User
     ) -> None:
-        mention = f"@{user_1.fullname}"
-        text = f"{mention} {random_string()}"
+        text = f"@{user_1.username} {random_string()}"
 
         linkified_text, _ = handle_mentions(text)
 
         assert linkified_text == text.replace(
-            mention,
+            f"@{user_1.username}",
             f'<a href="{user_1.get_user_url()}" target="_blank" '
-            f'rel="noopener noreferrer">{mention}</a>',
+            f'rel="noopener noreferrer">@<span>{user_1.username}</span></a>',
         )
 
     def test_it_returns_user_when_mentioned_by_actor_fullname(
@@ -84,15 +83,14 @@ def test_it_returns_user_when_mentioned_by_actor_fullname(
     def test_it_returns_text_with_link_when_user_found_by_actor_fullname(
         self, app: Flask, user_1: User
     ) -> None:
-        mention = f"@{user_1.fullname}"
-        text = f"{mention} {random_string()}"
+        text = f"@{user_1.fullname} {random_string()}"
 
         linkified_text, _ = handle_mentions(text)
 
         assert linkified_text == text.replace(
-            mention,
+            f"@{user_1.fullname}",
             f'<a href="{user_1.get_user_url()}" target="_blank" '
-            f'rel="noopener noreferrer">{mention}</a>',
+            f'rel="noopener noreferrer">@<span>{user_1.fullname}</span></a>',
         )
 
     def test_it_returns_deduplicated_user_when_mentioned_twice(
diff --git a/fittrackee/tests/federation/comments/test_utils.py b/fittrackee/tests/federation/comments/test_utils.py
index 2249710c7..d9031ffa1 100644
--- a/fittrackee/tests/federation/comments/test_utils.py
+++ b/fittrackee/tests/federation/comments/test_utils.py
@@ -50,15 +50,15 @@ def test_it_creates_remote_user(
     def test_it_returns_text_with_link_when_remote_user_found(
         self, update_mock: Mock, app_with_federation: Flask, remote_user: User
     ) -> None:
-        mention = f"@{remote_user.fullname}"
-        text = f"{mention} {random_string()}"
+        text = f"@{remote_user.fullname} {random_string()}"
 
         linkified_text, _ = handle_mentions(text)
 
         assert linkified_text == text.replace(
-            mention,
+            f"@{remote_user.fullname}",
             f'<a href="{remote_user.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">{mention}</a>',
+            f'rel="noopener noreferrer">@<span>{remote_user.fullname}</span>'
+            f'</a>',
         )
 
     def test_it_returns_text_when_multiple_users(
@@ -77,9 +77,10 @@ def test_it_returns_text_when_multiple_users(
         assert linkified_text == text.replace(
             local_mention,
             f'<a href="{user_1.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">{local_mention}</a>',
+            f'rel="noopener noreferrer">@<span>{user_1.username}</span></a>',
         ).replace(
             remote_mention,
             f'<a href="{remote_user.actor.profile_url}" target="_blank" '
-            f'rel="noopener noreferrer">{remote_mention}</a>',
+            f'rel="noopener noreferrer">@<span>{remote_user.fullname}</span>'
+            f'</a>',
         )
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 057e50151..2cc25cae0 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -1300,7 +1300,11 @@ def test_it_creates_mentioned_users_when_comment_has_mention(
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=random_actor,
             workout=workout_cycling_user_1,
-            text=f"@{random_actor.fullname}",
+            text=(
+                f'<a href="{self.random_string()}" target="_blank" '
+                f'rel="noopener noreferrer">@<span>{random_actor.fullname}'
+                f'</span></a>'
+            ),
             visibility=PrivacyLevel.PUBLIC,
         )
         activity = get_activity_instance({'type': comment_activity['type']})(

From 9158fdb049ac36c3516bde22d3f2fa93990b420c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 20 Feb 2023 18:08:09 +0100
Subject: [PATCH 220/238] API - skip errored users when handling mentions

---
 fittrackee/comments/utils.py                  |  5 +++--
 .../tests/federation/comments/test_utils.py   | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/fittrackee/comments/utils.py b/fittrackee/comments/utils.py
index 1a4f7116c..2895fe854 100644
--- a/fittrackee/comments/utils.py
+++ b/fittrackee/comments/utils.py
@@ -3,8 +3,8 @@
 
 from flask import current_app
 
+from fittrackee import appLog
 from fittrackee.federation.utils.user import get_user_from_username
-from fittrackee.users.exceptions import UserNotFoundException
 
 if TYPE_CHECKING:
     from fittrackee.users.models import User
@@ -34,7 +34,8 @@ def handle_mentions(text: str) -> Tuple[str, Dict[str, Set['User']]]:
                 user_name=f"{username}{remote_domain}",
                 with_action="creation",
             )
-        except UserNotFoundException:
+        except Exception as e:
+            appLog.error(f"Error when getting mentioned user: {str(e)}")
             user = None
         if user:
             if user.is_remote:
diff --git a/fittrackee/tests/federation/comments/test_utils.py b/fittrackee/tests/federation/comments/test_utils.py
index d9031ffa1..72a95cb50 100644
--- a/fittrackee/tests/federation/comments/test_utils.py
+++ b/fittrackee/tests/federation/comments/test_utils.py
@@ -3,12 +3,31 @@
 from flask import Flask
 
 from fittrackee.comments.utils import handle_mentions
+from fittrackee.federation.exceptions import RemoteActorException
+from fittrackee.federation.models import Domain
 from fittrackee.tests.utils import RandomActor, random_string
 from fittrackee.users.models import User
 
 
 @patch('fittrackee.federation.utils.user.update_remote_user')
 class TestGetMentionedUsers:
+    def test_it_does_not_raise_exception_when_fetching_actor_raises_exception(
+        self,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        remote_domain: Domain,
+    ) -> None:
+        text = f"@foo@{remote_domain.name} {random_string()}"
+
+        with patch(
+            "fittrackee.federation.utils.user."
+            "create_remote_user_from_username",
+            side_effect=RemoteActorException(),
+        ):
+            _, mentioned_users = handle_mentions(text)
+
+        assert mentioned_users == {"local": set(), "remote": set()}
+
     def test_it_does_not_return_remote_user_when_mentioned_by_username(
         self, update_mock: Mock, app_with_federation: Flask, remote_user: User
     ) -> None:

From dd656f903a19a11097fa8854c918a686da147bb9 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 20 Feb 2023 18:51:12 +0100
Subject: [PATCH 221/238] Client - avoid non existing user fullname to be
 linkified as mailto URL

---
 fittrackee_client/src/utils/inputs.ts             | 14 +++++++++++---
 fittrackee_client/tests/unit/utils/inputs.spec.ts |  4 ++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/fittrackee_client/src/utils/inputs.ts b/fittrackee_client/src/utils/inputs.ts
index 1add5875e..07573372d 100644
--- a/fittrackee_client/src/utils/inputs.ts
+++ b/fittrackee_client/src/utils/inputs.ts
@@ -2,7 +2,15 @@ import linkifyHtml from 'linkify-html'
 import sanitizeHtml from 'sanitize-html'
 
 export const linkifyAndClean = (input: string): string => {
-  return sanitizeHtml(linkifyHtml(input, { target: '_blank' }), {
-    allowedTags: ['a', 'p', 'span'],
-  })
+  return sanitizeHtml(
+    linkifyHtml(input, {
+      target: '_blank',
+      validate: {
+        email: () => false,
+      },
+    }),
+    {
+      allowedTags: ['a', 'p', 'span'],
+    }
+  )
 }
diff --git a/fittrackee_client/tests/unit/utils/inputs.spec.ts b/fittrackee_client/tests/unit/utils/inputs.spec.ts
index 301bbdf9a..734037def 100644
--- a/fittrackee_client/tests/unit/utils/inputs.spec.ts
+++ b/fittrackee_client/tests/unit/utils/inputs.spec.ts
@@ -23,6 +23,10 @@ describe('linkifyAndClean (URL is linkified)', () => {
       'link: <a href="http://www.example.com" target="_blank">http://www.example.com</a>'
     )
   })
+
+  it('it does not return user fullname as mailto link', () => {
+    assert.equal(linkifyAndClean('@foo@example.com'), '@foo@example.com')
+  })
 })
 
 describe('linkifyAndClean (input sanitization)', () => {

From ec1771684cd7a81dc6c160b02465f9cbe59dd3d0 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 20 Feb 2023 19:14:13 +0100
Subject: [PATCH 222/238] Client - add loader to comments

---
 .../src/components/Comment/Comment.vue        |  4 +++
 .../src/components/Comment/CommentEdition.vue | 36 ++++++++++++++-----
 .../src/components/Comment/Comments.vue       | 25 +++++++++++--
 .../src/components/Common/Modal.vue           | 12 ++++++-
 .../src/store/modules/workouts/actions.ts     | 12 +++++++
 .../src/store/modules/workouts/enums.ts       |  1 +
 .../src/store/modules/workouts/mutations.ts   |  7 ++++
 .../src/store/modules/workouts/state.ts       |  1 +
 .../src/store/modules/workouts/types.ts       |  4 +++
 fittrackee_client/src/types/workouts.ts       |  1 +
 10 files changed, 91 insertions(+), 12 deletions(-)

diff --git a/fittrackee_client/src/components/Comment/Comment.vue b/fittrackee_client/src/components/Comment/Comment.vue
index e26db5ac5..8090b46ea 100644
--- a/fittrackee_client/src/components/Comment/Comment.vue
+++ b/fittrackee_client/src/components/Comment/Comment.vue
@@ -65,6 +65,7 @@
         v-else
         :workout="workout"
         :comment="comment"
+        :comments_loading="comments_loading"
         @closeEdition="() => commentToEdit = null"
       />
       <Comment
@@ -73,6 +74,7 @@
         :comment="reply"
         :workout="workout"
         :authUser="authUser"
+        :comments_loading="comments_loading"
         @deleteComment="deleteComment(reply)"
       />
       <WorkoutCommentEdition
@@ -80,6 +82,7 @@
         class="add-comment-reply"
         :workout="workout"
         :reply-to="comment.id"
+        :comments_loading="comments_loading"
         @closeEdition="() => addReply = null"
       />
     </div>
@@ -107,6 +110,7 @@
     comment: IComment
     workout: IWorkout
     authUser: IAuthUserProfile
+    comments_loading: string | null
   }
 
   const props = defineProps<Props>()
diff --git a/fittrackee_client/src/components/Comment/CommentEdition.vue b/fittrackee_client/src/components/Comment/CommentEdition.vue
index 09e53ad30..2c2db078f 100644
--- a/fittrackee_client/src/components/Comment/CommentEdition.vue
+++ b/fittrackee_client/src/components/Comment/CommentEdition.vue
@@ -39,12 +39,17 @@
           </select>
         </div>
         <div class="spacer" />
-        <button class="confirm" type="submit">
-          {{ $t('buttons.SUBMIT') }}
-        </button>
-        <button class="cancel" @click.prevent="onCancel">
-          {{ $t('buttons.CANCEL') }}
-        </button>
+        <div v-if="isLoading">
+          <Loader />
+        </div>
+        <div class="comment-buttons" v-else>
+          <button class="confirm" type="submit">
+            {{ $t('buttons.SUBMIT') }}
+          </button>
+          <button class="cancel" @click.prevent="onCancel">
+            {{ $t('buttons.CANCEL') }}
+          </button>
+        </div>
       </div>
       <ErrorMessage :message="errorMessages" v-if="errorMessages"/>
     </form>
@@ -63,6 +68,7 @@
 
   interface Props {
     workout: IWorkout
+    comments_loading: string | null
     comment?: IComment | null
     replyTo?: string | null
   }
@@ -71,7 +77,7 @@
     comment: null,
     replyTo: null,
   })
-  const { workout, comment, replyTo }  = toRefs(props)
+  const { workout, comment, comments_loading, replyTo }  = toRefs(props)
 
   const store = useStore()
 
@@ -85,6 +91,11 @@
   const errorMessages: ComputedRef<string | string[] | null> = computed(
       () => store.getters[ROOT_STORE.GETTERS.ERROR_MESSAGES]
   )
+  const isLoading = computed(
+      () => comment.value ?
+          comment.value.id === comments_loading.value
+          : comments_loading.value === `new${replyTo.value ? `_${replyTo.value}` : ''}`
+  )
 
   function updateText(value: string) {
     commentText.value = value
@@ -101,7 +112,6 @@
         workout_id: workout.value.id,
       }
       store.dispatch(WORKOUTS_STORE.ACTIONS.EDIT_WORKOUT_COMMENT, payload)
-      emit('closeEdition')
     } else {
       const payload: ICommentForm = {
         text: commentText.value,
@@ -146,5 +156,15 @@
     .add-comment-label {
       font-style: italic;
     }
+    .comment-buttons {
+      display: flex;
+      gap: $default-padding;
+    }
+    .loader {
+      border-width: 5px;
+      height: 15px;
+      margin: 0 10px;
+      width: 15px;
+    }
   }
 </style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Comment/Comments.vue b/fittrackee_client/src/components/Comment/Comments.vue
index 2e3a860fb..97f0abeaa 100644
--- a/fittrackee_client/src/components/Comment/Comments.vue
+++ b/fittrackee_client/src/components/Comment/Comments.vue
@@ -4,6 +4,7 @@
       v-if="commentToDelete"
       :title="$t('common.CONFIRMATION')"
       :message="$t('workouts.COMMENTS.DELETION_CONFIRMATION')"
+      :loading="isDeleting"
       @confirmAction="deleteComment(commentToDelete)"
       @cancelAction="() => commentToDelete = null"
     />
@@ -11,13 +12,17 @@
       <template #title>
         {{ $t('workouts.COMMENTS.LABEL', 0) }}
       </template>
-      <template #content>
+      <template v-if="isLoading" #content>
+        <Loader />
+      </template>
+      <template v-else #content>
         <Comment
           v-for="comment in workoutData.comments"
           :key="comment.id"
           :comment="comment"
           :workout="workoutData.workout"
           :authUser="authUser"
+          :comments_loading="workoutData.comments_loading"
           @deleteComment="(c) => commentToDelete = c"
         />
         <div class="no-comments" v-if="workoutData.comments.length === 0">
@@ -25,7 +30,9 @@
         </div>
         <div class="add-comment" v-if="displayAddComment">
           <WorkoutCommentEdition
-            v-if="authUser.username" :workout="workoutData.workout"
+            v-if="authUser.username"
+            :workout="workoutData.workout"
+            :comments_loading="workoutData.comments_loading"
             @closeEdition="displayAddComment = false"
           />
         </div>
@@ -40,7 +47,7 @@
 </template>
 
 <script setup lang="ts">
-  import { Ref, ref, toRefs, watch } from "vue"
+  import { Ref, computed, onMounted, ref, toRefs, watch } from "vue"
 
   import WorkoutCommentEdition from "@/components/Comment/CommentEdition.vue"
   import { WORKOUTS_STORE } from "@/store/constants"
@@ -59,6 +66,12 @@
   const store = useStore()
   const commentToDelete: Ref<IComment | null> = ref(null)
   const displayAddComment: Ref<boolean> = ref(false)
+  const isLoading = computed(() => workoutData.value.comments_loading === 'all')
+  const isDeleting = computed(() => workoutData.value.comments_loading === 'delete')
+
+  onMounted(() =>
+    store.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, 'all'))
+
 
   function deleteComment(comment: IComment) {
     store.dispatch(WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT, {
@@ -96,5 +109,11 @@
     .add-comment-button {
       margin: $default-margin 0;
     }
+    .loader {
+      border-width: 5px;
+      height: 20px;
+      margin-left: 50%;
+      width: 20px;
+    }
   }
 </style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Common/Modal.vue b/fittrackee_client/src/components/Common/Modal.vue
index 02424c6c8..444800849 100644
--- a/fittrackee_client/src/components/Common/Modal.vue
+++ b/fittrackee_client/src/components/Common/Modal.vue
@@ -13,7 +13,10 @@
           </div>
           <div class="modal-message" v-else>{{ message }}</div>
           <ErrorMessage :message="errorMessages" v-if="errorMessages" />
-          <div class="modal-buttons">
+          <div v-if="loading">
+            <Loader />
+          </div>
+          <div class="modal-buttons" v-else>
             <button
               class="confirm"
               v-if="!errorMessages"
@@ -41,6 +44,7 @@
     title: string
     message: string
     strongMessage?: string | null
+    loading?: string | null
   }
   const props = withDefaults(defineProps<Props>(), {
     strongMessage: () => null,
@@ -110,6 +114,12 @@
           }
         }
       }
+      .loader {
+        border-width: 5px;
+        height: 20px;
+        margin-left: 45%;
+        width: 20px;
+      }
     }
   }
 </style>
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index f8d976518..46e0ccb54 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -250,6 +250,10 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: ICommentForm
   ): void {
+    context.commit(
+      WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING,
+      `new${payload.reply_to ? `_${payload.reply_to}` : ''}`
+    )
     const data = {
       text: payload.text,
       text_visibility: payload.text_visibility,
@@ -270,6 +274,7 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       })
       .catch((error) => {
         handleError(context, error)
+        context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, null)
       })
   },
   [WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS](
@@ -285,6 +290,7 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
             WORKOUTS_STORE.MUTATIONS.SET_WORKOUT_COMMENTS,
             res.data.data.comments
           )
+          context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, null)
         } else {
           handleError(context, null)
         }
@@ -292,12 +298,16 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       .catch((error) => {
         handleError(context, error)
       })
+      .finally(() =>
+        context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, null)
+      )
   },
   [WORKOUTS_STORE.ACTIONS.DELETE_WORKOUT_COMMENT](
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: ICommentPayload
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, 'delete')
     authApi
       .delete(`workouts/${payload.workoutId}/comments/${payload.commentId}`)
       .then((res) => {
@@ -317,6 +327,7 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
     payload: ICommentForm
   ): void {
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+    context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, payload.id)
     authApi
       .patch(`workouts/${payload.workout_id}/comments/${payload.id}`, {
         text: payload.text,
@@ -331,6 +342,7 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
       })
       .catch((error) => {
         handleError(context, error)
+        context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, null)
       })
   },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/enums.ts b/fittrackee_client/src/store/modules/workouts/enums.ts
index 21d089c87..b1a1ba4cf 100644
--- a/fittrackee_client/src/store/modules/workouts/enums.ts
+++ b/fittrackee_client/src/store/modules/workouts/enums.ts
@@ -37,4 +37,5 @@ export enum WorkoutsMutations {
   SET_WORKOUTS_PAGINATION = 'SET_WORKOUTS_PAGINATION',
   ADD_WORKOUT_COMMENT = 'ADD_WORKOUT_COMMENT',
   SET_WORKOUT_COMMENTS = 'SET_WORKOUT_COMMENTS',
+  SET_COMMENT_LOADING = 'SET_COMMENT_LOADING',
 }
diff --git a/fittrackee_client/src/store/modules/workouts/mutations.ts b/fittrackee_client/src/store/modules/workouts/mutations.ts
index f155e40ed..c347e212a 100644
--- a/fittrackee_client/src/store/modules/workouts/mutations.ts
+++ b/fittrackee_client/src/store/modules/workouts/mutations.ts
@@ -78,6 +78,7 @@ export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
       workout: <IWorkout>{},
       chartData: [],
       comments: [],
+      comments_loading: null,
     }
   },
   [WORKOUTS_STORE.MUTATIONS.SET_WORKOUT_COMMENTS](
@@ -92,4 +93,10 @@ export const mutations: MutationTree<IWorkoutsState> & TWorkoutsMutations = {
   ) {
     state.workoutData.comments.push(comment)
   },
+  [WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING](
+    state: IWorkoutsState,
+    commentId: string | null
+  ) {
+    state.workoutData.comments_loading = commentId
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/state.ts b/fittrackee_client/src/store/modules/workouts/state.ts
index 00ca0d65b..91469f7c6 100644
--- a/fittrackee_client/src/store/modules/workouts/state.ts
+++ b/fittrackee_client/src/store/modules/workouts/state.ts
@@ -13,5 +13,6 @@ export const workoutsState: IWorkoutsState = {
     workout: <IWorkout>{},
     chartData: [],
     comments: [],
+    comments_loading: null,
   },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 1e8042b36..0c9bfcc44 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -135,6 +135,10 @@ export type TWorkoutsMutations<S = IWorkoutsState> = {
     state: S,
     comment: IComment
   ): void
+  [WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING](
+    state: S,
+    commentId: string | null
+  ): void
 }
 
 export type TWorkoutsStoreModule<S = IWorkoutsState> = Omit<
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 40a3d4f11..f1929f341 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -165,6 +165,7 @@ export interface IWorkoutData {
   workout: IWorkout
   chartData: IWorkoutApiChartData[]
   comments: IComment[]
+  comments_loading: string | null
 }
 
 export type TWorkoutDatasetKeys = 'speed' | 'elevation'

From ae38f347a678121c036e44fe2e5ba2a785882bf9 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Tue, 21 Feb 2023 11:24:11 +0100
Subject: [PATCH 223/238] API & Client - exclude inactive users for counts and
 users list

Inactive users are still displayed in admin
---
 fittrackee/federation/nodeinfo.py             |  10 +-
 fittrackee/federation/utils/user.py           |   1 +
 .../federation/test_federation_nodeinfo.py    |   6 +-
 .../fixtures/fixtures_federation_users.py     |   1 +
 fittrackee/tests/fixtures/fixtures_users.py   |   2 +
 fittrackee/tests/users/test_users_api.py      | 162 +++++++++++++++---
 fittrackee/tests/workouts/test_stats_api.py   |  20 +++
 fittrackee/users/users.py                     |  33 ++--
 fittrackee/workouts/stats.py                  |   4 +-
 .../components/Administration/AdminUsers.vue  |   2 +-
 .../Administration/AppStatsCards.vue          |   2 +-
 fittrackee_client/src/locales/en/user.json    |   1 +
 fittrackee_client/src/locales/fr/user.json    |   1 +
 .../src/store/modules/users/actions.ts        |  63 ++++---
 .../src/store/modules/users/enums.ts          |   1 +
 .../src/store/modules/users/types.ts          |   4 +
 16 files changed, 245 insertions(+), 68 deletions(-)

diff --git a/fittrackee/federation/nodeinfo.py b/fittrackee/federation/nodeinfo.py
index 24d446bcf..065db6be8 100644
--- a/fittrackee/federation/nodeinfo.py
+++ b/fittrackee/federation/nodeinfo.py
@@ -2,6 +2,7 @@
 
 from fittrackee.federation.models import Actor
 from fittrackee.responses import HttpResponse
+from fittrackee.users.models import User
 from fittrackee.workouts.models import Workout
 
 from .decorators import federation_required_for_route
@@ -101,7 +102,14 @@ def get_nodeinfo(app_domain: Domain) -> HttpResponse:
     """
     # TODO : add 'activeHalfyear' and 'activeMonth' for users
     workouts_count = Workout.query.filter().count()
-    actor_count = Actor.query.filter_by(domain_id=app_domain.id).count()
+    actor_count = (
+        Actor.query.join(User, User.actor_id == Actor.id)
+        .filter(
+            Actor.domain_id == app_domain.id,
+            User.is_active == True,  # noqa
+        )
+        .count()
+    )
     response = {
         'version': '2.0',
         'software': {
diff --git a/fittrackee/federation/utils/user.py b/fittrackee/federation/utils/user.py
index 13a9c51b2..12686d51e 100644
--- a/fittrackee/federation/utils/user.py
+++ b/fittrackee/federation/utils/user.py
@@ -149,6 +149,7 @@ def create_remote_user(remote_domain: Domain, remote_actor_url: str) -> User:
     )
     db.session.add(user)
     user.actor_id = actor.id
+    user.is_active = True
     update_actor_data(actor, remote_actor_object)
     db.session.commit()
     return actor.user
diff --git a/fittrackee/tests/federation/federation/test_federation_nodeinfo.py b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
index 7d605c279..95bf94726 100644
--- a/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
+++ b/fittrackee/tests/federation/federation/test_federation_nodeinfo.py
@@ -113,10 +113,12 @@ def test_it_displays_workouts_count(
         data = json.loads(response.data.decode())
         assert data['usage']['localWorkouts'] == 1
 
-    def test_only_local_actors_are_counted(
+    def test_only_local_active_actors_are_counted(
         self,
         app_with_federation: Flask,
         user_1: User,
+        user_2: User,
+        inactive_user: User,
         remote_user: User,
     ) -> None:
         client = app_with_federation.test_client()
@@ -128,7 +130,7 @@ def test_only_local_actors_are_counted(
         assert response.status_code == 200
         data = json.loads(response.data.decode())
 
-        assert data['usage']['users']['total'] == 1
+        assert data['usage']['users']['total'] == 2
 
     def test_it_displays_if_registration_is_disabled(
         self,
diff --git a/fittrackee/tests/fixtures/fixtures_federation_users.py b/fittrackee/tests/fixtures/fixtures_federation_users.py
index a6e239b12..2c4fe8e72 100644
--- a/fittrackee/tests/fixtures/fixtures_federation_users.py
+++ b/fittrackee/tests/fixtures/fixtures_federation_users.py
@@ -39,6 +39,7 @@ def generate_remote_user(
     user = User(username=user_name, email=None, password=None, is_remote=True)
     db.session.add(user)
     user.actor_id = actor.id
+    user.is_active = True
     db.session.commit()
     return user
 
diff --git a/fittrackee/tests/fixtures/fixtures_users.py b/fittrackee/tests/fixtures/fixtures_users.py
index fd31af9bc..28d43a4c4 100644
--- a/fittrackee/tests/fixtures/fixtures_users.py
+++ b/fittrackee/tests/fixtures/fixtures_users.py
@@ -129,6 +129,8 @@ def inactive_user() -> User:
     )
     user.confirmation_token = random_string()
     db.session.add(user)
+    db.session.flush()
+    user.create_actor()
     db.session.commit()
     return user
 
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 98490bc7e..e4b00e168 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -183,6 +183,24 @@ def test_it_returns_error_if_user_does_not_exist(
         assert 'not found' in data['status']
         assert 'user does not exist' in data['message']
 
+    def test_it_does_not_get_inactive_user(
+        self, app: Flask, user_1: User, inactive_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f'/api/users/{inactive_user.username}',
+            content_type='application/json',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 404
+        data = json.loads(response.data.decode())
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
+
     def test_it_gets_single_user_without_workouts(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
@@ -253,40 +271,37 @@ def test_it_gets_authenticated_user(
             user_1.serialize(user_1)
         )
 
-    def test_it_gets_inactive_user(
-        self, app: Flask, user_1_admin: User, inactive_user: User
+
+class TestGetUserAsUnauthenticatedUser(ApiTestCaseMixin):
+    def test_it_returns_error_if_user_does_not_exist(
+        self, app: Flask, user_1: User
     ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1_admin.email
-        )
+        client = app.test_client()
 
         response = client.get(
-            f'/api/users/{inactive_user.username}',
+            '/api/users/not_existing',
             content_type='application/json',
-            headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 404
         data = json.loads(response.data.decode())
-        assert response.status_code == 200
-        assert data['status'] == 'success'
-        assert len(data['data']['users']) == 1
-        user = data['data']['users'][0]
-        assert user == jsonify_dict(inactive_user.serialize(user_1_admin))
-
+        assert 'not found' in data['status']
+        assert 'user does not exist' in data['message']
 
-class TestGetUserAsUnauthenticatedUser(ApiTestCaseMixin):
-    def test_it_returns_error_if_user_does_not_exist(
-        self, app: Flask, user_1: User
+    def test_it_does_not_get_inactive_user(
+        self, app: Flask, user_1_admin: User, inactive_user: User
     ) -> None:
-        client = app.test_client()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
 
         response = client.get(
-            '/api/users/not_existing',
+            f'/api/users/{inactive_user.username}',
             content_type='application/json',
         )
-        data = json.loads(response.data.decode())
 
         assert response.status_code == 404
+        data = json.loads(response.data.decode())
         assert 'not found' in data['status']
         assert 'user does not exist' in data['message']
 
@@ -330,7 +345,7 @@ def test_it_gets_single_user_with_workouts(
 
 
 class TestGetUsersAsAdmin(ApiTestCaseMixin):
-    def test_it_get_users_list_regardless_their_account_status(
+    def test_it_get_users_list_without_inactive_users(
         self, app: Flask, user_1_admin: User, inactive_user: User, user_3: User
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
@@ -342,6 +357,36 @@ def test_it_get_users_list_regardless_their_account_status(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 2
+        assert data['data']['users'][0] == jsonify_dict(
+            user_1_admin.serialize(user_1_admin)
+        )
+        assert data['data']['users'][1] == jsonify_dict(
+            user_3.serialize(user_1_admin)
+        )
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 2,
+        }
+
+    def test_it_get_users_list_regardless_their_account_status(
+        self, app: Flask, user_1_admin: User, inactive_user: User, user_3: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?with_inactive=true',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert 'success' in data['status']
@@ -842,7 +887,7 @@ def test_it_gets_users_list_ordered_by_account_status(
         )
 
         response = client.get(
-            '/api/users?order_by=is_active',
+            '/api/users?order_by=is_active&with_inactive=true',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
@@ -873,7 +918,7 @@ def test_it_gets_users_list_ordered_by_account_status_ascending(
         )
 
         response = client.get(
-            '/api/users?order_by=is_active&order=asc',
+            '/api/users?order_by=is_active&order=asc&with_inactive=true',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
@@ -904,7 +949,7 @@ def test_it_gets_users_list_ordered_by_account_status_descending(
         )
 
         response = client.get(
-            '/api/users?order_by=is_active&order=desc',
+            '/api/users?order_by=is_active&order=desc&with_inactive=true',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
@@ -1021,6 +1066,55 @@ def test_it_filtering_on_username_is_case_insensitive(
         assert len(data['data']['users']) == 1
         assert 'toto' in data['data']['users'][0]['username']
 
+    def test_it_does_not_return_inactive_user_by_default(
+        self, app: Flask, user_1_admin: User, user_2: User, inactive_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?q=inactive',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 0
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 0,
+            'total': 0,
+        }
+
+    def test_it_returns_inactive_user(
+        self, app: Flask, user_1_admin: User, user_2: User, inactive_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/users?q=inactive&with_inactive=true',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        assert 'inactive' in data['data']['users'][0]['username']
+        assert data['pagination'] == {
+            'has_next': False,
+            'has_prev': False,
+            'page': 1,
+            'pages': 1,
+            'total': 1,
+        }
+
     @pytest.mark.parametrize(
         'input_desc, input_username',
         [
@@ -1123,15 +1217,29 @@ def test_expected_scopes_are_defined(
 
 
 class TestGetUsersAsUser(ApiTestCaseMixin):
-    def test_it_gets_users_list(
-        self, app: Flask, user_1: User, user_2: User, user_3: User
+    @pytest.mark.parametrize(
+        'input_description, input_params',
+        [
+            ("without params", ""),
+            ("only inactive users", "?with_inactive=true"),
+        ],
+    )
+    def test_it_gets_users_list_without_inactive_users(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        inactive_user: User,
+        user_3: User,
+        input_description: str,
+        input_params: str,
     ) -> None:
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
 
         response = client.get(
-            '/api/users',
+            f'/api/users{input_params}',
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
@@ -1200,7 +1308,7 @@ def test_it_gets_users_list_with_workouts(
         }
 
 
-class TestGetUsers(ApiTestCaseMixin):
+class TestGetUsersAsUnauthenticatedUser(ApiTestCaseMixin):
     def test_it_returns_error_if_user_is_not_authenticated(
         self, app: Flask, user_1: User, user_2: User
     ) -> None:
diff --git a/fittrackee/tests/workouts/test_stats_api.py b/fittrackee/tests/workouts/test_stats_api.py
index a6d95cb33..387adafb7 100644
--- a/fittrackee/tests/workouts/test_stats_api.py
+++ b/fittrackee/tests/workouts/test_stats_api.py
@@ -1114,6 +1114,26 @@ def test_it_returns_all_stats_when_users_have_no_workouts(
         assert data['data']['users'] == 2
         assert 'uploads_dir_size' in data['data']
 
+    def test_it_does_not_count_inactive_user(
+        self, app: Flask, user_1_admin: User, inactive_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.get(
+            '/api/stats/all',
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        data = json.loads(response.data.decode())
+        assert response.status_code == 200
+        assert 'success' in data['status']
+        assert data['data']['workouts'] == 0
+        assert data['data']['sports'] == 0
+        assert data['data']['users'] == 1
+        assert 'uploads_dir_size' in data['data']
+
     def test_it_gets_app_all_stats_with_workouts(
         self,
         app: Flask,
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 1bc0ba72e..61d393935 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -45,6 +45,17 @@
 users_blueprint = Blueprint('users', __name__)
 
 USERS_PER_PAGE = 10
+EMPTY_USERS_RESPONSE = {
+    'status': 'success',
+    'data': {'users': []},
+    'pagination': {
+        'has_next': False,
+        'has_prev': False,
+        'page': 1,
+        'pages': 0,
+        'total': 0,
+    },
+}
 
 
 def get_users_list(auth_user: User, remote: bool = False) -> Dict:
@@ -56,18 +67,10 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
             user = get_user_from_username(query, with_action='creation')
         except Exception as e:  # noqa
             appLog.error(f"Error when searching user '{query}': {e}")
-            return {
-                'status': 'success',
-                'data': {'users': []},
-                'pagination': {
-                    'has_next': False,
-                    'has_prev': False,
-                    'page': 1,
-                    'pages': 0,
-                    'total': 0,
-                },
-            }
+            return EMPTY_USERS_RESPONSE
         if user:
+            if not user.is_active and not auth_user.admin:
+                return EMPTY_USERS_RESPONSE
             return {
                 'status': 'success',
                 'data': {'users': [user.serialize(auth_user)]},
@@ -86,10 +89,16 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
         per_page = 50
     user_column = getattr(User, params.get('order_by', 'username'))
     order = params.get('order', 'asc')
+    with_inactive = params.get('with_inactive', 'false').lower()
+    if not auth_user or not auth_user.admin:
+        with_inactive = 'false'
     users_pagination = (
         User.query.filter(
             User.username.ilike('%' + query + '%') if query else True,
             User.is_remote == remote,
+            True
+            if with_inactive == 'true'
+            else User.is_active == True,  # noqa
         )
         .order_by(asc(user_column) if order == 'asc' else desc(user_column))
         .paginate(page=page, per_page=per_page, error_out=False)
@@ -522,6 +531,8 @@ def get_single_user(
     try:
         user = get_user_from_username(user_name, with_action='refresh')
         if user:
+            if (not auth_user or not auth_user.admin) and not user.is_active:
+                return UserNotFoundErrorResponse()
             return {
                 'status': 'success',
                 'data': {'users': [user.serialize(auth_user)]},
diff --git a/fittrackee/workouts/stats.py b/fittrackee/workouts/stats.py
index 80c79e7cd..b5b09e0ee 100644
--- a/fittrackee/workouts/stats.py
+++ b/fittrackee/workouts/stats.py
@@ -427,7 +427,9 @@ def get_application_stats(auth_user: User) -> Dict:
     """
 
     nb_workouts = Workout.query.filter().count()
-    nb_users = User.query.filter(User.is_remote == False).count()  # noqa
+    nb_users = User.query.filter(
+        User.is_remote == False, User.is_active == True  # noqa
+    ).count()
     nb_sports = (
         db.session.query(func.count(Workout.sport_id))
         .group_by(Workout.sport_id)
diff --git a/fittrackee_client/src/components/Administration/AdminUsers.vue b/fittrackee_client/src/components/Administration/AdminUsers.vue
index 45e5971a4..fb449df6e 100644
--- a/fittrackee_client/src/components/Administration/AdminUsers.vue
+++ b/fittrackee_client/src/components/Administration/AdminUsers.vue
@@ -186,7 +186,7 @@
   onBeforeMount(() => loadUsers(query))
 
   function loadUsers(queryParams: TUsersPayload) {
-    store.dispatch(USERS_STORE.ACTIONS.GET_USERS, queryParams)
+    store.dispatch(USERS_STORE.ACTIONS.GET_USERS_FOR_ADMIN, queryParams)
   }
   function searchUsers(username: Ref<string>) {
     reloadUsers('q', username.value)
diff --git a/fittrackee_client/src/components/Administration/AppStatsCards.vue b/fittrackee_client/src/components/Administration/AppStatsCards.vue
index 6421ce04d..c655d4d1d 100644
--- a/fittrackee_client/src/components/Administration/AppStatsCards.vue
+++ b/fittrackee_client/src/components/Administration/AppStatsCards.vue
@@ -3,7 +3,7 @@
     <StatCard
       icon="users"
       :value="appStatistics.users"
-      :text="$t('user.USER', appStatistics.users)"
+      :text="$t('user.ACTIVE_USER', appStatistics.users)"
     />
     <StatCard
       icon="tags"
diff --git a/fittrackee_client/src/locales/en/user.json b/fittrackee_client/src/locales/en/user.json
index e31e5e003..632278de9 100644
--- a/fittrackee_client/src/locales/en/user.json
+++ b/fittrackee_client/src/locales/en/user.json
@@ -1,6 +1,7 @@
 {
     "ACCOUNT_CONFIRMATION_NOT_RECEIVED": "Didn't received instructions?",
     "ACCOUNT_CONFIRMATION_SENT": "Check your email. A new confirmation email has been sent to the address provided.",
+    "ACTIVE_USER": "active user | active users",
     "ADMIN": "Admin",
     "ALREADY_HAVE_ACCOUNT": "Already have an account?",
     "CONFIRM_ACCOUNT_DELETION": "Are you sure you want to delete your account? All data will be deleted, this cannot be undone",
diff --git a/fittrackee_client/src/locales/fr/user.json b/fittrackee_client/src/locales/fr/user.json
index f83234398..f8011840b 100644
--- a/fittrackee_client/src/locales/fr/user.json
+++ b/fittrackee_client/src/locales/fr/user.json
@@ -1,6 +1,7 @@
 {
     "ACCOUNT_CONFIRMATION_NOT_RECEIVED": "Vous n'avez pas reçu les instructions ?",
     "ACCOUNT_CONFIRMATION_SENT": "Vérifiez vos courriels. Un nouveau courriel de confirmation a été envoyé à l'adresse électronique fournie.",
+    "ACTIVE_USER": "utilisateur actif | utilisateurs actifs",
     "ADMIN": "Admin",
     "ALREADY_HAVE_ACCOUNT": "Vous avez déjà un compte ?",
     "CONFIRM_ACCOUNT_DELETION": "Êtes-vous sûr·e de vouloir supprimer votre compte ? Toutes les données seront définitivement effacés",
diff --git a/fittrackee_client/src/store/modules/users/actions.ts b/fittrackee_client/src/store/modules/users/actions.ts
index 52493bfda..682bcbb8e 100644
--- a/fittrackee_client/src/store/modules/users/actions.ts
+++ b/fittrackee_client/src/store/modules/users/actions.ts
@@ -42,6 +42,38 @@ export const deleteUserAccount = (
     .catch((error) => handleError(context, error))
 }
 
+const getUsers = (
+  context:
+    | ActionContext<IAuthUserState, IRootState>
+    | ActionContext<IUsersState, IRootState>,
+  payload: TUsersPayload,
+  forAdmin = false
+): void => {
+  context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
+  context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
+  const isRemote = payload.q && payload.q.match(ACCOUNT_REGEX) ? '/remote' : ''
+  if (forAdmin) {
+    payload.with_inactive = 'true'
+  }
+  authApi
+    .get(`users${isRemote}`, { params: payload })
+    .then((res) => {
+      if (res.data.status === 'success') {
+        context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS, res.data.data.users)
+        context.commit(
+          USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION,
+          res.data.pagination
+        )
+      } else {
+        handleError(context, null)
+      }
+    })
+    .catch((error) => handleError(context, error))
+    .finally(() =>
+      context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, false)
+    )
+}
+
 export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
   [USERS_STORE.ACTIONS.EMPTY_USER](
     context: ActionContext<IUsersState, IRootState>
@@ -90,30 +122,13 @@ export const actions: ActionTree<IUsersState, IRootState> & IUsersActions = {
     context: ActionContext<IUsersState, IRootState>,
     payload: TUsersPayload
   ): void {
-    context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
-    context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, true)
-    const isRemote =
-      payload.q && payload.q.match(ACCOUNT_REGEX) ? '/remote' : ''
-    authApi
-      .get(`users${isRemote}`, { params: payload })
-      .then((res) => {
-        if (res.data.status === 'success') {
-          context.commit(
-            USERS_STORE.MUTATIONS.UPDATE_USERS,
-            res.data.data.users
-          )
-          context.commit(
-            USERS_STORE.MUTATIONS.UPDATE_USERS_PAGINATION,
-            res.data.pagination
-          )
-        } else {
-          handleError(context, null)
-        }
-      })
-      .catch((error) => handleError(context, error))
-      .finally(() =>
-        context.commit(USERS_STORE.MUTATIONS.UPDATE_USERS_LOADING, false)
-      )
+    getUsers(context, payload, false)
+  },
+  [USERS_STORE.ACTIONS.GET_USERS_FOR_ADMIN](
+    context: ActionContext<IUsersState, IRootState>,
+    payload: TUsersPayload
+  ): void {
+    getUsers(context, payload, true)
   },
   [USERS_STORE.ACTIONS.UPDATE_USER](
     context: ActionContext<IUsersState, IRootState>,
diff --git a/fittrackee_client/src/store/modules/users/enums.ts b/fittrackee_client/src/store/modules/users/enums.ts
index 15b0024bd..4438e8992 100644
--- a/fittrackee_client/src/store/modules/users/enums.ts
+++ b/fittrackee_client/src/store/modules/users/enums.ts
@@ -3,6 +3,7 @@ export enum UsersActions {
   EMPTY_USERS = 'EMPTY_USERS',
   GET_USER = 'GET_USER',
   GET_USERS = 'GET_USERS',
+  GET_USERS_FOR_ADMIN = 'GET_USERS_FOR_ADMIN',
   UPDATE_USER = 'UPDATE_USER',
   DELETE_USER_ACCOUNT = 'DELETE_USER_ACCOUNT',
   UPDATE_RELATIONSHIP = 'UPDATE_RELATIONSHIP',
diff --git a/fittrackee_client/src/store/modules/users/types.ts b/fittrackee_client/src/store/modules/users/types.ts
index 76967980e..ee2c25e7f 100644
--- a/fittrackee_client/src/store/modules/users/types.ts
+++ b/fittrackee_client/src/store/modules/users/types.ts
@@ -44,6 +44,10 @@ export interface IUsersActions {
     context: ActionContext<IUsersState, IRootState>,
     payload: TUsersPayload
   ): void
+  [USERS_STORE.ACTIONS.GET_USERS_FOR_ADMIN](
+    context: ActionContext<IUsersState, IRootState>,
+    payload: TUsersPayload
+  ): void
   [USERS_STORE.ACTIONS.UPDATE_USER](
     context: ActionContext<IUsersState, IRootState>,
     payload: IAdminUserPayload

From 2b23c2ae20343ec1a9b1d3f0ab9c5e43bdb4ff4c Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Tue, 21 Feb 2023 11:38:27 +0100
Subject: [PATCH 224/238] Client - minor refacto

---
 .../src/components/Administration/AdminMenu.vue | 17 +++++++++++------
 fittrackee_client/src/views/AdminView.vue       | 15 +++------------
 2 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/fittrackee_client/src/components/Administration/AdminMenu.vue b/fittrackee_client/src/components/Administration/AdminMenu.vue
index 41c101f7b..9f6f6a683 100644
--- a/fittrackee_client/src/components/Administration/AdminMenu.vue
+++ b/fittrackee_client/src/components/Administration/AdminMenu.vue
@@ -63,21 +63,26 @@
 </template>
 
 <script setup lang="ts">
-  import { capitalize, toRefs, withDefaults } from 'vue'
+  import { ComputedRef, capitalize, computed, onBeforeMount, toRefs } from 'vue'
 
   import AppStatsCards from '@/components/Administration/AppStatsCards.vue'
   import Card from '@/components/Common/Card.vue'
+  import { ROOT_STORE } from '@/store/constants'
   import { IAppStatistics, TAppConfig } from '@/types/application'
+  import { useStore } from '@/use/useStore'
 
   interface Props {
     appConfig: TAppConfig
-    appStatistics?: IAppStatistics
   }
-  const props = withDefaults(defineProps<Props>(), {
-    appStatistics: () => ({} as IAppStatistics),
-  })
+  const props = defineProps<Props>()
+  const { appConfig } = toRefs(props)
 
-  const { appConfig, appStatistics } = toRefs(props)
+  const store = useStore()
+  const appStatistics: ComputedRef<IAppStatistics> = computed(
+    () => store.getters[ROOT_STORE.GETTERS.APP_STATS]
+  )
+
+  onBeforeMount(() => store.dispatch(ROOT_STORE.ACTIONS.GET_APPLICATION_STATS))
 </script>
 
 <style lang="scss" scoped>
diff --git a/fittrackee_client/src/views/AdminView.vue b/fittrackee_client/src/views/AdminView.vue
index 8ba2b84db..2787652cc 100644
--- a/fittrackee_client/src/views/AdminView.vue
+++ b/fittrackee_client/src/views/AdminView.vue
@@ -1,11 +1,7 @@
 <template>
   <div id="admin" class="view">
     <div class="container" v-if="!userLoading">
-      <router-view
-        v-if="isAuthUserAmin"
-        :appConfig="appConfig"
-        :appStatistics="appStatistics"
-      />
+      <router-view v-if="isAuthUserAmin" :appConfig="appConfig" />
       <NotFound v-else />
       <div id="bottom" />
     </div>
@@ -13,11 +9,11 @@
 </template>
 
 <script setup lang="ts">
-  import { computed, ComputedRef, onBeforeMount } from 'vue'
+  import { computed, ComputedRef } from 'vue'
 
   import NotFound from '@/components/Common/NotFound.vue'
   import { AUTH_USER_STORE, ROOT_STORE } from '@/store/constants'
-  import { TAppConfig, IAppStatistics } from '@/types/application'
+  import { TAppConfig } from '@/types/application'
   import { useStore } from '@/use/useStore'
 
   const store = useStore()
@@ -25,17 +21,12 @@
   const appConfig: ComputedRef<TAppConfig> = computed(
     () => store.getters[ROOT_STORE.GETTERS.APP_CONFIG]
   )
-  const appStatistics: ComputedRef<IAppStatistics> = computed(
-    () => store.getters[ROOT_STORE.GETTERS.APP_STATS]
-  )
   const isAuthUserAmin: ComputedRef<boolean> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.IS_ADMIN]
   )
   const userLoading: ComputedRef<boolean> = computed(
     () => store.getters[AUTH_USER_STORE.GETTERS.USER_LOADING]
   )
-
-  onBeforeMount(() => store.dispatch(ROOT_STORE.ACTIONS.GET_APPLICATION_STATS))
 </script>
 
 <style lang="scss" scoped>

From c8e6fd13c075f8d834402f0707965fd9ecf27f07 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Tue, 21 Feb 2023 19:07:42 +0100
Subject: [PATCH 225/238] API - fix migration

---
 .../versions/30_8842c351a2d8_init_social_features.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index e3cb91dc4..da0a7690e 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -282,9 +282,9 @@ def upgrade():
         )
     )
     with op.batch_alter_table('comments', schema=None) as batch_op:
-        batch_op.create_index(batch_op.f('ix_workout_comments_user_id'), ['user_id'], unique=False)
-        batch_op.create_index(batch_op.f('ix_workout_comments_workout_id'), ['workout_id'], unique=False)
-        batch_op.create_index(batch_op.f('ix_workout_comments_reply_to'), ['reply_to'], unique=False)
+        batch_op.create_index(batch_op.f('ix_comments_user_id'), ['user_id'], unique=False)
+        batch_op.create_index(batch_op.f('ix_comments_workout_id'), ['workout_id'], unique=False)
+        batch_op.create_index(batch_op.f('ix_comments_reply_to'), ['reply_to'], unique=False)
 
     op.create_table('mentions',
     sa.Column('comment_id', sa.Integer(), nullable=False),
@@ -300,9 +300,9 @@ def downgrade():
     op.drop_table('mentions')
 
     with op.batch_alter_table('comments', schema=None) as batch_op:
-        batch_op.drop_index(batch_op.f('ix_workout_comments_user_id'))
-        batch_op.drop_index(batch_op.f('ix_workout_comments_workout_id'))
-        batch_op.drop_index(batch_op.f('ix_workout_comments_reply_to'))
+        batch_op.drop_index(batch_op.f('ix_comments_user_id'))
+        batch_op.drop_index(batch_op.f('ix_comments_workout_id'))
+        batch_op.drop_index(batch_op.f('ix_comments_reply_to'))
     op.drop_table('comments')
 
     op.drop_column('workouts', 'remote_url')

From 26dc4ffbefddae0e681f07c0219c51a1b79fd3cd Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 22 Feb 2023 08:02:12 +0100
Subject: [PATCH 226/238] API - init likes

---
 fittrackee/comments/comments.py               |  46 +-
 fittrackee/comments/models.py                 |  41 ++
 .../30_8842c351a2d8_init_social_features.py   |  32 +
 .../comments/test_comment_likes_model.py      |  54 ++
 .../tests/comments/test_comments_api.py       |   2 +-
 .../comments/test_comments_likes_api_post.py  | 555 ++++++++++++++++++
 .../comments/test_comments_likes_api_post.py  | 105 ++++
 .../workouts/test_workouts_likes_api_post.py  |  99 ++++
 .../workouts/test_workout_likes_model.py      |  48 ++
 .../workouts/test_workouts_likes_api_post.py  | 413 +++++++++++++
 fittrackee/workouts/models.py                 |  41 ++
 fittrackee/workouts/workouts.py               |  43 +-
 12 files changed, 1476 insertions(+), 3 deletions(-)
 create mode 100644 fittrackee/tests/comments/test_comment_likes_model.py
 create mode 100644 fittrackee/tests/comments/test_comments_likes_api_post.py
 create mode 100644 fittrackee/tests/federation/comments/test_comments_likes_api_post.py
 create mode 100644 fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
 create mode 100644 fittrackee/tests/workouts/test_workout_likes_model.py
 create mode 100644 fittrackee/tests/workouts/test_workouts_likes_api_post.py

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index a9afa9d00..92e167021 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -20,7 +20,7 @@
 from fittrackee.workouts.models import Workout
 
 from .decorators import check_workout_comment
-from .models import Comment, get_comments
+from .models import Comment, CommentLike, get_comments
 
 comments_blueprint = Blueprint('comments', __name__)
 
@@ -264,3 +264,47 @@ def update_workout_comment(
 
     except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
         return handle_error_and_return_response(e)
+
+
+@comments_blueprint.route(
+    '/workouts/<string:workout_short_id>/comments/<string:comment_short_id>'
+    '/like',
+    methods=['POST'],
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout_comment(check_owner=False)
+def like_workout(
+    auth_user: User, comment: Comment
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    try:
+        like = CommentLike(user_id=auth_user.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+    except exc.IntegrityError:
+        db.session.rollback()
+    return {
+        'status': 'success',
+        'comment': comment.serialize(auth_user),
+    }, 200
+
+
+@comments_blueprint.route(
+    '/workouts/<string:workout_short_id>/comments/<string:comment_short_id>'
+    '/like/undo',
+    methods=['POST'],
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout_comment(check_owner=False)
+def unlike_workout(
+    auth_user: User, comment: Comment
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    like = CommentLike.query.filter_by(
+        user_id=auth_user.id, comment_id=comment.id
+    ).first()
+    if like:
+        db.session.delete(like)
+        db.session.commit()
+    return {
+        'status': 'success',
+        'comment': comment.serialize(auth_user),
+    }, 200
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index 4847278cc..f5fe7bea4 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -110,6 +110,14 @@ class Comment(BaseModel):
         lazy="dynamic",
         viewonly=True,
     )
+    likes = db.relationship(
+        "User",
+        secondary="comment_likes",
+        primaryjoin="Comment.id == CommentLike.comment_id",
+        secondaryjoin="CommentLike.user_id == User.id",
+        lazy="dynamic",
+        viewonly=True,
+    )
 
     def __repr__(self) -> str:
         return f'<Comment {self.id}>'
@@ -272,3 +280,36 @@ def __init__(
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
+
+
+class CommentLike(BaseModel):
+    __tablename__ = 'comment_likes'
+    __table_args__ = (
+        db.UniqueConstraint(
+            'user_id', 'comment_id', name='user_id_comment_id_unique'
+        ),
+    )
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    created_at = db.Column(db.DateTime, nullable=False)
+    user_id = db.Column(
+        db.Integer,
+        db.ForeignKey('users.id'),
+        nullable=False,
+    )
+    comment_id = db.Column(
+        db.Integer,
+        db.ForeignKey('comments.id', ondelete="CASCADE"),
+        nullable=False,
+    )
+
+    def __init__(
+        self,
+        user_id: int,
+        comment_id: int,
+        created_at: Optional[datetime.datetime] = None,
+    ) -> None:
+        self.user_id = user_id
+        self.comment_id = comment_id
+        self.created_at = (
+            datetime.datetime.utcnow() if created_at is None else created_at
+        )
diff --git a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
index da0a7690e..8a0fb3c22 100644
--- a/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
+++ b/fittrackee/migrations/versions/30_8842c351a2d8_init_social_features.py
@@ -295,8 +295,40 @@ def upgrade():
     sa.PrimaryKeyConstraint('comment_id', 'user_id')
     )
 
+    op.create_table('workout_likes',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('created_at', sa.DateTime(), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=False),
+    sa.Column('workout_id', sa.Integer(), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+    sa.ForeignKeyConstraint(['workout_id'], ['workouts.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    with op.batch_alter_table('workout_likes', schema=None) as batch_op:
+        batch_op.create_unique_constraint('user_id_workout_id_unique', ['user_id', 'workout_id'])
+
+    op.create_table('comment_likes',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('created_at', sa.DateTime(), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=False),
+    sa.Column('comment_id', sa.Integer(), nullable=False),
+    sa.ForeignKeyConstraint(['comment_id'], ['comments.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    with op.batch_alter_table('comment_likes', schema=None) as batch_op:
+        batch_op.create_unique_constraint('user_id_comment_id_unique', ['user_id', 'comment_id'])
 
 def downgrade():
+
+    with op.batch_alter_table('comment_likes', schema=None) as batch_op:
+        batch_op.drop_constraint('user_id_comment_id_unique', type_='unique')
+    op.drop_table('comment_likes')
+
+    with op.batch_alter_table('workout_likes', schema=None) as batch_op:
+        batch_op.drop_constraint('user_id_workout_id_unique', type_='unique')
+    op.drop_table('workout_likes')
+
     op.drop_table('mentions')
 
     with op.batch_alter_table('comments', schema=None) as batch_op:
diff --git a/fittrackee/tests/comments/test_comment_likes_model.py b/fittrackee/tests/comments/test_comment_likes_model.py
new file mode 100644
index 000000000..91478aca5
--- /dev/null
+++ b/fittrackee/tests/comments/test_comment_likes_model.py
@@ -0,0 +1,54 @@
+from datetime import datetime
+
+from flask import Flask
+from freezegun import freeze_time
+
+from fittrackee.comments.models import CommentLike
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Sport, Workout
+
+from .utils import CommentMixin
+
+
+class TestCommentLikeModel(CommentMixin):
+    def test_workout_likes_model(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        user_2: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user=user_1, workout=workout_cycling_user_1
+        )
+        created_at = datetime.utcnow()
+
+        like = CommentLike(
+            user_id=user_2.id,
+            comment_id=comment.id,
+            created_at=created_at,
+        )
+
+        assert like.user_id == user_2.id
+        assert like.comment_id == comment.id
+        assert like.created_at == created_at
+
+    def test_created_date_is_initialized_on_creation_when_not_provided(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        user_2: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user=user_1, workout=workout_cycling_user_1
+        )
+        now = datetime.utcnow()
+        with freeze_time(now):
+            like = CommentLike(user_id=user_2.id, comment_id=comment.id)
+
+        assert like.user_id == user_2.id
+        assert like.comment_id == comment.id
+        assert like.created_at == now
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index 91c2e0b20..bad83edc8 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -7,12 +7,12 @@
 
 from fittrackee.comments.models import Comment, Mention
 from fittrackee.privacy_levels import PrivacyLevel
-from fittrackee.tests.comments.utils import CommentMixin
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
 
 from ..mixins import ApiTestCaseMixin, BaseTestMixin
 from ..utils import jsonify_dict
+from .utils import CommentMixin
 
 
 class TestPostWorkoutComment(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
diff --git a/fittrackee/tests/comments/test_comments_likes_api_post.py b/fittrackee/tests/comments/test_comments_likes_api_post.py
new file mode 100644
index 000000000..61fa02ecb
--- /dev/null
+++ b/fittrackee/tests/comments/test_comments_likes_api_post.py
@@ -0,0 +1,555 @@
+import json
+
+import pytest
+from flask import Flask
+
+from fittrackee import db
+from fittrackee.comments.models import CommentLike
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ..mixins import ApiTestCaseMixin, BaseTestMixin
+from .utils import CommentMixin
+
+
+class TestCommentLikePost(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/comments/{comment_uuid}/like'
+
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client = app.test_client()
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            )
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_404_when_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=self.random_short_id(),
+                comment_uuid=self.random_short_id(),
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_comment_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=self.random_short_id(),
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_comment_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        user_2.approves_follow_request_from(user_1)
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_user_is_not_follower(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_creates_workout_like(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['comment']['id'] == comment.short_id
+        assert (
+            CommentLike.query.filter_by(
+                user_id=user_1.id, comment_id=comment.id
+            ).first()
+            is not None
+        )
+        assert comment.likes.all() == [user_1]
+
+    def test_it_does_not_return_error_when_like_already_exists(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['comment']['id'] == comment.short_id
+        assert (
+            CommentLike.query.filter_by(
+                user_id=user_1.id, comment_id=comment.id
+            ).first()
+            is not None
+        )
+        assert comment.likes.all() == [user_1]
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
+
+class TestCommentUndoLikePost(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/comments/{comment_uuid}/like/undo'
+
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client = app.test_client()
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            )
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_404_when_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=self.random_short_id(),
+                comment_uuid=self.random_short_id(),
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_comment_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=self.random_short_id(),
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_comment_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        user_2.approves_follow_request_from(user_1)
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PRIVATE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_user_is_not_follower(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_removes_comment_like(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['comment']['id'] == comment.short_id
+        assert (
+            CommentLike.query.filter_by(
+                user_id=user_1.id, comment_id=comment.id
+            ).first()
+            is None
+        )
+        assert workout_cycling_user_2.likes.all() == []
+
+    def test_it_does_not_return_error_when_no_existing_like(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_1.send_follow_request_to(user_3)
+        user_3.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['comment']['id'] == comment.short_id
+        assert (
+            CommentLike.query.filter_by(
+                user_id=user_1.id, comment_id=comment.id
+            ).first()
+            is None
+        )
+        assert comment.likes.all() == []
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.FOLLOWERS,
+        )
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/tests/federation/comments/test_comments_likes_api_post.py b/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
new file mode 100644
index 000000000..ee0ac1044
--- /dev/null
+++ b/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
@@ -0,0 +1,105 @@
+import json
+
+from flask import Flask
+
+from fittrackee import db
+from fittrackee.comments.models import CommentLike
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout
+
+from ...comments.utils import CommentMixin
+from ...mixins import ApiTestCaseMixin, BaseTestMixin
+
+
+class TestCommentLikePost(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/comments/{comment_uuid}/like'
+
+    def test_it_creates_workout_like(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['comment']['id'] == comment.short_id
+        assert (
+            CommentLike.query.filter_by(
+                user_id=user_1.id, comment_id=comment.id
+            ).first()
+            is not None
+        )
+        assert comment.likes.all() == [user_1]
+
+
+class TestCommentUndoLikePost(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/comments/{comment_uuid}/like/undo'
+
+    def test_it_removes_comment_like(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_2,
+            text_visibility=PrivacyLevel.FOLLOWERS_AND_REMOTE,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        response = client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_2.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert data['comment']['id'] == comment.short_id
+        assert (
+            CommentLike.query.filter_by(
+                user_id=user_1.id, comment_id=comment.id
+            ).first()
+            is None
+        )
+        assert workout_cycling_user_2.likes.all() == []
diff --git a/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
new file mode 100644
index 000000000..0e71cd8c6
--- /dev/null
+++ b/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
@@ -0,0 +1,99 @@
+import json
+
+from flask import Flask
+
+from fittrackee import db
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout, WorkoutLike
+
+from ...mixins import ApiTestCaseMixin, BaseTestMixin
+
+
+class TestWorkoutLikePost(ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/like'
+
+    def test_it_creates_workout_like(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        remote_cycling_workout.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=remote_cycling_workout.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['id']
+            == remote_cycling_workout.short_id
+        )
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=user_1.id, workout_id=remote_cycling_workout.id
+            ).first()
+            is not None
+        )
+        assert remote_cycling_workout.likes.all() == [user_1]
+
+
+class TestWorkoutUndoLikePost(ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/like/undo'
+
+    def test_it_removes_workout_like(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+        follow_request_from_user_1_to_remote_user: FollowRequest,
+    ) -> None:
+        remote_user.approves_follow_request_from(user_1)
+        remote_cycling_workout.workout_visibility = (
+            PrivacyLevel.FOLLOWERS_AND_REMOTE
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=remote_cycling_workout.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        response = client.post(
+            self.route.format(workout_uuid=remote_cycling_workout.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['id']
+            == remote_cycling_workout.short_id
+        )
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=user_1.id, workout_id=remote_cycling_workout.id
+            ).first()
+            is None
+        )
+        assert remote_cycling_workout.likes.all() == []
diff --git a/fittrackee/tests/workouts/test_workout_likes_model.py b/fittrackee/tests/workouts/test_workout_likes_model.py
new file mode 100644
index 000000000..e01e9ff0f
--- /dev/null
+++ b/fittrackee/tests/workouts/test_workout_likes_model.py
@@ -0,0 +1,48 @@
+from datetime import datetime
+
+from flask import Flask
+from freezegun import freeze_time
+
+from fittrackee.users.models import User
+from fittrackee.workouts.models import Sport, Workout, WorkoutLike
+
+
+class TestWorkoutLikeModel:
+    def test_workout_likes_model(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        user_2: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        created_at = datetime.utcnow()
+
+        like = WorkoutLike(
+            user_id=user_2.id,
+            workout_id=workout_cycling_user_1.id,
+            created_at=created_at,
+        )
+
+        assert like.user_id == user_2.id
+        assert like.workout_id == workout_cycling_user_1.id
+        assert like.created_at == created_at
+
+    def test_created_date_is_initialized_on_creation_when_not_provided(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        user_2: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        now = datetime.utcnow()
+        with freeze_time(now):
+            like = WorkoutLike(
+                user_id=user_2.id,
+                workout_id=workout_cycling_user_1.id,
+            )
+
+        assert like.user_id == user_2.id
+        assert like.workout_id == workout_cycling_user_1.id
+        assert like.created_at == now
diff --git a/fittrackee/tests/workouts/test_workouts_likes_api_post.py b/fittrackee/tests/workouts/test_workouts_likes_api_post.py
new file mode 100644
index 000000000..fdfb64664
--- /dev/null
+++ b/fittrackee/tests/workouts/test_workouts_likes_api_post.py
@@ -0,0 +1,413 @@
+import json
+
+import pytest
+from flask import Flask
+
+from fittrackee import db
+from fittrackee.privacy_levels import PrivacyLevel
+from fittrackee.users.models import FollowRequest, User
+from fittrackee.workouts.models import Sport, Workout, WorkoutLike
+
+from ..mixins import ApiTestCaseMixin, BaseTestMixin
+
+
+class TestWorkoutLikePost(ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/like'
+
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id)
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_404_when_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=self.random_short_id()),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_workout_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PRIVATE
+        user_2.approves_follow_request_from(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_user_is_not_follower(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_creates_workout_like(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_level
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['id']
+            == workout_cycling_user_2.short_id
+        )
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=user_1.id, workout_id=workout_cycling_user_2.id
+            ).first()
+            is not None
+        )
+        assert workout_cycling_user_2.likes.all() == [user_1]
+
+    def test_it_does_not_return_error_when_like_already_exists(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['id']
+            == workout_cycling_user_2.short_id
+        )
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=user_1.id, workout_id=workout_cycling_user_2.id
+            ).first()
+            is not None
+        )
+        assert workout_cycling_user_2.likes.all() == [user_1]
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
+
+
+class TestWorkoutUndoLikePost(ApiTestCaseMixin, BaseTestMixin):
+    route = '/api/workouts/{workout_uuid}/like/undo'
+
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id)
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_404_when_workout_does_not_exist(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=self.random_short_id()),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_workout_visibility_is_private(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PRIVATE
+        user_2.approves_follow_request_from(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    def test_it_returns_404_when_user_is_not_follower(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.FOLLOWERS
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_404(response)
+
+    @pytest.mark.parametrize(
+        'input_desc,input_workout_level',
+        [
+            ('workout visibility: follower', PrivacyLevel.FOLLOWERS),
+            ('workout visibility: public', PrivacyLevel.PUBLIC),
+        ],
+    )
+    def test_it_removes_workout_like(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_desc: str,
+        input_workout_level: PrivacyLevel,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = input_workout_level
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=workout_cycling_user_2.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['id']
+            == workout_cycling_user_2.short_id
+        )
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=user_1.id, workout_id=workout_cycling_user_2.id
+            ).first()
+            is None
+        )
+        assert workout_cycling_user_2.likes.all() == []
+
+    def test_it_does_not_return_error_when_no_existing_like(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['workouts']) == 1
+        assert (
+            data['data']['workouts'][0]['id']
+            == workout_cycling_user_2.short_id
+        )
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=user_1.id, workout_id=workout_cycling_user_2.id
+            ).first()
+            is None
+        )
+        assert workout_cycling_user_2.likes.all() == []
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        [
+            ('application:write', False),
+            ('follow:read', False),
+            ('follow:write', False),
+            ('profile:read', False),
+            ('profile:write', False),
+            ('users:read', False),
+            ('users:write', False),
+            ('workouts:read', False),
+            ('workouts:write', True),
+        ],
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+
+        response = client.post(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {access_token}'),
+        )
+
+        self.assert_response_scope(response, can_access)
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 94d6c4a76..d9c8dc911 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -200,6 +200,14 @@ class Workout(BaseModel):
         lazy=True,
         backref=db.backref('workout', lazy='joined', single_parent=True),
     )
+    likes = db.relationship(
+        "User",
+        secondary="workout_likes",
+        primaryjoin="Workout.id == WorkoutLike.workout_id",
+        secondaryjoin="WorkoutLike.user_id == User.id",
+        lazy="dynamic",
+        viewonly=True,
+    )
 
     def __str__(self) -> str:
         return f'<Workout \'{self.sport.label}\' - {self.workout_date}>'
@@ -610,3 +618,36 @@ def receive_after_flush(session: Session, context: Any) -> None:
                 )
                 new_record.value = record_data['record_value']  # type: ignore
                 session.add(new_record)
+
+
+class WorkoutLike(BaseModel):
+    __tablename__ = 'workout_likes'
+    __table_args__ = (
+        db.UniqueConstraint(
+            'user_id', 'workout_id', name='user_id_workout_id_unique'
+        ),
+    )
+    id = db.Column(db.Integer, primary_key=True, autoincrement=True)
+    created_at = db.Column(db.DateTime, nullable=False)
+    user_id = db.Column(
+        db.Integer,
+        db.ForeignKey('users.id'),
+        nullable=False,
+    )
+    workout_id = db.Column(
+        db.Integer,
+        db.ForeignKey('workouts.id', ondelete="CASCADE"),
+        nullable=False,
+    )
+
+    def __init__(
+        self,
+        user_id: int,
+        workout_id: int,
+        created_at: Optional[datetime.datetime] = None,
+    ) -> None:
+        self.user_id = user_id
+        self.workout_id = workout_id
+        self.created_at = (
+            datetime.datetime.utcnow() if created_at is None else created_at
+        )
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index a6b6b29ca..dc3d13032 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -14,6 +14,7 @@
     send_from_directory,
 )
 from sqlalchemy import asc, desc, exc
+from sqlalchemy.exc import IntegrityError
 from werkzeug.exceptions import NotFound, RequestEntityTooLarge
 from werkzeug.utils import secure_filename
 
@@ -37,7 +38,7 @@
 from fittrackee.utils import decode_short_id
 
 from .decorators import check_workout
-from .models import Workout
+from .models import Workout, WorkoutLike
 from .utils.convert import convert_in_duration
 from .utils.gpx import (
     WorkoutGPXException,
@@ -1501,3 +1502,43 @@ def delete_workout(
         OSError,
     ) as e:
         return handle_error_and_return_response(e, db=db)
+
+
+@workouts_blueprint.route(
+    '/workouts/<string:workout_short_id>/like', methods=['POST']
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout(check_owner=False)
+def like_workout(
+    auth_user: User, workout: Workout, workout_short_id: str
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    try:
+        like = WorkoutLike(user_id=auth_user.id, workout_id=workout.id)
+        db.session.add(like)
+        db.session.commit()
+    except IntegrityError:
+        db.session.rollback()
+    return {
+        'status': 'success',
+        'data': {'workouts': [workout.serialize(auth_user)]},
+    }, 200
+
+
+@workouts_blueprint.route(
+    '/workouts/<string:workout_short_id>/like/undo', methods=['POST']
+)
+@require_auth(scopes=['workouts:write'])
+@check_workout(check_owner=False)
+def unlike_workout(
+    auth_user: User, workout: Workout, workout_short_id: str
+) -> Union[Tuple[Dict, int], HttpResponse]:
+    like = WorkoutLike.query.filter_by(
+        user_id=auth_user.id, workout_id=workout.id
+    ).first()
+    if like:
+        db.session.delete(like)
+        db.session.commit()
+    return {
+        'status': 'success',
+        'data': {'workouts': [workout.serialize(auth_user)]},
+    }, 200

From a83c2e1e8063beab2af92e0782ab07d2d1214fd8 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 22 Feb 2023 11:42:04 +0100
Subject: [PATCH 227/238] API - handle like activities

---
 fittrackee/comments/comments.py               |  21 +-
 fittrackee/comments/models.py                 |  12 +
 fittrackee/federation/activities/__init__.py  |   2 +
 .../federation/activities/activities.py       |  62 +++-
 fittrackee/federation/enums.py                |   1 +
 fittrackee/federation/objects/like.py         |  38 ++
 .../comments/test_comments_likes_api_post.py  | 145 ++++++++
 .../comments/test_comments_models.py          |  65 +++-
 .../test_federation_activities_activities.py  | 340 +++++++++++++++++-
 .../test_federation_objects_like.py           |  61 ++++
 .../workouts/test_workouts_likes_api_post.py  | 117 ++++++
 .../workouts/test_workouts_models.py          |  64 +++-
 fittrackee/workouts/models.py                 |  12 +
 fittrackee/workouts/workouts.py               |  19 +-
 14 files changed, 949 insertions(+), 10 deletions(-)
 create mode 100644 fittrackee/federation/objects/like.py
 create mode 100644 fittrackee/tests/federation/federation/test_federation_objects_like.py

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index 92e167021..ca786bcd0 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -273,13 +273,21 @@ def update_workout_comment(
 )
 @require_auth(scopes=['workouts:write'])
 @check_workout_comment(check_owner=False)
-def like_workout(
+def like_comment(
     auth_user: User, comment: Comment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     try:
         like = CommentLike(user_id=auth_user.id, comment_id=comment.id)
         db.session.add(like)
         db.session.commit()
+
+        if current_app.config['FEDERATION_ENABLED'] and comment.user.is_remote:
+            like_activity = like.get_activity()
+            send_to_remote_inbox.send(
+                sender_id=auth_user.actor.id,
+                activity=like_activity,
+                recipients=[comment.user.actor.shared_inbox_url],
+            )
     except exc.IntegrityError:
         db.session.rollback()
     return {
@@ -295,7 +303,7 @@ def like_workout(
 )
 @require_auth(scopes=['workouts:write'])
 @check_workout_comment(check_owner=False)
-def unlike_workout(
+def undo_comment_like(
     auth_user: User, comment: Comment
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     like = CommentLike.query.filter_by(
@@ -304,6 +312,15 @@ def unlike_workout(
     if like:
         db.session.delete(like)
         db.session.commit()
+
+        if current_app.config['FEDERATION_ENABLED'] and comment.user.is_remote:
+            undo_activity = like.get_activity(is_undo=True)
+            send_to_remote_inbox.send(
+                sender_id=auth_user.actor.id,
+                activity=undo_activity,
+                recipients=[comment.user.actor.shared_inbox_url],
+            )
+
     return {
         'status': 'success',
         'comment': comment.serialize(auth_user),
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index f5fe7bea4..9df2fe833 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -12,6 +12,7 @@
 from fittrackee import BaseModel, db
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.objects.comment import CommentObject
+from fittrackee.federation.objects.like import LikeObject
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.privacy_levels import PrivacyLevel, can_view
 from fittrackee.users.utils.following import get_following
@@ -302,6 +303,9 @@ class CommentLike(BaseModel):
         nullable=False,
     )
 
+    user = db.relationship("User", lazy=True)
+    comment = db.relationship("Comment", lazy=True)
+
     def __init__(
         self,
         user_id: int,
@@ -313,3 +317,11 @@ def __init__(
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
+
+    def get_activity(self, is_undo: bool = False) -> Dict:
+        return LikeObject(
+            actor_ap_id=self.user.actor.activitypub_id,
+            target_object_ap_id=self.comment.ap_id,
+            like_id=self.id,
+            is_undo=is_undo,
+        ).get_activity()
diff --git a/fittrackee/federation/activities/__init__.py b/fittrackee/federation/activities/__init__.py
index a2e0908fa..4b50bf1c7 100644
--- a/fittrackee/federation/activities/__init__.py
+++ b/fittrackee/federation/activities/__init__.py
@@ -3,6 +3,7 @@
     CreateActivity,
     DeleteActivity,
     FollowActivity,
+    LikeActivity,
     RejectActivity,
     UndoActivity,
     UpdateActivity,
@@ -13,6 +14,7 @@
     'CreateActivity',
     'DeleteActivity',
     'FollowActivity',
+    'LikeActivity',
     'RejectActivity',
     'UndoActivity',
     'UpdateActivity',
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index f882ca955..4d77b2113 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -3,7 +3,7 @@
 from typing import Dict, Tuple
 
 from fittrackee import appLog, db
-from fittrackee.comments.models import Comment
+from fittrackee.comments.models import Comment, CommentLike
 from fittrackee.federation.constants import PUBLIC_STREAM
 from fittrackee.federation.exceptions import (
     ActivityException,
@@ -26,7 +26,7 @@
 )
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.models import Sport, Workout, WorkoutLike
 from fittrackee.workouts.utils.workouts import create_workout
 
 from ..objects.workout import convert_workout_activity
@@ -164,6 +164,8 @@ class UndoActivity(AbstractActivity):
     def process_activity(self) -> None:
         if self.activity['object']['type'] == 'Follow':
             self.undoes_follow()
+        if self.activity['object']['type'] == 'Like':
+            self.undoes_like()
 
     def undoes_follow(self) -> None:
         follower_actor, followed_actor = self.get_actors()
@@ -175,6 +177,34 @@ def undoes_follow(self) -> None:
             )
             raise e
 
+    def undoes_like(self) -> None:
+        like = None
+        actor = self.get_actor(create_remote_actor=True)
+        object_ap_id = self.activity["object"]["object"]
+
+        # check if like is related to a workout
+        target_object = Workout.query.filter_by(ap_id=object_ap_id).first()
+        if target_object:
+            like = WorkoutLike.query.filter_by(
+                user_id=actor.user.id,
+                workout_id=target_object.id,
+            ).first()
+
+        # check if like is related to a comment
+        if not target_object:
+            target_object = Comment.query.filter_by(ap_id=object_ap_id).first()
+            if not target_object:
+                raise ObjectNotFoundException('object', self.activity_name())
+
+            like = CommentLike.query.filter_by(
+                user_id=actor.user.id,
+                comment_id=target_object.id,
+            ).first()
+
+        if like:
+            db.session.delete(like)
+            db.session.commit()
+
 
 def create_comment(
     note_data: Dict, actor: Actor, visibility: PrivacyLevel
@@ -360,3 +390,31 @@ def process_activity(self) -> None:
             self.update_remote_workout(actor)
         if object_type == "Note":
             self.update_remote_workout_comment(actor)
+
+
+class LikeActivity(AbstractActivity):
+    def process_activity(self) -> None:
+        like = None
+        actor = self.get_actor(create_remote_actor=True)
+        object_ap_id = self.activity["object"]
+
+        # check if like is related to a workout
+        target_object = Workout.query.filter_by(ap_id=object_ap_id).first()
+        if target_object:
+            like = WorkoutLike(
+                user_id=actor.user.id, workout_id=target_object.id
+            )
+
+        # check if like is related to a comment
+        else:
+            target_object = Comment.query.filter_by(ap_id=object_ap_id).first()
+            if not target_object:
+                raise ObjectNotFoundException('object', self.activity_name())
+
+            like = CommentLike(
+                user_id=actor.user.id, comment_id=target_object.id
+            )
+
+        if like:
+            db.session.add(like)
+            db.session.commit()
diff --git a/fittrackee/federation/enums.py b/fittrackee/federation/enums.py
index 3968a7584..14337b3c2 100644
--- a/fittrackee/federation/enums.py
+++ b/fittrackee/federation/enums.py
@@ -6,6 +6,7 @@ class ActivityType(Enum):
     CREATE = 'Create'
     DELETE = 'Delete'
     FOLLOW = 'Follow'
+    LIKE = 'Like'
     REJECT = 'Reject'
     UNDO = 'Undo'
     UPDATE = 'Update'
diff --git a/fittrackee/federation/objects/like.py b/fittrackee/federation/objects/like.py
new file mode 100644
index 000000000..d2084d1cc
--- /dev/null
+++ b/fittrackee/federation/objects/like.py
@@ -0,0 +1,38 @@
+from typing import Dict, List, Union
+
+from ..constants import AP_CTX
+from ..enums import ActivityType
+from .base_object import BaseObject
+
+
+class LikeObject(BaseObject):
+    def __init__(
+        self,
+        target_object_ap_id: str,
+        like_id: int,
+        actor_ap_id: str,
+        is_undo: bool = False,
+    ) -> None:
+        self.is_undo = is_undo
+        self.target_object_ap_id = target_object_ap_id
+        self.like_id = like_id
+        self.actor_ap_id = actor_ap_id
+
+    def get_activity(self) -> Dict:
+        activity_id = f"{self.actor_ap_id}#likes/{self.like_id}"
+        like_object: Dict[str, Union[str, List]] = {
+            "id": activity_id,
+            "type": ActivityType.LIKE.value,
+            "actor": self.actor_ap_id,
+            "object": self.target_object_ap_id,
+        }
+        if self.is_undo:
+            return {
+                "@context": AP_CTX,
+                "id": f"{activity_id}/undo",
+                "type": ActivityType.UNDO.value,
+                "actor": self.actor_ap_id,
+                "object": like_object,
+            }
+        like_object["@context"] = AP_CTX
+        return like_object
diff --git a/fittrackee/tests/federation/comments/test_comments_likes_api_post.py b/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
index ee0ac1044..7276f6c62 100644
--- a/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
+++ b/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
@@ -1,4 +1,5 @@
 import json
+from unittest.mock import Mock, patch
 
 from flask import Flask
 
@@ -12,11 +13,15 @@
 from ...mixins import ApiTestCaseMixin, BaseTestMixin
 
 
+@patch('fittrackee.federation.utils.user.update_remote_user')
+@patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestCommentLikePost(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
     route = '/api/workouts/{workout_uuid}/comments/{comment_uuid}/like'
 
     def test_it_creates_workout_like(
         self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -56,12 +61,81 @@ def test_it_creates_workout_like(
         )
         assert comment.likes.all() == [user_1]
 
+    def test_it_does_not_call_sent_to_inbox_if_comment_is_local(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
 
+        client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_calls_sent_to_inbox_if_comment_is_remote(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        like_activity = CommentLike.query.first().get_activity()
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=like_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+
+@patch('fittrackee.federation.utils.user.update_remote_user')
+@patch('fittrackee.comments.comments.send_to_remote_inbox')
 class TestCommentUndoLikePost(CommentMixin, ApiTestCaseMixin, BaseTestMixin):
     route = '/api/workouts/{workout_uuid}/comments/{comment_uuid}/like/undo'
 
     def test_it_removes_comment_like(
         self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         user_2: User,
@@ -103,3 +177,74 @@ def test_it_removes_comment_like(
             is None
         )
         assert workout_cycling_user_2.likes.all() == []
+
+    def test_it_does_not_call_sent_to_inbox_if_comment_is_local(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_calls_sent_to_inbox_if_like_is_remote(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            remote_user,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+        undo_activity = CommentLike.query.first().get_activity(is_undo=True)
+
+        client.post(
+            self.route.format(
+                workout_uuid=workout_cycling_user_1.short_id,
+                comment_uuid=comment.short_id,
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=undo_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 7b330a73a..07229eee1 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -3,9 +3,11 @@
 import pytest
 from flask import Flask
 
+from fittrackee import db
 from fittrackee.comments.exceptions import CommentForbiddenException
-from fittrackee.comments.models import Mention
+from fittrackee.comments.models import CommentLike, Mention
 from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.federation.objects.like import LikeObject
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.models import Sport, Workout
@@ -336,3 +338,64 @@ def test_it_serializes_comment_with_mentions_as_link(
 
         assert serialized_comment["text"] == comment.text
         assert serialized_comment["text_html"] == comment.handle_mentions()[0]
+
+
+class TestWorkoutCommentLikeActivities(CommentMixin):
+    def test_it_returns_like_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=remote_user,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        like_activity = like.get_activity()
+
+        assert (
+            like_activity
+            == LikeObject(
+                target_object_ap_id=comment.ap_id,
+                like_id=like.id,
+                actor_ap_id=user_1.actor.activitypub_id,
+            ).get_activity()
+        )
+
+    def test_it_returns_undo_like_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=remote_user,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        like_activity = like.get_activity(is_undo=True)
+
+        assert (
+            like_activity
+            == LikeObject(
+                target_object_ap_id=comment.ap_id,
+                like_id=like.id,
+                actor_ap_id=user_1.actor.activitypub_id,
+                is_undo=True,
+            ).get_activity()
+        )
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 2cc25cae0..4641db436 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -5,7 +5,8 @@
 import pytest
 from flask import Flask
 
-from fittrackee.comments.models import Comment, Mention
+from fittrackee import db
+from fittrackee.comments.models import Comment, CommentLike, Mention
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT, PUBLIC_STREAM
 from fittrackee.federation.enums import ActivityType
 from fittrackee.federation.exceptions import (
@@ -15,6 +16,7 @@
     UnsupportedActivityException,
 )
 from fittrackee.federation.models import Actor
+from fittrackee.federation.objects.like import LikeObject
 from fittrackee.federation.objects.workout import (
     convert_duration_string_to_seconds,
 )
@@ -28,11 +30,11 @@
 from fittrackee.users.models import FollowRequest, User
 from fittrackee.workouts.constants import WORKOUT_DATE_FORMAT
 from fittrackee.workouts.exceptions import SportNotFoundException
-from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.models import Sport, Workout, WorkoutLike
 
 from ...comments.utils import CommentMixin
 from ...mixins import RandomMixin
-from ...utils import RandomActor
+from ...utils import RandomActor, random_int, random_string
 
 SUPPORTED_ACTIVITIES = [(f'{a.value} activity', a.value) for a in ActivityType]
 
@@ -1866,3 +1868,335 @@ def test_it_deletes_remote_workout_with_reply(
 
         assert Comment.query.filter_by(id=comment_id).first() is None
         assert reply.reply_to is None
+
+
+class TestLikeActivityForWorkout:
+    def test_it_raises_error_if_workout_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        like_activity = LikeObject(
+            target_object_ap_id=random_string(),
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+        with pytest.raises(
+            ObjectNotFoundException,
+            match="object not found for LikeActivity",
+        ):
+            activity.process_activity()
+
+    def test_it_creates_like_when_workout_exists(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        like_activity = LikeObject(
+            target_object_ap_id=workout_cycling_user_1.ap_id,
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        activity.process_activity()
+
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=remote_user.id, workout_id=workout_cycling_user_1.id
+            ).first()
+            is not None
+        )
+
+    def test_it_creates_like_when_workout_exists_and_remote_actor_does_not_exist(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        like_activity = LikeObject(
+            target_object_ap_id=workout_cycling_user_1.ap_id,
+            actor_ap_id=random_actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            activity.process_activity()
+
+        remote_user = User.query.filter_by(username=random_actor.name).first()
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=remote_user.id, workout_id=workout_cycling_user_1.id
+            ).first()
+            is not None
+        )
+
+
+class TestLikeActivityForComment(CommentMixin):
+    def test_it_creates_like_when_workout_exists(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like_activity = LikeObject(
+            target_object_ap_id=comment.ap_id,
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        activity.process_activity()
+
+        assert (
+            CommentLike.query.filter_by(
+                user_id=remote_user.id, comment_id=comment.id
+            ).first()
+            is not None
+        )
+
+    def test_it_creates_like_when_comment_exists_and_remote_actor_does_not_exist(  # noqa
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like_activity = LikeObject(
+            target_object_ap_id=comment.ap_id,
+            actor_ap_id=random_actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            activity.process_activity()
+
+        remote_user = User.query.filter_by(username=random_actor.name).first()
+        assert (
+            CommentLike.query.filter_by(
+                user_id=remote_user.id, comment_id=comment.id
+            ).first()
+            is not None
+        )
+
+
+class TestUndoLikeActivityForWorkout:
+    def test_it_raises_error_if_workout_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        remote_user: User,
+    ) -> None:
+        like_activity = LikeObject(
+            target_object_ap_id=random_string(),
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=random_int(),
+            is_undo=True,
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+        with pytest.raises(
+            ObjectNotFoundException,
+            match="object not found for UndoActivity",
+        ):
+            activity.process_activity()
+
+    def test_it_deletes_existing_like(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        like = WorkoutLike(
+            user_id=remote_user.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+        like_activity = LikeObject(
+            target_object_ap_id=workout_cycling_user_1.ap_id,
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=like.id,
+            is_undo=True,
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        activity.process_activity()
+
+        assert (
+            WorkoutLike.query.filter_by(
+                user_id=remote_user.id, workout_id=workout_cycling_user_1.id
+            ).first()
+            is None
+        )
+
+    def test_it_does_not_raise_error_if_like_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        like_activity = LikeObject(
+            target_object_ap_id=workout_cycling_user_1.ap_id,
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        activity.process_activity()
+
+    def test_it_does_not_raise_error_if_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        like_activity = LikeObject(
+            target_object_ap_id=workout_cycling_user_1.ap_id,
+            actor_ap_id=random_actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            activity.process_activity()
+
+
+class TestUndoLikeActivityForComment(CommentMixin):
+    def test_it_deletes_existing_like(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=remote_user.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+        like_activity = LikeObject(
+            target_object_ap_id=comment.ap_id,
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=like.id,
+            is_undo=True,
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        activity.process_activity()
+
+        assert (
+            CommentLike.query.filter_by(
+                user_id=remote_user.id, comment_id=comment.id
+            ).first()
+            is None
+        )
+
+    def test_it_does_not_raise_error_if_like_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like_activity = LikeObject(
+            target_object_ap_id=comment.ap_id,
+            actor_ap_id=remote_user.actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        activity.process_activity()
+
+    def test_it_does_not_raise_error_if_actor_does_not_exist(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        random_actor: RandomActor,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like_activity = LikeObject(
+            target_object_ap_id=comment.ap_id,
+            actor_ap_id=random_actor.activitypub_id,
+            like_id=random_int(),
+        ).get_activity()
+        activity = get_activity_instance({'type': like_activity['type']})(
+            activity_dict=like_activity
+        )
+
+        with patch(
+            'fittrackee.federation.utils.user.get_remote_actor_url',
+            return_value=random_actor.get_remote_user_object(),
+        ):
+            activity.process_activity()
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_like.py b/fittrackee/tests/federation/federation/test_federation_objects_like.py
new file mode 100644
index 000000000..d1baed033
--- /dev/null
+++ b/fittrackee/tests/federation/federation/test_federation_objects_like.py
@@ -0,0 +1,61 @@
+from flask import Flask
+
+from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.objects.like import LikeObject
+from fittrackee.users.models import User
+
+from ...comments.utils import CommentMixin
+
+
+class TestLikeObject(CommentMixin):
+    def test_it_generates_like_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+    ) -> None:
+        target_object_ap_id = self.random_string()
+        like_id = self.random_int()
+        like_object = LikeObject(
+            target_object_ap_id=target_object_ap_id,
+            like_id=like_id,
+            actor_ap_id=user_1.actor.activitypub_id,
+        )
+
+        serialized_like = like_object.get_activity()
+
+        assert serialized_like == {
+            "@context": AP_CTX,
+            "id": f"{user_1.actor.activitypub_id}#likes/{like_id}",
+            "type": "Like",
+            "actor": user_1.actor.activitypub_id,
+            "object": target_object_ap_id,
+        }
+
+    def test_it_generates_undo_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+    ) -> None:
+        target_object_ap_id = self.random_string()
+        like_id = self.random_int()
+        like_object = LikeObject(
+            target_object_ap_id=target_object_ap_id,
+            like_id=like_id,
+            actor_ap_id=user_1.actor.activitypub_id,
+            is_undo=True,
+        )
+
+        serialized_like = like_object.get_activity()
+
+        assert serialized_like == {
+            "@context": AP_CTX,
+            "id": f"{user_1.actor.activitypub_id}#likes/{like_id}/undo",
+            "type": "Undo",
+            "actor": user_1.actor.activitypub_id,
+            "object": {
+                "id": f"{user_1.actor.activitypub_id}#likes/{like_id}",
+                "type": "Like",
+                "actor": user_1.actor.activitypub_id,
+                "object": target_object_ap_id,
+            },
+        }
diff --git a/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
index 0e71cd8c6..a72372048 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
@@ -1,4 +1,5 @@
 import json
+from unittest.mock import Mock, patch
 
 from flask import Flask
 
@@ -10,11 +11,15 @@
 from ...mixins import ApiTestCaseMixin, BaseTestMixin
 
 
+@patch('fittrackee.federation.utils.user.update_remote_user')
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
 class TestWorkoutLikePost(ApiTestCaseMixin, BaseTestMixin):
     route = '/api/workouts/{workout_uuid}/like'
 
     def test_it_creates_workout_like(
         self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -51,12 +56,65 @@ def test_it_creates_workout_like(
         )
         assert remote_cycling_workout.likes.all() == [user_1]
 
+    def test_it_does_not_call_sent_to_inbox_if_workout_is_local(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            self.route.format(workout_uuid=workout_cycling_user_2.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
 
+    def test_it_calls_sent_to_inbox_if_comment_is_remote(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            self.route.format(workout_uuid=remote_cycling_workout.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        like_activity = WorkoutLike.query.first().get_activity()
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=like_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
+
+
+@patch('fittrackee.federation.utils.user.update_remote_user')
+@patch('fittrackee.workouts.workouts.send_to_remote_inbox')
 class TestWorkoutUndoLikePost(ApiTestCaseMixin, BaseTestMixin):
     route = '/api/workouts/{workout_uuid}/like/undo'
 
     def test_it_removes_workout_like(
         self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
         app_with_federation: Flask,
         user_1: User,
         remote_user: User,
@@ -97,3 +155,62 @@ def test_it_removes_workout_like(
             is None
         )
         assert remote_cycling_workout.likes.all() == []
+
+    def test_it_does_not_call_sent_to_inbox_if_workout_is_local(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            self.route.format(workout_uuid=workout_cycling_user_1.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_not_called()
+
+    def test_it_calls_sent_to_inbox_if_like_is_remote(
+        self,
+        send_to_remote_inbox_mock: Mock,
+        update_mock: Mock,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        remote_cycling_workout: Workout,
+    ) -> None:
+        remote_cycling_workout.workout_visibility = PrivacyLevel.PUBLIC
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=remote_cycling_workout.id
+        )
+        db.session.add(like)
+        db.session.commit()
+        undo_activity = WorkoutLike.query.first().get_activity(is_undo=True)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_with_federation, user_1.email
+        )
+
+        client.post(
+            self.route.format(workout_uuid=remote_cycling_workout.short_id),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        send_to_remote_inbox_mock.send.assert_called_once_with(
+            sender_id=user_1.actor.id,
+            activity=undo_activity,
+            recipients=[remote_user.actor.shared_inbox_url],
+        )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index f95cb1d95..085590d9d 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -1,13 +1,20 @@
 import pytest
 from flask import Flask
 
+from fittrackee import db
 from fittrackee.exceptions import InvalidVisibilityException
+from fittrackee.federation.objects.like import LikeObject
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.tests.workouts.test_workouts_model import WorkoutModelTestCase
 from fittrackee.tests.workouts.utils import add_follower
 from fittrackee.users.models import User
 from fittrackee.workouts.exceptions import WorkoutForbiddenException
-from fittrackee.workouts.models import Sport, Workout, WorkoutSegment
+from fittrackee.workouts.models import (
+    Sport,
+    Workout,
+    WorkoutLike,
+    WorkoutSegment,
+)
 
 from ...utils import random_string
 
@@ -225,3 +232,58 @@ def test_it_returns_activities_when_visibility_is_valid(
         assert delete_workout['type'] == 'Delete'
         assert delete_workout['object']['type'] == 'Tombstone'
         assert delete_workout['object']['id'] == workout_cycling_user_1.ap_id
+
+
+class TestWorkoutLikeActivities:
+    def test_it_returns_like_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        like_activity = like.get_activity()
+
+        assert (
+            like_activity
+            == LikeObject(
+                target_object_ap_id=workout_cycling_user_1.ap_id,
+                like_id=like.id,
+                actor_ap_id=user_1.actor.activitypub_id,
+            ).get_activity()
+        )
+
+    def test_it_returns_undo_like_activity(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        remote_user: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        like_activity = like.get_activity(is_undo=True)
+
+        assert (
+            like_activity
+            == LikeObject(
+                target_object_ap_id=workout_cycling_user_1.ap_id,
+                like_id=like.id,
+                actor_ap_id=user_1.actor.activitypub_id,
+                is_undo=True,
+            ).get_activity()
+        )
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index d9c8dc911..861441e33 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -14,6 +14,7 @@
 from fittrackee import BaseModel, appLog, db
 from fittrackee.comments.models import Comment
 from fittrackee.federation.decorators import federation_required
+from fittrackee.federation.objects.like import LikeObject
 from fittrackee.federation.objects.tombstone import TombstoneObject
 from fittrackee.federation.objects.workout import WorkoutObject
 from fittrackee.files import get_absolute_file_path
@@ -640,6 +641,9 @@ class WorkoutLike(BaseModel):
         nullable=False,
     )
 
+    user = db.relationship("User", lazy=True)
+    workout = db.relationship("Workout", lazy=True)
+
     def __init__(
         self,
         user_id: int,
@@ -651,3 +655,11 @@ def __init__(
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
+
+    def get_activity(self, is_undo: bool = False) -> Dict:
+        return LikeObject(
+            actor_ap_id=self.user.actor.activitypub_id,
+            target_object_ap_id=self.workout.ap_id,
+            like_id=self.id,
+            is_undo=is_undo,
+        ).get_activity()
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index dc3d13032..848e4792c 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1516,6 +1516,14 @@ def like_workout(
         like = WorkoutLike(user_id=auth_user.id, workout_id=workout.id)
         db.session.add(like)
         db.session.commit()
+
+        if current_app.config['FEDERATION_ENABLED'] and workout.user.is_remote:
+            like_activity = like.get_activity()
+            send_to_remote_inbox.send(
+                sender_id=auth_user.actor.id,
+                activity=like_activity,
+                recipients=[workout.user.actor.shared_inbox_url],
+            )
     except IntegrityError:
         db.session.rollback()
     return {
@@ -1529,7 +1537,7 @@ def like_workout(
 )
 @require_auth(scopes=['workouts:write'])
 @check_workout(check_owner=False)
-def unlike_workout(
+def undo_workout_like(
     auth_user: User, workout: Workout, workout_short_id: str
 ) -> Union[Tuple[Dict, int], HttpResponse]:
     like = WorkoutLike.query.filter_by(
@@ -1538,6 +1546,15 @@ def unlike_workout(
     if like:
         db.session.delete(like)
         db.session.commit()
+
+        if current_app.config['FEDERATION_ENABLED'] and workout.user.is_remote:
+            undo_activity = like.get_activity(is_undo=True)
+            send_to_remote_inbox.send(
+                sender_id=auth_user.actor.id,
+                activity=undo_activity,
+                recipients=[workout.user.actor.shared_inbox_url],
+            )
+
     return {
         'status': 'success',
         'data': {'workouts': [workout.serialize(auth_user)]},

From cf62277a73a9459a8adcb7dd57a904223c88558a Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 22 Feb 2023 14:16:07 +0100
Subject: [PATCH 228/238] API - add likes count

---
 fittrackee/comments/models.py                 |   5 +
 .../tests/comments/test_comments_models.py    | 114 +++++++++++++++++-
 .../comments/test_comments_models.py          |   4 +
 .../tests/workouts/test_workouts_model.py     |  84 ++++++++++++-
 fittrackee/workouts/models.py                 |   5 +
 5 files changed, 209 insertions(+), 3 deletions(-)

diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index 9df2fe833..2bba312fc 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -215,6 +215,9 @@ def update_mentions(self) -> Set['User']:
         # return users associated to deleted mention to send delete
         return deleted_mentioned_users
 
+    def liked_by(self, user: 'User') -> bool:
+        return user in self.likes.all()
+
     def serialize(self, user: Optional['User'] = None) -> Dict:
         if not can_view(self, 'text_visibility', user):
             raise CommentForbiddenException
@@ -239,6 +242,8 @@ def serialize(self, user: Optional['User'] = None) -> Dict:
                     reply_to=self.id,
                 )
             ],
+            'likes_count': self.likes.count(),
+            'liked': self.liked_by(user) if user else False,
         }
 
     def get_activity(self, activity_type: str) -> Dict:
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 28a191d45..1c9469edc 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -5,8 +5,9 @@
 from flask import Flask
 from freezegun import freeze_time
 
+from fittrackee import db
 from fittrackee.comments.exceptions import CommentForbiddenException
-from fittrackee.comments.models import Comment, Mention
+from fittrackee.comments.models import Comment, CommentLike, Mention
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.privacy_levels import PrivacyLevel
 from fittrackee.users.models import FollowRequest, User
@@ -141,6 +142,8 @@ def test_it_serializes_owner_comment(
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
             'replies': [],
+            'likes_count': 0,
+            'liked': False,
         }
 
 
@@ -218,6 +221,8 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
             'replies': [],
+            'likes_count': 0,
+            'liked': False,
         }
 
 
@@ -273,6 +278,8 @@ def test_it_serializes_comment_when_comment_is_public(
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
             'replies': [],
+            'likes_count': 0,
+            'liked': False,
         }
 
 
@@ -326,6 +333,8 @@ def test_it_serializes_comment_when_comment_is_public(
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
             'replies': [],
+            'likes_count': 0,
+            'liked': False,
         }
 
 
@@ -364,6 +373,8 @@ def test_it_serializes_comment_with_reply(
             'modification_date': parent_comment.modification_date,
             'reply_to': parent_comment.reply_to,
             'replies': [comment.serialize(user_1)],
+            'likes_count': 0,
+            'liked': False,
         }
 
     def test_it_serializes_comment_reply(
@@ -400,6 +411,8 @@ def test_it_serializes_comment_reply(
             'modification_date': comment.modification_date,
             'reply_to': parent_comment.short_id,
             'replies': [],
+            'likes_count': 0,
+            'liked': False,
         }
 
     def test_it_returns_only_visible_replies_for_a_user(
@@ -469,6 +482,8 @@ def test_it_returns_only_visible_replies_for_a_user(
                 visible_reply.serialize(user_3)
                 for visible_reply in visible_replies
             ],
+            'likes_count': 0,
+            'liked': False,
         }
 
     def test_it_returns_only_visible_replies_for_unauthenticated_user(
@@ -525,6 +540,8 @@ def test_it_returns_only_visible_replies_for_unauthenticated_user(
             'modification_date': comment.modification_date,
             'reply_to': None,
             'replies': [visible_reply.serialize()],
+            'likes_count': 0,
+            'liked': False,
         }
 
     def test_it_returns_all_replies(
@@ -696,3 +713,98 @@ def test_it_serializes_comment_with_mentions_as_link(
 
         assert serialized_comment["text"] == comment.text
         assert serialized_comment["text_html"] == comment.handle_mentions()[0]
+
+
+class TestWorkoutCommentModelSerializeWithLikes(CommentMixin):
+    def test_it_returns_like_count(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        for user in [user_1, user_3]:
+            like = CommentLike(user_id=user.id, comment_id=comment.id)
+            db.session.add(like)
+        db.session.commit()
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment["likes_count"] == 2
+
+    def test_it_returns_if_user_liked_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_2,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_1.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment["liked"] is True
+
+    def test_it_returns_if_user_did_not_like_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_3,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_2.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment["liked"] is False
+
+    def test_it_returns_if_likes_info_for_unauthenticated_user(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        comment = self.create_comment(
+            user=user_3,
+            workout=workout_cycling_user_1,
+            text_visibility=PrivacyLevel.PUBLIC,
+        )
+        like = CommentLike(user_id=user_2.id, comment_id=comment.id)
+        db.session.add(like)
+        db.session.commit()
+
+        serialized_comment = comment.serialize()
+
+        assert serialized_comment["likes_count"] == 1
+        assert serialized_comment["liked"] is False
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 07229eee1..c2e5e9b0d 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -46,6 +46,8 @@ def test_it_serializes_owner_comment(
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
             'replies': [],
+            'liked': False,
+            'likes_count': 0,
         }
 
 
@@ -127,6 +129,8 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'modification_date': comment.modification_date,
             'reply_to': comment.reply_to,
             'replies': [],
+            'liked': False,
+            'likes_count': 0,
         }
 
 
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 87c6ad63b..e4365df5e 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -10,8 +10,9 @@
 from fittrackee.users.models import User
 from fittrackee.utils import encode_uuid
 from fittrackee.workouts.exceptions import WorkoutForbiddenException
-from fittrackee.workouts.models import Sport, Workout
+from fittrackee.workouts.models import Sport, Workout, WorkoutLike
 
+from ..comments.utils import CommentMixin
 from ..utils import random_string
 from .utils import add_follower
 
@@ -32,7 +33,7 @@ def update_workout(
         return workout
 
 
-class TestWorkoutModelForOwner(WorkoutModelTestCase):
+class TestWorkoutModelForOwner(CommentMixin, WorkoutModelTestCase):
     def test_sport_label_and_date_are_in_string_value(
         self,
         app: Flask,
@@ -75,6 +76,8 @@ def test_serialize_for_workout_without_gpx(
         assert serialized_workout['distance'] == float(workout.distance)
         assert serialized_workout['duration'] == str(workout.duration)
         assert serialized_workout['id'] == workout.short_id
+        assert serialized_workout['likes_count'] == 0
+        assert serialized_workout['liked'] is False
         assert serialized_workout['map'] is None
         assert serialized_workout['max_alt'] is None
         assert serialized_workout['max_speed'] == float(workout.max_speed)
@@ -323,6 +326,63 @@ def test_it_returns_next_workout(
             == workout_running_user_1.short_id
         )
 
+    def test_it_returns_likes_count(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        for user in [user_2, user_3]:
+            like = WorkoutLike(
+                user_id=user.id, workout_id=workout_cycling_user_1.id
+            )
+            db.session.add(like)
+        db.session.commit()
+
+        serialized_workout = workout_cycling_user_1.serialize(user_1)
+
+        assert serialized_workout['likes_count'] == 2
+
+    def test_it_returns_if_workout_is_not_liked_by_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        like = WorkoutLike(
+            user_id=user_2.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        serialized_workout = workout_cycling_user_1.serialize(user_1)
+
+        assert serialized_workout['liked'] is False
+
+    def test_it_returns_if_workout_is_liked_by_user(
+        self,
+        app: Flask,
+        sport_1_cycling: Sport,
+        sport_2_running: Sport,
+        user_1: User,
+        workout_cycling_user_1: Workout,
+        workout_running_user_1: Workout,
+    ) -> None:
+        like = WorkoutLike(
+            user_id=user_1.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        serialized_workout = workout_cycling_user_1.serialize(user_1)
+
+        assert serialized_workout['liked'] is True
+
 
 class TestWorkoutModelAsFollower(WorkoutModelTestCase):
     def test_it_raises_exception_when_workout_visibility_is_private(
@@ -733,6 +793,26 @@ def test_serializer_does_not_return_previous_workout(
 
         assert serialized_workout['previous_workout'] is None
 
+    def test_it_returns_likes_count(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = PrivacyLevel.PUBLIC
+        like = WorkoutLike(
+            user_id=user_2.id, workout_id=workout_cycling_user_1.id
+        )
+        db.session.add(like)
+        db.session.commit()
+
+        serialized_workout = workout_cycling_user_1.serialize()
+
+        assert serialized_workout['liked'] is False
+        assert serialized_workout['likes_count'] == 1
+
 
 class TestWorkoutModelGetActivity:
     def test_it_raises_error_if_federation_is_disabled(
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index 861441e33..af72f18ec 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -235,6 +235,9 @@ def short_id(self) -> str:
     def calculated_map_visibility(self) -> PrivacyLevel:
         return get_map_visibility(self.map_visibility, self.workout_visibility)
 
+    def liked_by(self, user: 'User') -> bool:
+        return user in self.likes.all()
+
     def serialize(
         self, user: Optional['User'] = None, params: Optional[Dict] = None
     ) -> Dict:
@@ -380,6 +383,8 @@ def serialize(
             'weather_end': self.weather_end,
             'notes': self.notes if is_owner else None,
             'workout_visibility': self.workout_visibility.value,
+            'likes_count': self.likes.count(),
+            'liked': self.liked_by(user) if user else False,
         }
         if self.user.is_remote:
             workout['remote_url'] = self.remote_url

From e828368a01524866711132dd21e0c0aa4cab18f4 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 22 Feb 2023 15:11:07 +0100
Subject: [PATCH 229/238] Client - display likes on workouts and comments

---
 .../src/components/Comment/Comment.vue        |  33 +++++-
 .../WorkoutDetail/WorkoutCardTitle.vue        | 101 ++++++++++++------
 .../Workout/WorkoutDetail/index.vue           |   2 +
 .../src/store/modules/workouts/actions.ts     |  73 +++++++++++++
 .../src/store/modules/workouts/enums.ts       |   4 +
 .../src/store/modules/workouts/types.ts       |  16 +++
 fittrackee_client/src/types/workouts.ts       |   6 ++
 7 files changed, 201 insertions(+), 34 deletions(-)

diff --git a/fittrackee_client/src/components/Comment/Comment.vue b/fittrackee_client/src/components/Comment/Comment.vue
index 8090b46ea..5dddda88a 100644
--- a/fittrackee_client/src/components/Comment/Comment.vue
+++ b/fittrackee_client/src/components/Comment/Comment.vue
@@ -50,6 +50,10 @@
           aria-hidden="true"
           @click="deleteComment(comment)"
         />
+        <span class="likes" @click="updateLike(comment)">
+          <i class="fa" :class="`fa-heart${comment.liked ? '' : '-o'}`"/>
+          <span class="likes-count" v-if="comment.likes_count > 0">{{ comment.likes_count }}</span>
+        </span>
         <i
           class="fa fa-comment-o"
           v-if="authUser.username && (!addReply || addReply !== comment)"
@@ -97,7 +101,7 @@
   import WorkoutCommentEdition from "@/components/Comment/CommentEdition.vue"
   import Username from "@/components/User/Username.vue"
   import UserPicture from "@/components/User/UserPicture.vue"
-  import { ROOT_STORE } from "@/store/constants"
+  import { ROOT_STORE, WORKOUTS_STORE } from "@/store/constants"
   import { IDisplayOptions } from "@/types/application"
   import { IAuthUserProfile, IUserProfile } from "@/types/user"
   import { IComment, IWorkout } from "@/types/workouts"
@@ -152,6 +156,14 @@
     addReply.value = comment
     focusOnTextArea(comment.id)
   }
+  function updateLike(comment: IComment) {
+    store.dispatch(
+      comment.liked
+        ? WORKOUTS_STORE.ACTIONS.UNDO_LIKE_COMMENT
+        : WORKOUTS_STORE.ACTIONS.LIKE_COMMENT,
+      comment
+    )
+  }
 
 </script>
 
@@ -191,9 +203,15 @@
           font-style: italic;
           white-space: nowrap;
         }
-        .fa-trash, .fa-comment-o {
+        .fa-trash, .fa-comment-o, .fa-heart , .fa-heart-o {
           padding-bottom: 3px;
         }
+        .fa-heart , .fa-heart-o {
+          font-size: .9em;
+        }
+        .fa-heart {
+          color: #ee2222;
+        }
         .fa-edit{
           padding-bottom: 2px;
         }
@@ -204,11 +222,20 @@
       .comment-text {
         border-radius: 5px;
         margin: $default-margin 0;
-        padding-left: $default-padding ;
+        padding-left: $default-padding;
       }
       .add-comment-reply {
         margin: 0 0 40px;
       }
+      .likes {
+        .likes-count {
+          padding-left: $default-padding *.3;
+          font-size: 0.8em;
+        }
+      }
+      .likes:hover {
+        cursor: pointer;
+      }
     }
   }
 </style>
\ No newline at end of file
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
index e9e485f7a..191b539a5 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/WorkoutCardTitle.vue
@@ -32,29 +32,35 @@
             {{ $t('workouts.VIEW_ON_REMOTE_INSTANCE') }}
             <i class="fa fa-external-link-square" aria-hidden="true"></i>
           </a>
-          <i
-            class="fa fa-edit"
-            aria-hidden="true"
-            v-if="isWorkoutOwner"
-            @click="
-              $router.push({
-                name: 'EditWorkout',
-                params: { workoutId: workoutObject.workoutId },
-              })
-            "
-          />
-          <i
-            v-if="workoutObject.with_gpx && isWorkoutOwner"
-            class="fa fa-download"
-            aria-hidden="true"
-            @click.prevent="downloadGpx(workoutObject.workoutId)"
-          />
-          <i
-            class="fa fa-trash"
-            v-if="isWorkoutOwner"
-            aria-hidden="true"
-            @click="emit('displayModal', true)"
-          />
+          <div class="icons">
+            <span class="likes" @click="updateLike(workoutObject)">
+              <i class="fa" :class="`fa-heart${workoutObject.liked ? '' : '-o'}`"/>
+              <span class="likes-count" v-if="workoutObject.likes_count > 0">{{ workoutObject.likes_count }}</span>
+            </span>
+            <i
+              class="fa fa-edit"
+              aria-hidden="true"
+              v-if="isWorkoutOwner"
+              @click="
+                $router.push({
+                  name: 'EditWorkout',
+                  params: { workoutId: workoutObject.workoutId },
+                })
+              "
+            />
+            <i
+              v-if="workoutObject.with_gpx && isWorkoutOwner"
+              class="fa fa-download"
+              aria-hidden="true"
+              @click.prevent="downloadGpx(workoutObject.workoutId)"
+            />
+            <i
+              class="fa fa-trash"
+              v-if="isWorkoutOwner"
+              aria-hidden="true"
+              @click="emit('displayModal', true)"
+            />
+          </div>
         </div>
         <div class="workout-title" v-else>
           {{ workoutObject.title }}
@@ -104,8 +110,10 @@
   import { toRefs } from 'vue'
 
   import authApi from '@/api/authApi'
+  import { WORKOUTS_STORE } from '@/store/constants'
   import { ISport } from '@/types/sports'
   import { IWorkoutObject } from '@/types/workouts'
+  import { useStore } from '@/use/useStore'
 
   interface Props {
     sport: ISport
@@ -114,6 +122,8 @@
   }
   const props = defineProps<Props>()
 
+  const store = useStore()
+
   const emit = defineEmits(['displayModal'])
 
   const { isWorkoutOwner, sport, workoutObject } = toRefs(props)
@@ -134,6 +144,14 @@
         gpxLink.click()
       })
   }
+  function updateLike(workout: IWorkoutObject) {
+    store.dispatch(
+      workout.liked
+        ? WORKOUTS_STORE.ACTIONS.UNDO_LIKE_WORKOUT
+        : WORKOUTS_STORE.ACTIONS.LIKE_WORKOUT,
+      workout.workoutId
+    )
+  }
 </script>
 
 <style lang="scss" scoped>
@@ -192,16 +210,37 @@
         padding-left: $default-padding;
       }
 
-      .fa {
-        cursor: pointer;
-        padding: 0 $default-padding * 0.3;
-      }
+      .icons {
+        .fa {
+          cursor: pointer;
+          padding: 0 $default-padding * 0.3;
+        }
+
+        .fa-heart {
+          color: #ee2222;
+        }
 
+        .likes {
+          padding-left: $default-padding * 0.3;
+          margin-right: 0;
+          .fa-heart , .fa-heart-o {
+            font-size: .95em;
+          }
+          .likes-count {
+            font-size: .9em;
+            font-weight: bold;
+          }
+        }
+      }
       @media screen and (max-width: $small-limit) {
-        .fa-download,
-        .fa-trash,
-        .fa-edit {
-          padding: 0 $default-padding * 0.7;
+        .icons {
+          .fa-download,
+          .fa-trash,
+          .fa-heart,
+          .fa-heart-o,
+          .fa-edit {
+            padding: 0 $default-padding * 0.7;
+          }
         }
 
         .workout-title {
diff --git a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
index f6ae61f86..199d1fba8 100644
--- a/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
+++ b/fittrackee_client/src/components/Workout/WorkoutDetail/index.vue
@@ -158,6 +158,8 @@
       duration: segment ? segment.duration : workout.duration,
       mapVisibility: segment ? null : workout.map_visibility,
       maxAlt: segment ? segment.max_alt : workout.max_alt,
+      liked: workout.liked,
+      likes_count:  workout.likes_count,
       maxSpeed: segment ? segment.max_speed : workout.max_speed,
       minAlt: segment ? segment.min_alt : workout.min_alt,
       moving: segment ? segment.moving : workout.moving,
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 46e0ccb54..a345d9b2e 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -16,6 +16,7 @@ import {
   IWorkoutPayload,
   TWorkoutsPayload,
   ICommentPayload,
+  IComment,
 } from '@/types/workouts'
 import { handleError } from '@/utils'
 
@@ -345,4 +346,76 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
         context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, null)
       })
   },
+  [WORKOUTS_STORE.ACTIONS.LIKE_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    comment: IComment
+  ): void {
+    authApi
+      .post(`workouts/${comment.workout_id}/comments/${comment.id}/like`)
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.dispatch(
+            WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS,
+            comment.workout_id
+          )
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
+  [WORKOUTS_STORE.ACTIONS.UNDO_LIKE_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    comment: IComment
+  ): void {
+    authApi
+      .post(`workouts/${comment.workout_id}/comments/${comment.id}/like/undo`)
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.dispatch(
+            WORKOUTS_STORE.ACTIONS.GET_WORKOUT_COMMENTS,
+            comment.workout_id
+          )
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
+  [WORKOUTS_STORE.ACTIONS.LIKE_WORKOUT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    workoutId: string
+  ): void {
+    authApi
+      .post(`workouts/${workoutId}/like`)
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.commit(
+            WORKOUTS_STORE.MUTATIONS.SET_WORKOUT,
+            res.data.data.workouts[0]
+          )
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
+  [WORKOUTS_STORE.ACTIONS.UNDO_LIKE_WORKOUT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    workoutId: string
+  ): void {
+    authApi
+      .post(`workouts/${workoutId}/like/undo`)
+      .then((res) => {
+        if (res.data.status === 'success') {
+          context.commit(
+            WORKOUTS_STORE.MUTATIONS.SET_WORKOUT,
+            res.data.data.workouts[0]
+          )
+        }
+      })
+      .catch((error) => {
+        handleError(context, error)
+      })
+  },
 }
diff --git a/fittrackee_client/src/store/modules/workouts/enums.ts b/fittrackee_client/src/store/modules/workouts/enums.ts
index b1a1ba4cf..3811d4609 100644
--- a/fittrackee_client/src/store/modules/workouts/enums.ts
+++ b/fittrackee_client/src/store/modules/workouts/enums.ts
@@ -12,6 +12,10 @@ export enum WorkoutsActions {
   GET_MORE_TIMELINE_WORKOUTS = 'GET_MORE_TIMELINE_WORKOUTS',
   GET_WORKOUT_DATA = 'GET_WORKOUT_DATA',
   GET_WORKOUT_COMMENTS = 'GET_WORKOUT_COMMENTS',
+  LIKE_COMMENT = 'LIKE_COMMENT',
+  UNDO_LIKE_COMMENT = 'UNDO_LIKE_COMMENT',
+  LIKE_WORKOUT = 'LIKE_WORKOUT',
+  UNDO_LIKE_WORKOUT = 'UNDO_LIKE_WORKOUT',
 }
 
 export enum WorkoutsGetters {
diff --git a/fittrackee_client/src/store/modules/workouts/types.ts b/fittrackee_client/src/store/modules/workouts/types.ts
index 0c9bfcc44..99cf75e32 100644
--- a/fittrackee_client/src/store/modules/workouts/types.ts
+++ b/fittrackee_client/src/store/modules/workouts/types.ts
@@ -81,6 +81,22 @@ export interface IWorkoutsActions {
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: ICommentForm
   ): void
+  [WORKOUTS_STORE.ACTIONS.LIKE_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    comment: IComment
+  ): void
+  [WORKOUTS_STORE.ACTIONS.UNDO_LIKE_COMMENT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    comment: IComment
+  ): void
+  [WORKOUTS_STORE.ACTIONS.LIKE_WORKOUT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    workoutId: string
+  ): void
+  [WORKOUTS_STORE.ACTIONS.UNDO_LIKE_WORKOUT](
+    context: ActionContext<IWorkoutsState, IRootState>,
+    workoutId: string
+  ): void
 }
 
 export interface IWorkoutsGetters {
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index f1929f341..b2cc460d7 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -63,6 +63,8 @@ export interface IWorkout {
   distance: number
   duration: string
   id: string
+  liked: boolean
+  likes_count: number
   map: string | null
   map_visibility?: TPrivacyLevels
   max_alt: number | null
@@ -93,6 +95,8 @@ export interface IWorkoutObject {
   descent: number | null
   distance: number
   duration: string
+  liked: boolean
+  likes_count: number
   maxAlt: number | null
   maxSpeed: number
   mapVisibility: TPrivacyLevels | null | undefined
@@ -190,6 +194,8 @@ export interface IWorkoutChartData {
 export interface IComment {
   created_at: string
   id: string
+  liked: boolean
+  likes_count: number
   modification_date: string | null
   replies: IComment[]
   text: string

From cf6edc5d19ea00ebd38c6d44cf69044adde5e736 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 26 Aug 2023 08:59:33 +0200
Subject: [PATCH 230/238] API - fix workouts order when uploading a zip archive

---
 .../workouts/test_utils/test_workouts.py      | 28 +++++--------------
 fittrackee/workouts/utils/workouts.py         |  4 +--
 fittrackee/workouts/workouts.py               |  8 ++----
 3 files changed, 12 insertions(+), 28 deletions(-)

diff --git a/fittrackee/tests/workouts/test_utils/test_workouts.py b/fittrackee/tests/workouts/test_utils/test_workouts.py
index 182d7d845..8f4fe6a1f 100644
--- a/fittrackee/tests/workouts/test_utils/test_workouts.py
+++ b/fittrackee/tests/workouts/test_utils/test_workouts.py
@@ -156,11 +156,11 @@ def test_it_returns_empty_list_when_no_workouts_provided(
         self,
         app: Flask,
     ) -> None:
-        ordered_workouts = get_ordered_workouts([], limit=3)
+        ordered_workouts = get_ordered_workouts([])
 
         assert ordered_workouts == []
 
-    def test_it_returns_last_workouts_depending_on_limit(
+    def test_it_returns_workouts_ordered_by_workout_date_descending(
         self,
         app: Flask,
         user_1: User,
@@ -168,28 +168,14 @@ def test_it_returns_last_workouts_depending_on_limit(
         sport_2_running: Sport,
         seven_workouts_user_1: List[Workout],
     ) -> None:
-        ordered_workouts = get_ordered_workouts(seven_workouts_user_1, limit=3)
+        ordered_workouts = get_ordered_workouts(seven_workouts_user_1)
 
         assert ordered_workouts == [
             seven_workouts_user_1[6],
             seven_workouts_user_1[5],
             seven_workouts_user_1[3],
-        ]
-
-    def test_it_returns_all_workouts_when_below_limit(
-        self,
-        app: Flask,
-        user_1: User,
-        sport_1_cycling: Sport,
-        sport_2_running: Sport,
-        workout_cycling_user_1: Workout,
-        workout_running_user_1: Workout,
-    ) -> None:
-        ordered_workouts = get_ordered_workouts(
-            [workout_cycling_user_1, workout_running_user_1], limit=3
-        )
-
-        assert ordered_workouts == [
-            workout_running_user_1,
-            workout_cycling_user_1,
+            seven_workouts_user_1[4],
+            seven_workouts_user_1[2],
+            seven_workouts_user_1[1],
+            seven_workouts_user_1[0],
         ]
diff --git a/fittrackee/workouts/utils/workouts.py b/fittrackee/workouts/utils/workouts.py
index 67a263e46..f62a48304 100644
--- a/fittrackee/workouts/utils/workouts.py
+++ b/fittrackee/workouts/utils/workouts.py
@@ -521,10 +521,10 @@ def get_average_speed(
     )
 
 
-def get_ordered_workouts(workouts: List[Workout], limit: int) -> List[Workout]:
+def get_ordered_workouts(workouts: List[Workout]) -> List[Workout]:
     return sorted(
         workouts, key=lambda workout: workout.workout_date, reverse=True
-    )[:limit]
+    )
 
 
 def get_workout(workout_short_id: str, auth_user: Optional[User]) -> Workout:
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 3f3e6cde4..0a0a5e6bd 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -1039,16 +1039,14 @@ def post_workout(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
     }
 
     try:
-        new_workouts = process_files(
-            auth_user, workout_data, workout_file, folders
+        new_workouts = get_ordered_workouts(
+            process_files(auth_user, workout_data, workout_file, folders)
         )
         if len(new_workouts) > 0:
             if sending_activities_allowed(
                 workout_data.get('workout_visibility')
             ):
-                workouts_to_send = get_ordered_workouts(
-                    new_workouts, limit=MAX_WORKOUTS_TO_SEND
-                )
+                workouts_to_send = new_workouts[:MAX_WORKOUTS_TO_SEND]
                 for new_workout in workouts_to_send:
                     handle_workout_activities(
                         new_workout, activity_type='Create'

From 3c2aab364a8077670c4b4838ddbc1ac750438552 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 13 Apr 2024 15:55:54 +0200
Subject: [PATCH 231/238] API - rename migration

---
 ...a2d8_init_federation.py => 39_8842c351a2d8_init_federation.py} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename fittrackee/migrations/versions/{38_8842c351a2d8_init_federation.py => 39_8842c351a2d8_init_federation.py} (100%)

diff --git a/fittrackee/migrations/versions/38_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/39_8842c351a2d8_init_federation.py
similarity index 100%
rename from fittrackee/migrations/versions/38_8842c351a2d8_init_federation.py
rename to fittrackee/migrations/versions/39_8842c351a2d8_init_federation.py

From 15a682da604e43deb71e4ff17157b5dd819fe333 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Mon, 22 Apr 2024 00:35:10 +0200
Subject: [PATCH 232/238] API - rename migration

---
 ...a2d8_init_federation.py => 40_8842c351a2d8_init_federation.py} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename fittrackee/migrations/versions/{39_8842c351a2d8_init_federation.py => 40_8842c351a2d8_init_federation.py} (100%)

diff --git a/fittrackee/migrations/versions/39_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/40_8842c351a2d8_init_federation.py
similarity index 100%
rename from fittrackee/migrations/versions/39_8842c351a2d8_init_federation.py
rename to fittrackee/migrations/versions/40_8842c351a2d8_init_federation.py

From 4b30db173baeadc1aec39677228b1d3ac2a58b23 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Wed, 9 Oct 2024 19:52:45 +0200
Subject: [PATCH 233/238] fix poetry.lock

---
 poetry.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/poetry.lock b/poetry.lock
index 080fbf9c3..0815801b1 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -2816,4 +2816,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = ">= 3.8.1, < 3.13"
-content-hash = "6a4501a79c0be45f67091ed1bd79da7c9aa2892943e66a08852b987facd52420"
+content-hash = "494dd09fc2b237d0086954af50c7af127a1e875e636fe249dd6eae1827102dc5"

From 5dd72cef62fd49e14744b3a382408073ecdaee99 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 7 Dec 2024 19:35:37 +0100
Subject: [PATCH 234/238] API & Client - restore comment replies

---
 fittrackee/comments/comments.py               |  36 +-
 fittrackee/comments/models.py                 | 119 ++-
 .../43_8842c351a2d8_init_federation.py        |  11 +
 fittrackee/tests/comments/mixins.py           |   2 +
 .../tests/comments/test_comments_api.py       | 846 ++++++++++++++++--
 .../tests/comments/test_comments_models.py    | 531 +++++++++++
 .../tests/users/test_users_export_data.py     |  38 +
 .../users/test_users_notifications_api.py     | 217 +++++
 .../users/test_users_notifications_model.py   | 245 +++++
 fittrackee/users/export_data.py               |   5 +
 fittrackee/users/models.py                    |   2 +
 fittrackee/users/notifications.py             |  26 +-
 .../src/components/Comment/Comment.vue        |  27 +
 .../src/components/Comment/CommentEdition.vue |  47 +-
 .../src/components/Comment/Comments.vue       |  30 +-
 .../Notifications/NotificationDetail.vue      |   3 +
 .../Notifications/NotificationsFilters.vue    |   1 +
 .../src/locales/en/notifications.json         |   1 +
 .../src/locales/fr/notifications.json         |   1 +
 .../src/store/modules/workouts/actions.ts     |   6 +-
 fittrackee_client/src/types/notifications.ts  |   1 +
 fittrackee_client/src/types/workouts.ts       |   3 +
 22 files changed, 2062 insertions(+), 136 deletions(-)

diff --git a/fittrackee/comments/comments.py b/fittrackee/comments/comments.py
index 1d1e3d431..9f492b047 100644
--- a/fittrackee/comments/comments.py
+++ b/fittrackee/comments/comments.py
@@ -16,8 +16,8 @@
     handle_error_and_return_response,
 )
 from fittrackee.users.models import User
-from fittrackee.utils import clean_input
-from fittrackee.visibility_levels import VisibilityLevel
+from fittrackee.utils import clean_input, decode_short_id
+from fittrackee.visibility_levels import VisibilityLevel, can_view
 from fittrackee.workouts.decorators import check_workout
 from fittrackee.workouts.models import Workout
 
@@ -95,6 +95,8 @@ def post_workout_comment(
             "likes_count": 0,
             "mentions": [],
             "modification_date": null,
+            "replies": [],
+            "reply_to": null,
             "suspended_at": null,
             "text": "Great!",
             "text_html": "Great!",
@@ -119,12 +121,15 @@ def post_workout_comment(
     :<json string text: comment content
     :<json string text_visibility: visibility level (``public``,
            ``followers_only``, ``private``)
+    :<json string reply_to: id of the comment being replied to
+           (to be provided only for a reply)
 
     :reqheader Authorization: OAuth 2.0 Bearer Token
 
     :statuscode 201: ``created``
     :statuscode 400:
         - ``invalid payload``
+        - ``'reply_to' is invalid``
     :statuscode 401:
         - ``provide a valid auth token``
         - ``signature expired, please log in again``
@@ -141,11 +146,26 @@ def post_workout_comment(
     ):
         return InvalidPayloadErrorResponse()
     try:
+        reply_to = comment_data.get('reply_to')
+        comment = None
+        if reply_to:
+            comment = Comment.query.filter(
+                Comment.uuid == decode_short_id(reply_to),
+                Comment.user_id.not_in(auth_user.get_blocked_by_user_ids()),
+            ).first()
+            if (
+                not comment
+                or comment.suspended_at
+                or not can_view(comment, "text_visibility", auth_user)
+            ):
+                return InvalidPayloadErrorResponse("'reply_to' is invalid")
+
         new_comment = Comment(
             user_id=auth_user.id,
             workout_id=workout.id,
             text=clean_input(comment_data['text']),
             text_visibility=VisibilityLevel(comment_data['text_visibility']),
+            reply_to=comment.id if comment else None,
         )
         db.session.add(new_comment)
         db.session.flush()
@@ -224,6 +244,8 @@ def get_workout_comment(
             "likes_count": 0,
             "mentions": [],
             "modification_date": null,
+            "replies": [],
+            "reply_to": null,
             "suspended_at": null,
             "text": "Nice!",
             "text_html": "Nice!",
@@ -258,7 +280,7 @@ def get_workout_comment(
     return (
         {
             'status': 'success',
-            'comment': comment.serialize(auth_user),
+            'comment': comment.serialize(auth_user, get_parent_comment=True),
         },
         200,
     )
@@ -304,6 +326,8 @@ def get_workout_comments(
                 "likes_count": 0,
                 "mentions": [],
                 "modification_date": null,
+                "replies": [],
+                "reply_to": null,
                 "suspended_at": null,
                 "text": "Great!",
                 "text_html": "Great!",
@@ -454,6 +478,8 @@ def update_workout_comment(
             "likes_count": 0,
             "mentions": [],
             "modification_date": null,
+            "replies": [],
+            "reply_to": null,
             "suspended_at": null,
             "text": "Great!",
             "text_html": "Great!",
@@ -558,6 +584,8 @@ def like_comment(
             "likes_count": 1,
             "mentions": [],
             "modification_date": null,
+            "replies": [],
+            "reply_to": null,
             "suspended_at": null,
             "text": "Great!",
             "text_html": "Great!",
@@ -647,6 +675,8 @@ def undo_comment_like(
             "likes_count": 0,
             "mentions": [],
             "modification_date": null,
+            "replies": [],
+            "reply_to": null,
             "suspended_at": null,
             "text": "Great!",
             "text_html": "Great!",
diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index 5d04cb09a..9d546830d 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -28,7 +28,9 @@
     from fittrackee.users.models import User
 
 
-def get_comments(workout_id: int, user: Optional['User']) -> List['Comment']:
+def get_comments(
+    workout_id: int, user: Optional['User'], reply_to: Optional[int] = None
+) -> List['Comment']:
     if user:
         params = {"workout_id": workout_id, "user_id": user.id}
         sql = """
@@ -70,7 +72,16 @@ def get_comments(workout_id: int, user: Optional['User']) -> List['Comment']:
                   AND users.is_remote IS TRUE
               ))
             )
-          )
+          )"""
+
+        if reply_to:
+            sql += """
+          AND comments.reply_to = :reply_to """
+            params["reply_to"] = reply_to
+        else:
+            sql += """
+          AND comments.reply_to IS NULL"""
+        sql += """
         ORDER BY comments.created_at;"""
 
         comments_filter = db.session.scalars(
@@ -83,6 +94,7 @@ def get_comments(workout_id: int, user: Optional['User']) -> List['Comment']:
     else:
         comments_filter = Comment.query.filter(
             Comment.workout_id == workout_id,
+            Comment.reply_to == reply_to,
             Comment.text_visibility == VisibilityLevel.PUBLIC,
         ).order_by(Comment.created_at.asc())
 
@@ -110,6 +122,12 @@ class Comment(BaseModel):
         index=True,
         nullable=True,
     )
+    reply_to = db.Column(
+        db.Integer,
+        db.ForeignKey('comments.id', ondelete="SET NULL"),
+        index=True,
+        nullable=True,
+    )
     created_at = db.Column(db.DateTime, default=datetime.datetime.utcnow)
     modification_date = db.Column(db.DateTime, nullable=True)
     text = db.Column(db.String(), nullable=False)
@@ -122,6 +140,9 @@ class Comment(BaseModel):
     ap_id = db.Column(db.Text(), nullable=True)
     remote_url = db.Column(db.Text(), nullable=True)
 
+    parent_comment = db.relationship(
+        'Comment', remote_side=[id], lazy='joined'
+    )
     mentions = db.relationship(
         "Mention",
         lazy=True,
@@ -155,6 +176,7 @@ def __init__(
         text: str,
         text_visibility: VisibilityLevel,
         created_at: Optional[datetime.datetime] = None,
+        reply_to: Optional[int] = None,
     ) -> None:
         if (
             text_visibility == VisibilityLevel.FOLLOWERS_AND_REMOTE
@@ -171,6 +193,7 @@ def __init__(
         self.created_at = (
             datetime.datetime.utcnow() if created_at is None else created_at
         )
+        self.reply_to = reply_to
 
     @property
     def short_id(self) -> str:
@@ -265,11 +288,26 @@ def liked_by(self, user: 'User') -> bool:
     def serialize(
         self,
         user: Optional['User'] = None,
+        with_replies: bool = True,
+        get_parent_comment: bool = False,
         for_report: bool = False,
     ) -> Dict:
         if not can_view(self, 'text_visibility', user, for_report):
             raise CommentForbiddenException
 
+        try:
+            reply_to = (
+                None
+                if self.reply_to is None
+                else (
+                    self.parent_comment.serialize(user, with_replies=False)
+                    if get_parent_comment
+                    else self.parent_comment.short_id
+                )
+            )
+        except CommentForbiddenException:
+            reply_to = None
+
         # suspended comment content is only visible to its owner or
         # to admin in report only
         suspension: Dict[str, Any] = {}
@@ -325,6 +363,19 @@ def serialize(
                 if display_content
                 else []
             ),
+            'reply_to': reply_to,
+            'replies': (
+                [
+                    reply.serialize(user)
+                    for reply in get_comments(
+                        workout_id=self.workout_id,
+                        user=user,
+                        reply_to=self.id,
+                    )
+                ]
+                if with_replies and not for_report
+                else []
+            ),
             'likes_count': self.likes.count() if display_content else 0,
             'liked': self.liked_by(user) if user else False,
             **suspension,
@@ -393,7 +444,14 @@ def receive_after_flush(session: Session, context: Connection) -> None:
             create_notification = True
 
         workout = Workout.query.filter_by(id=new_comment.workout_id).first()
-        to_user_id = workout.user_id
+        if not workout:
+            return
+
+        if new_comment.reply_to is None:
+            to_user_id = workout.user_id
+        else:
+            comment = Comment.query.filter_by(id=new_comment.reply_to).first()
+            to_user_id = comment.user_id
 
         if new_comment.user_id == to_user_id:
             return
@@ -418,7 +476,11 @@ def receive_after_flush(session: Session, context: Connection) -> None:
             from_user_id=new_comment.user_id,
             to_user_id=to_user_id,
             created_at=new_comment.created_at,
-            event_type='workout_comment',
+            event_type=(
+                'workout_comment'
+                if new_comment.reply_to is None
+                else 'comment_reply'
+            ),
             event_object_id=new_comment.id,
         )
         session.add(notification)
@@ -447,28 +509,43 @@ def receive_after_flush(session: Session, context: Connection) -> None:
         from fittrackee.users.models import Notification
 
         comment = Comment.query.filter_by(id=new_mention.comment_id).first()
-
-        # `mention` notification is not created when:
-
-        # - mentioned user is comment author
         if new_mention.user_id == comment.user_id:
             return
 
-        # - mentioned user is workout owner and `workout_comment'
-        # notification does not exist
-        notification = (
-            Notification.query.join(
-                Comment, Comment.id == Notification.event_object_id
+        # `mention` notification is not created:
+        # - when mentioned user is workout owner and `workout_comment'
+        # notification does not exist)
+        if not comment.reply_to:
+            notification = (
+                Notification.query.join(
+                    Comment, Comment.id == Notification.event_object_id
+                )
+                .filter(
+                    Comment.id == comment.id,
+                    Notification.event_type == 'workout_comment',
+                    Notification.to_user_id == new_mention.user_id,
+                )
+                .first()
             )
-            .filter(
-                Comment.id == comment.id,
-                Notification.event_type == 'workout_comment',
-                Notification.to_user_id == new_mention.user_id,
+            if notification:
+                return
+
+        # - when mentioned user is parent comment owner and
+        # `comment_reply' notification already exists
+        else:
+            parent_comment_notification = (
+                Notification.query.join(
+                    Comment,
+                    Comment.id == Notification.event_object_id,
+                )
+                .filter(
+                    Notification.to_user_id == new_mention.user_id,
+                    Notification.event_type == 'comment_reply',
+                )
+                .first()
             )
-            .first()
-        )
-        if notification:
-            return
+            if parent_comment_notification:
+                return
 
         notification = Notification(
             from_user_id=comment.user_id,
diff --git a/fittrackee/migrations/versions/43_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/43_8842c351a2d8_init_federation.py
index 055c41dc7..6c061a313 100644
--- a/fittrackee/migrations/versions/43_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/43_8842c351a2d8_init_federation.py
@@ -168,8 +168,19 @@ def upgrade():
         )
     op.alter_column('users', 'is_remote', nullable=False)
 
+    with op.batch_alter_table('comments', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('reply_to', sa.Integer(), nullable=True))
+        batch_op.create_index(batch_op.f('ix_comments_reply_to'), ['reply_to'], unique=False)
+        batch_op.create_foreign_key('comments_reply_to_fkey', 'comments', ['reply_to'], ['id'], ondelete='SET NULL')
+
+
 
 def downgrade():
+    with op.batch_alter_table('comments', schema=None) as batch_op:
+        batch_op.drop_constraint('comments_reply_to_fkey', type_='foreignkey')
+        batch_op.drop_index(batch_op.f('ix_comments_reply_to'))
+        batch_op.drop_column('reply_to')
+
     with op.batch_alter_table('workouts', schema=None) as batch_op:
         batch_op.drop_column('remote_url')
         batch_op.drop_column('ap_id')
diff --git a/fittrackee/tests/comments/mixins.py b/fittrackee/tests/comments/mixins.py
index 6a15c0746..fbb1bff54 100644
--- a/fittrackee/tests/comments/mixins.py
+++ b/fittrackee/tests/comments/mixins.py
@@ -20,6 +20,7 @@ def create_comment(
         text: Optional[str] = None,
         text_visibility: VisibilityLevel = VisibilityLevel.PRIVATE,
         created_at: Optional[datetime] = None,
+        parent_comment: Optional[Comment] = None,
         with_mentions: bool = True,
     ) -> Comment:
         text = self.random_string() if text is None else text
@@ -29,6 +30,7 @@ def create_comment(
             text=text,
             text_visibility=text_visibility,
             created_at=created_at,
+            reply_to=parent_comment.id if parent_comment else None,
         )
         db.session.add(comment)
         db.session.flush()
diff --git a/fittrackee/tests/comments/test_comments_api.py b/fittrackee/tests/comments/test_comments_api.py
index 7ddce167e..b6d2c5ffb 100644
--- a/fittrackee/tests/comments/test_comments_api.py
+++ b/fittrackee/tests/comments/test_comments_api.py
@@ -481,6 +481,306 @@ def test_expected_scopes_are_defined(
         self.assert_response_scope(response, can_access)
 
 
+class TestPostWorkoutCommentReply(
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    @pytest.mark.parametrize(
+        'input_comment_visibility',
+        [VisibilityLevel.FOLLOWERS, VisibilityLevel.PRIVATE],
+    )
+    def test_it_returns_404_when_user_can_not_access_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        input_comment_visibility: VisibilityLevel,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=input_comment_visibility,
+        )
+
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.FOLLOWERS,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(response, "'reply_to' is invalid")
+
+    def test_it_returns_404_when_user_blocked_by_workout_owner_replies(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        user_2.blocks_user(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout not found (id: {workout_cycling_user_2.short_id})",
+        )
+
+    def test_it_returns_404_when_user_blocked_by_comment_author_replies(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+    ) -> None:
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        user_3.blocks_user(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(response, "'reply_to' is invalid")
+
+    def test_it_returns_400_when_user_replies_to_not_existing_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=self.random_short_id(),
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_400(response, "'reply_to' is invalid")
+
+    def test_it_returns_201_when_user_replies_to_a_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert data['comment']['reply_to'] == comment.short_id
+
+    def test_it_creates_reply_with_wider_visibility_than_parent_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.FOLLOWERS
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 201
+        data = json.loads(response.data.decode())
+        assert data['comment']['reply_to'] == comment.short_id
+        assert (
+            data['comment']['text_visibility'] == VisibilityLevel.PUBLIC.value
+        )
+
+    def test_it_returns_403_when_user_is_suspended(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        user_1.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        self.assert_403(response)
+
+    def test_it_returns_400_when_comment_is_suspended(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            f"/api/workouts/{workout_cycling_user_1.short_id}/comments",
+            content_type="application/json",
+            data=json.dumps(
+                dict(
+                    text=self.random_string(),
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    reply_to=comment.short_id,
+                )
+            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        self.assert_400(response, "'reply_to' is invalid")
+
+
 class TestGetWorkoutCommentAsUser(
     CommentMixin, ApiTestCaseMixin, BaseTestMixin
 ):
@@ -955,8 +1255,247 @@ def test_it_returns_comment_when_visibility_allows_access(
         workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
             user_1,
-            workout_cycling_user_2,
-            text_visibility=input_text_visibility,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
+
+    def test_it_returns_403_when_user_is_suspended(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PRIVATE,
+        )
+        user_1.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        self.assert_403(response)
+
+    def test_it_returns_suspended_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PRIVATE,
+        )
+        comment.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {auth_token}",
+            ),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
+
+
+class TestGetWorkoutCommentAsUnauthenticatedUser(
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    @pytest.mark.parametrize(
+        'input_text_visibility',
+        [VisibilityLevel.PRIVATE, VisibilityLevel.FOLLOWERS],
+    )
+    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        input_text_visibility: VisibilityLevel,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=input_text_visibility,
+        )
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+        )
+
+        self.assert_404_with_message(
+            response,
+            f"workout comment not found (id: {comment.short_id})",
+        )
+
+    def test_it_returns_suspended_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(comment.serialize())
+
+    def test_it_returns_comment_when_visibility_is_public(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        client = app.test_client()
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment'] == jsonify_dict(comment.serialize())
+
+    @pytest.mark.parametrize(
+        'client_scope, can_access',
+        {**OAUTH_SCOPES, 'workouts:read': True}.items(),
+    )
+    def test_expected_scopes_are_defined(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        client_scope: str,
+        can_access: bool,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        (
+            client,
+            oauth_client,
+            access_token,
+            _,
+        ) = self.create_oauth2_client_and_issue_token(
+            app, user_1, scope=client_scope
+        )
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+
+        response = client.get(
+            f"/api/comments/{comment.short_id}",
+            content_type="application/json",
+            headers=dict(
+                Authorization=f"Bearer {access_token}",
+            ),
+        )
+
+        self.assert_response_scope(response, can_access)
+
+
+class TestGetWorkoutCommentWithReplies(
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_gets_comment_with_replies(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        reply = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
@@ -965,34 +1504,37 @@ def test_it_returns_comment_when_visibility_allows_access(
         response = client.get(
             f"/api/comments/{comment.short_id}",
             content_type="application/json",
-            headers=dict(
-                Authorization=f"Bearer {auth_token}",
-            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
+        assert data['comment']['replies'] == [
+            jsonify_dict(reply.serialize(user_1))
+        ]
 
-    def test_it_returns_403_when_user_is_suspended(
+    def test_it_does_not_return_reply_from_blocked_user(
         self,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-        follow_request_from_user_1_to_user_2: FollowRequest,
+        workout_cycling_user_1: Workout,
     ) -> None:
-        user_2.approves_follow_request_from(user_1)
-        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
             user_1,
-            workout_cycling_user_2,
-            text_visibility=VisibilityLevel.PRIVATE,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
         )
-        user_1.suspended_at = datetime.utcnow()
-        db.session.commit()
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        user_1.blocks_user(user_2)
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -1000,31 +1542,36 @@ def test_it_returns_403_when_user_is_suspended(
         response = client.get(
             f"/api/comments/{comment.short_id}",
             content_type="application/json",
-            headers=dict(
-                Authorization=f"Bearer {auth_token}",
-            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        self.assert_403(response)
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment']['replies'] == []
 
-    def test_it_returns_suspended_comment(
+    def test_it_does_not_return_reply_when_user_is_blocked(
         self,
         app: Flask,
         user_1: User,
         user_2: User,
+        user_3: User,
         sport_1_cycling: Sport,
         workout_cycling_user_2: Workout,
-        follow_request_from_user_1_to_user_2: FollowRequest,
     ) -> None:
-        user_2.approves_follow_request_from(user_1)
         workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
-            user_1,
+            user_2,
             workout_cycling_user_2,
-            text_visibility=VisibilityLevel.PRIVATE,
+            text_visibility=VisibilityLevel.PUBLIC,
         )
-        comment.suspended_at = datetime.utcnow()
-        db.session.commit()
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        user_3.blocks_user(user_1)
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1.email
         )
@@ -1032,54 +1579,54 @@ def test_it_returns_suspended_comment(
         response = client.get(
             f"/api/comments/{comment.short_id}",
             content_type="application/json",
-            headers=dict(
-                Authorization=f"Bearer {auth_token}",
-            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(comment.serialize(user_1))
-
+        assert data['comment']['replies'] == []
 
-class TestGetWorkoutCommentAsUnauthenticatedUser(
-    CommentMixin, ApiTestCaseMixin, BaseTestMixin
-):
-    @pytest.mark.parametrize(
-        'input_text_visibility',
-        [VisibilityLevel.PRIVATE, VisibilityLevel.FOLLOWERS],
-    )
-    def test_it_returns_404_when_comment_visibility_does_not_allow_access(
+    def test_it_returns_suspended_reply(
         self,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-        follow_request_from_user_1_to_user_2: FollowRequest,
-        input_text_visibility: VisibilityLevel,
+        workout_cycling_user_1: Workout,
     ) -> None:
-        user_2.approves_follow_request_from(user_1)
-        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
             user_1,
-            workout_cycling_user_2,
-            text_visibility=input_text_visibility,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        reply = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        reply.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
         )
-        client = app.test_client()
 
         response = client.get(
             f"/api/comments/{comment.short_id}",
             content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        self.assert_404_with_message(
-            response,
-            f"workout comment not found (id: {comment.short_id})",
-        )
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment']['replies'] == [
+            jsonify_dict(reply.serialize(user_1))
+        ]
 
-    def test_it_returns_suspended_comment(
+    def test_it_gets_comment_when_reply_is_not_visible(
         self,
         app: Flask,
         user_1: User,
@@ -1089,90 +1636,105 @@ def test_it_returns_suspended_comment(
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        # not visible reply
+        self.create_comment(
             user_2,
             workout_cycling_user_1,
-            text_visibility=VisibilityLevel.PUBLIC,
+            text_visibility=VisibilityLevel.PRIVATE,
+            parent_comment=comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
         )
-        comment.suspended_at = datetime.utcnow()
-        db.session.commit()
-        client = app.test_client()
 
         response = client.get(
             f"/api/comments/{comment.short_id}",
             content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(comment.serialize())
+        assert data['comment']['replies'] == []
 
-    def test_it_returns_comment_when_visibility_is_public(
+    def test_it_gets_reply(
         self,
         app: Flask,
         user_1: User,
-        user_2: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
-            user_2,
+            user_1,
             workout_cycling_user_1,
-            text_visibility=VisibilityLevel.PUBLIC,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        reply = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
         )
-        client = app.test_client()
 
         response = client.get(
-            f"/api/comments/{comment.short_id}",
+            f"/api/comments/{reply.short_id}",
             content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
         assert response.status_code == 200
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
-        assert data['comment'] == jsonify_dict(comment.serialize())
+        assert data['comment']['reply_to'] == jsonify_dict(
+            comment.serialize(user_1, with_replies=False)
+        )
+        assert data['comment']['replies'] == []
 
-    @pytest.mark.parametrize(
-        'client_scope, can_access',
-        {**OAUTH_SCOPES, 'workouts:read': True}.items(),
-    )
-    def test_expected_scopes_are_defined(
+    def test_it_gets_reply_when_parent_is_not_visible_anymore(
         self,
         app: Flask,
         user_1: User,
         user_2: User,
         sport_1_cycling: Sport,
-        workout_cycling_user_2: Workout,
-        follow_request_from_user_1_to_user_2: FollowRequest,
-        client_scope: str,
-        can_access: bool,
+        workout_cycling_user_1: Workout,
     ) -> None:
-        user_2.approves_follow_request_from(user_1)
-        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
-        (
-            client,
-            oauth_client,
-            access_token,
-            _,
-        ) = self.create_oauth2_client_and_issue_token(
-            app, user_1, scope=client_scope
-        )
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        reply = self.create_comment(
             user_1,
-            workout_cycling_user_2,
-            text_visibility=VisibilityLevel.PUBLIC,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
         )
+        comment.text_visibility = VisibilityLevel.PRIVATE
 
         response = client.get(
-            f"/api/comments/{comment.short_id}",
+            f"/api/comments/{reply.short_id}",
             content_type="application/json",
-            headers=dict(
-                Authorization=f"Bearer {access_token}",
-            ),
+            headers=dict(Authorization=f"Bearer {auth_token}"),
         )
 
-        self.assert_response_scope(response, can_access)
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['comment']['reply_to'] is None
+        assert data['comment']['replies'] == []
 
 
 class GetWorkoutCommentsTestCase(
@@ -1810,6 +2372,78 @@ def test_it_returns_only_comments_user_can_access(
         ]
 
 
+class TestGetWorkoutsCommentWithReplies(
+    CommentMixin, ApiTestCaseMixin, BaseTestMixin
+):
+    def test_it_gets_replies_a_user_can_access(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        user_4: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        visible_replies = [
+            # owned comment
+            self.create_comment(
+                user_1,
+                workout_cycling_user_2,
+                text_visibility=VisibilityLevel.PRIVATE,
+                parent_comment=comment,
+            ),
+            # public reply
+            self.create_comment(
+                user_3,
+                workout_cycling_user_2,
+                text_visibility=VisibilityLevel.PUBLIC,
+                parent_comment=comment,
+            ),
+            # reply from following user
+            self.create_comment(
+                user_2,
+                workout_cycling_user_2,
+                text_visibility=VisibilityLevel.FOLLOWERS,
+                parent_comment=comment,
+            ),
+        ]
+        # user_4 blocks user_1
+        self.create_comment(
+            user_4,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        user_4.blocks_user(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            f"/api/workouts/{workout_cycling_user_2.short_id}/comments",
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert len(data['data']['comments']) == 1
+        assert data['data']['comments'][0]['id'] == comment.short_id
+        assert data['data']['comments'][0]['replies'] == [
+            jsonify_dict(reply.serialize(user_1)) for reply in visible_replies
+        ]
+
+
 class TestDeleteWorkoutComment(ApiTestCaseMixin, BaseTestMixin, CommentMixin):
     def test_it_returns_error_if_user_is_not_authenticated(
         self,
@@ -1967,6 +2601,38 @@ def test_it_deletes_workout_comment(
         assert response.status_code == 204
         assert Comment.query.first() is None
 
+    def test_it_deletes_workout_comment_having_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        reply = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.delete(
+            f"/api/comments/{comment.short_id}",
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 204
+        assert reply.reply_to is None
+
     def test_it_deletes_mentions(
         self,
         app: Flask,
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index 2ef1f5349..8c9d4f233 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -235,6 +235,8 @@ def test_it_serializes_owner_comment(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
             **suspended_at,
@@ -265,6 +267,8 @@ def test_it_serializes_owner_comment_when_workout_is_deleted(
             'mentions': [],
             'suspended_at': comment.suspended_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -293,6 +297,8 @@ def test_it_serializes_owner_comment_when_workout_is_not_visible(
             'mentions': [],
             'suspended_at': comment.suspended_at,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -327,6 +333,8 @@ def test_it_serializes_owner_comment_when_comment_is_suspended(
             'suspended_at': comment.suspended_at,
             'suspension': expected_report_action.serialize(user_1, full=False),
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -405,6 +413,8 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -439,6 +449,8 @@ def test_it_serializes_comment_when_workout_is_not_visible(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -496,6 +508,8 @@ def test_it_serializes_comment_when_comment_is_public(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -529,6 +543,8 @@ def test_it_serializes_comment_when_workout_is_deleted(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -560,6 +576,8 @@ def test_it_serializes_comment_when_workout_is_not_visible(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -637,6 +655,8 @@ def test_it_serializes_comment_when_report_flag_is_true(
             'created_at': comment.created_at,
             'mentions': [user_2.serialize()],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
             **suspended_at,
@@ -674,6 +694,8 @@ def test_it_does_not_return_content_when_comment_is_suspended(
             'mentions': [],
             'suspended': True,
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -730,6 +752,8 @@ def test_it_serializes_comment_when_report_flag_is_true(
             'created_at': comment.created_at,
             'mentions': [user_2.serialize()],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
             'suspended': True,
@@ -787,6 +811,8 @@ def test_it_serializes_comment_when_comment_is_public(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -817,6 +843,509 @@ def test_it_serializes_comment_when_workout_is_not_visible(
             'created_at': comment.created_at,
             'mentions': [],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+
+class TestWorkoutCommentModelSerializeForReplies(CommentMixin):
+    def test_it_serializes_comment_with_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = parent_comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'id': parent_comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': parent_comment.text,
+            'text_html': parent_comment.text,  # no mention
+            'text_visibility': parent_comment.text_visibility,
+            'created_at': parent_comment.created_at,
+            'mentions': [],
+            'suspended_at': parent_comment.suspended_at,
+            'modification_date': parent_comment.modification_date,
+            'reply_to': None,
+            'replies': [comment.serialize(user_1)],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_serializes_comment_with_suspended_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        suspended_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+        suspended_comment.suspended_at = datetime.utcnow()
+
+        serialized_comment = parent_comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'id': parent_comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': parent_comment.text,
+            'text_html': parent_comment.text,  # no mention
+            'text_visibility': parent_comment.text_visibility,
+            'created_at': parent_comment.created_at,
+            'mentions': [],
+            'suspended_at': parent_comment.suspended_at,
+            'modification_date': parent_comment.modification_date,
+            'reply_to': None,
+            'replies': [suspended_comment.serialize(user_1)],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_serializes_parent_comment_without_replies(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = parent_comment.serialize(
+            user_1, with_replies=False
+        )
+
+        assert serialized_comment == {
+            'id': parent_comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': parent_comment.text,
+            'text_html': parent_comment.text,  # no mention
+            'text_visibility': parent_comment.text_visibility,
+            'created_at': parent_comment.created_at,
+            'mentions': [],
+            'suspended_at': parent_comment.suspended_at,
+            'modification_date': parent_comment.modification_date,
+            'reply_to': None,
+            'replies': [],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_serializes_comment_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_2.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_html': comment.text,  # no mention
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'mentions': [],
+            'modification_date': comment.modification_date,
+            'reply_to': parent_comment.short_id,
+            'replies': [],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_serializes_comment_reply_with_serialized_parent(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = comment.serialize(user_1, get_parent_comment=True)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_2.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_html': comment.text,  # no mention
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'mentions': [],
+            'modification_date': comment.modification_date,
+            'reply_to': parent_comment.serialize(user_1, with_replies=False),
+            'replies': [],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_serializes_comment_reply_when_workout_is_deleted(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+        db.session.delete(workout_cycling_user_1)
+        db.session.commit()
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_2.serialize(),
+            'workout_id': None,
+            'text': comment.text,
+            'text_html': comment.text,  # no mention
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'mentions': [],
+            'modification_date': comment.modification_date,
+            'reply_to': parent_comment.short_id,
+            'replies': [],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_returns_only_visible_replies_for_a_user(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        # replies
+        self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PRIVATE,
+            parent_comment=comment,
+        )
+        visible_replies = [
+            self.create_comment(
+                user_3,
+                workout_cycling_user_1,
+                text_visibility=VisibilityLevel.PUBLIC,
+                parent_comment=comment,
+            )
+        ]
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        visible_replies.append(
+            self.create_comment(
+                user_1,
+                workout_cycling_user_1,
+                text_visibility=VisibilityLevel.FOLLOWERS,
+                parent_comment=comment,
+            ),
+        )
+
+        serialized_comment = comment.serialize(user_3)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_html': comment.text,  # no mention
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'mentions': [],
+            'modification_date': comment.modification_date,
+            'reply_to': None,
+            'replies': [
+                visible_reply.serialize(user_3)
+                for visible_reply in visible_replies
+            ],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_returns_only_visible_replies_for_unauthenticated_user(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        user_2: User,
+        user_3: User,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+        follow_request_from_user_3_to_user_1: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        user_1.approves_follow_request_from(user_2)
+        user_1.approves_follow_request_from(user_3)
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        # replies
+        self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PRIVATE,
+            parent_comment=comment,
+        )
+        visible_reply = self.create_comment(
+            user_3,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        suspended_reply = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        suspended_reply.suspended_at = datetime.utcnow()
+
+        serialized_comment = comment.serialize(user_3)
+
+        assert serialized_comment == {
+            'id': comment.short_id,
+            'user': user_1.serialize(),
+            'workout_id': workout_cycling_user_1.short_id,
+            'text': comment.text,
+            'text_html': comment.text,  # no mention
+            'text_visibility': comment.text_visibility,
+            'created_at': comment.created_at,
+            'mentions': [],
+            'modification_date': comment.modification_date,
+            'reply_to': None,
+            'replies': [
+                visible_reply.serialize(user_3),
+                suspended_reply.serialize(user_3),
+            ],
+            'likes_count': 0,
+            'liked': False,
+        }
+
+    def test_it_returns_all_replies(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        visible_replies = []
+        for _ in range(7):
+            visible_replies.append(
+                self.create_comment(
+                    user_1,
+                    workout_cycling_user_1,
+                    text_visibility=VisibilityLevel.PUBLIC,
+                    parent_comment=comment,
+                ),
+            )
+
+        serialized_comment = comment.serialize(user_1)
+
+        assert serialized_comment['replies'] == [
+            visible_reply.serialize(user_1)
+            for visible_reply in visible_replies
+        ]
+
+
+class TestWorkoutCommentModelSerializeForRepliesForAdmin(CommentMixin):
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [VisibilityLevel.FOLLOWERS, VisibilityLevel.PRIVATE],
+    )
+    def test_it_raises_error_when_comments_are_not_visible(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+        input_visibility: VisibilityLevel,
+    ) -> None:
+        user_2.approves_follow_request_from(user_3)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=parent_comment,
+        )
+
+        with pytest.raises(CommentForbiddenException):
+            parent_comment.serialize(user_1_admin)
+
+    @pytest.mark.parametrize(
+        'input_visibility',
+        [VisibilityLevel.FOLLOWERS, VisibilityLevel.PRIVATE],
+    )
+    def test_it_serializes_comment_with_reply(
+        self,
+        app: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_3_to_user_2: FollowRequest,
+        input_visibility: VisibilityLevel,
+    ) -> None:
+        # for report only parent comment is returned
+        user_2.approves_follow_request_from(user_3)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=input_visibility,
+        )
+        self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=input_visibility,
+            parent_comment=parent_comment,
+        )
+
+        serialized_comment = parent_comment.serialize(
+            user_1_admin, for_report=True
+        )
+
+        assert serialized_comment == {
+            'id': parent_comment.short_id,
+            'user': user_2.serialize(),
+            'workout_id': workout_cycling_user_2.short_id,
+            'text': parent_comment.text,
+            'text_html': parent_comment.text,  # no mention
+            'text_visibility': parent_comment.text_visibility,
+            'created_at': parent_comment.created_at,
+            'mentions': [],
+            'suspended_at': parent_comment.suspended_at,
+            'modification_date': parent_comment.modification_date,
+            'reply_to': None,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
@@ -1025,6 +1554,8 @@ def test_it_serializes_comment(
             'created_at': comment.created_at,
             'mentions': [user_2.serialize()],
             'modification_date': comment.modification_date,
+            'reply_to': comment.reply_to,
+            'replies': [],
             'likes_count': 0,
             'liked': False,
         }
diff --git a/fittrackee/tests/users/test_users_export_data.py b/fittrackee/tests/users/test_users_export_data.py
index 026349ef1..e1fb8c635 100644
--- a/fittrackee/tests/users/test_users_export_data.py
+++ b/fittrackee/tests/users/test_users_export_data.py
@@ -226,6 +226,43 @@ def test_it_returns_user_comment(
                 'created_at': comment.created_at,
                 'id': comment.short_id,
                 'modification_date': comment.modification_date,
+                'reply_to': None,
+                'text': comment.text,
+                'text_visibility': comment.text_visibility.value,
+                'workout_id': workout_cycling_user_1.short_id,
+            },
+        ]
+
+    def test_it_returns_user_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=parent_comment,
+        )
+        exporter = UserDataExporter(user_1)
+
+        comments_data = exporter.get_user_comments_data()
+
+        assert comments_data == [
+            {
+                'created_at': comment.created_at,
+                'id': comment.short_id,
+                'modification_date': comment.modification_date,
+                'reply_to': parent_comment.short_id,
                 'text': comment.text,
                 'text_visibility': comment.text_visibility.value,
                 'workout_id': workout_cycling_user_1.short_id,
@@ -251,6 +288,7 @@ def test_it_returns_user_comment_without_workout(
                 'created_at': comment.created_at,
                 'id': comment.short_id,
                 'modification_date': comment.modification_date,
+                'reply_to': None,
                 'text': comment.text,
                 'text_visibility': comment.text_visibility.value,
                 'workout_id': None,
diff --git a/fittrackee/tests/users/test_users_notifications_api.py b/fittrackee/tests/users/test_users_notifications_api.py
index 3c0ccc94f..e86180f05 100644
--- a/fittrackee/tests/users/test_users_notifications_api.py
+++ b/fittrackee/tests/users/test_users_notifications_api.py
@@ -462,6 +462,49 @@ def test_it_does_not_return_comment_notification_from_blocked_user(
             "total": 0,
         }
 
+    def test_it_does_not_return_reply_notification_from_blocked_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        user_1.blocks_user(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route,
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data["status"] == "success"
+        assert data["notifications"] == []
+        assert data["pagination"] == {
+            "has_next": False,
+            "has_prev": False,
+            "page": 1,
+            "pages": 0,
+            "total": 0,
+        }
+
     def test_it_does_not_return_mention_notification_from_blocked_user(
         self,
         app: Flask,
@@ -629,6 +672,49 @@ def test_it_does_not_return_comment_notification_when_author_blocks_user(
             "total": 0,
         }
 
+    def test_it_does_not_return_reply_notification_when_author_blocks_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        user_2.blocks_user(user_1)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route,
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data["status"] == "success"
+        assert data["notifications"] == []
+        assert data["pagination"] == {
+            "has_next": False,
+            "has_prev": False,
+            "page": 1,
+            "pages": 0,
+            "total": 0,
+        }
+
     def test_it_does_not_return_mention_notification_when_author_blocks_user(
         self,
         app: Flask,
@@ -846,6 +932,50 @@ def test_it_does_not_return_comment_notification_from_suspended_user(
             "total": 0,
         }
 
+    def test_it_does_not_return_reply_notification_from_suspended_user(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+            parent_comment=comment,
+        )
+        user_2.suspended_at = datetime.utcnow()
+        db.session.commit()
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route,
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data["status"] == "success"
+        assert data["notifications"] == []
+        assert data["pagination"] == {
+            "has_next": False,
+            "has_prev": False,
+            "page": 1,
+            "pages": 0,
+            "total": 0,
+        }
+
     def test_it_does_not_return_mention_notification_from_suspended_user(
         self,
         app: Flask,
@@ -926,6 +1056,53 @@ def test_it_does_not_return_comment_notification_when_user_does_not_follow_autho
             "total": 0,
         }
 
+    def test_it_does_not_return_reply_notification_when_user_does_not_follow_author_anymore(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        # comment without mention
+        self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        user_1.unfollows(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route,
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data["status"] == "success"
+        assert data["notifications"] == []
+        assert data["pagination"] == {
+            "has_next": False,
+            "has_prev": False,
+            "page": 1,
+            "pages": 0,
+            "total": 0,
+        }
+
     def test_it_returns_report_notification(
         self,
         app: Flask,
@@ -1502,6 +1679,46 @@ def test_it_returns_unread_as_false_when_user_does_not_follow_comment_author_any
         assert data["status"] == "success"
         assert data["unread"] is False
 
+    def test_it_returns_unread_as_false_when_user_does_not_follow_reply_author_anymore(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_2: Workout,
+        follow_request_from_user_1_to_user_2: FollowRequest,
+    ) -> None:
+        user_2.approves_follow_request_from(user_1)
+        workout_cycling_user_2.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_3,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        # comment without mention
+        self.create_comment(
+            user_2,
+            workout_cycling_user_2,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+            parent_comment=comment,
+        )
+        user_1.unfollows(user_2)
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.get(
+            self.route,
+            content_type="application/json",
+            headers=dict(Authorization=f"Bearer {auth_token}"),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data["status"] == "success"
+        assert data["unread"] is False
+
     @pytest.mark.parametrize(
         'client_scope, can_access',
         {**OAUTH_SCOPES, 'notifications:read': True}.items(),
diff --git a/fittrackee/tests/users/test_users_notifications_model.py b/fittrackee/tests/users/test_users_notifications_model.py
index bb690ecd4..b649b362a 100644
--- a/fittrackee/tests/users/test_users_notifications_model.py
+++ b/fittrackee/tests/users/test_users_notifications_model.py
@@ -33,6 +33,7 @@ def create_mention(user: User, comment: Comment) -> Mention:
     def comment_workout(
         user: User,
         workout: Workout,
+        reply_to: Optional[int] = None,
         text: Optional[str] = None,
         text_visibility: Optional[VisibilityLevel] = None,
     ) -> Comment:
@@ -45,6 +46,7 @@ def comment_workout(
             ),
         )
         db.session.add(comment)
+        comment.reply_to = reply_to
         db.session.commit()
         return comment
 
@@ -571,6 +573,154 @@ def test_it_serializes_comment_action_notification(
         assert "report" not in serialized_notification
 
 
+class TestNotificationForCommentReply(NotificationTestCase):
+    def test_it_creates_notification_on_comment_reply(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.comment_workout(user_2, workout_cycling_user_1)
+        reply = self.comment_workout(
+            user_3, workout_cycling_user_1, comment.id
+        )
+
+        notification = Notification.query.filter_by(
+            from_user_id=reply.user_id,
+            to_user_id=comment.user_id,
+            event_object_id=reply.id,
+        ).first()
+        assert notification.created_at == reply.created_at
+        assert notification.marked_as_read is False
+        assert notification.event_type == 'comment_reply'
+
+    def test_it_deletes_notification_on_comment_reply_delete(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.comment_workout(user_2, workout_cycling_user_1)
+        reply = self.comment_workout(
+            user_3, workout_cycling_user_1, comment.id
+        )
+        reply_id = reply.id
+
+        db.session.delete(comment)
+
+        notification = Notification.query.filter_by(
+            from_user_id=user_3.id,
+            to_user_id=workout_cycling_user_1.user_id,
+            event_object_id=reply_id,
+            event_type='comment_reply',
+        ).first()
+        assert notification is None
+
+    def test_it_does_not_create_notification_when_user_replies_to_his_comment(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.comment_workout(user_1, workout_cycling_user_1)
+        reply = self.comment_workout(
+            user_1, workout_cycling_user_1, comment.id
+        )
+
+        notification = Notification.query.filter_by(
+            from_user_id=reply.user_id,
+            to_user_id=workout_cycling_user_1.user_id,
+            event_object_id=reply.id,
+        ).first()
+        assert notification is None
+
+    def test_it_does_not_create_notification_when_parent_comment_user_is_not_follower(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+        follow_request_from_user_2_to_user_1: FollowRequest,
+    ) -> None:
+        user_1.approves_follow_request_from(user_2)
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.FOLLOWERS
+        comment = self.comment_workout(
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        reply = self.comment_workout(
+            user_2,
+            workout_cycling_user_1,
+            comment.id,
+            text_visibility=VisibilityLevel.FOLLOWERS,
+        )
+        db.session.flush()
+
+        assert (
+            Notification.query.filter_by(
+                from_user_id=user_2.id,
+                to_user_id=user_1.id,
+                event_object_id=reply.id,
+            ).first()
+            is None
+        )
+
+    def test_it_does_not_raise_error_when_user_deletes_reply_on_his_own_comment(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.comment_workout(user_1, workout_cycling_user_1)
+        reply = self.comment_workout(
+            user_1, workout_cycling_user_1, comment.id
+        )
+
+        db.session.delete(reply)
+
+    def test_it_serializes_comment_reply_notification(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.comment_workout(user_1, workout_cycling_user_1)
+        reply = self.comment_workout(
+            user_2, workout_cycling_user_1, comment.id
+        )
+        notification = Notification.query.filter_by(
+            event_object_id=reply.id,
+            event_type='comment_reply',
+        ).first()
+
+        serialized_notification = notification.serialize()
+
+        assert serialized_notification["comment"] == reply.serialize(user_1)
+        assert serialized_notification["created_at"] == notification.created_at
+        assert serialized_notification["from"] == user_2.serialize(
+            current_user=user_1
+        )
+        assert serialized_notification["id"] == notification.id
+        assert serialized_notification["marked_as_read"] is False
+        assert serialized_notification["type"] == "comment_reply"
+        assert "report_action" not in serialized_notification
+        assert "report" not in serialized_notification
+        assert "workout" not in serialized_notification
+
+
 class TestNotificationForCommentLike(NotificationTestCase):
     def test_it_creates_notification_on_comment_like(
         self,
@@ -833,6 +983,39 @@ def test_it_creates_notification_when_mentioned_user_is_workout_owner(  # noqa
         assert notifications[0].marked_as_read is False
         assert notifications[0].event_type == 'mention'
 
+    def test_it_does_not_create_notification_when_mentioned_user_is_parent_comment_owner(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        parent_comment = self.comment_workout(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment = self.comment_workout(
+            user_3,
+            workout_cycling_user_1,
+            reply_to=parent_comment.id,
+            text=f"@{user_2.username}",
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        self.create_mention(user_2, comment)
+
+        notifications = Notification.query.filter_by(
+            from_user_id=user_3.id,
+            to_user_id=user_2.id,
+        ).all()
+        assert len(notifications) == 1
+        assert notifications[0].created_at == comment.created_at
+        assert notifications[0].marked_as_read is False
+        assert notifications[0].event_type == 'comment_reply'
+
     def test_it_deletes_notification_on_mention_delete(
         self,
         app: Flask,
@@ -964,6 +1147,68 @@ def test_it_deletes_all_notifications_on_comment_with_mention_and_like_delete(
             is None
         )
 
+    def test_it_deletes_all_notifications_on_reply_with_mention_and_like_delete(  # noqa
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        user_3: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        comment = self.comment_workout(
+            user_2, workout_cycling_user_1, text=f"@{user_3.username}"
+        )
+        comment_id = comment.id
+        self.create_mention(user_3, comment)
+        self.like_comment(user_3, comment)
+        reply = self.comment_workout(
+            user_1, workout_cycling_user_1, comment.id
+        )
+
+        db.session.delete(comment)
+
+        # workout_comment notification is deleted
+        assert (
+            Notification.query.filter_by(
+                from_user_id=user_2.id,
+                to_user_id=user_1.id,
+                event_object_id=comment_id,
+                event_type="workout_comment",
+            ).first()
+            is None
+        )
+        # mention notification is deleted
+        assert (
+            Notification.query.filter_by(
+                from_user_id=user_2.id,
+                to_user_id=user_3.id,
+                event_object_id=comment_id,
+                event_type="mention",
+            ).first()
+            is None
+        )
+        # like notification is deleted
+        assert (
+            Notification.query.filter_by(
+                from_user_id=user_2.id,
+                to_user_id=user_3.id,
+                event_object_id=comment_id,
+                event_type="comment_like",
+            ).first()
+            is None
+        )
+        # comment_reply notification is not deleted
+        assert (
+            Notification.query.filter_by(
+                from_user_id=user_1.id,
+                to_user_id=user_2.id,
+                event_object_id=reply.id,
+                event_type="comment_reply",
+            ).first()
+            is not None
+        )
+
 
 class TestNotificationForReport(NotificationTestCase):
     def test_it_does_not_create_notifications_when_no_admin(
diff --git a/fittrackee/users/export_data.py b/fittrackee/users/export_data.py
index d0391a000..69447e4b1 100644
--- a/fittrackee/users/export_data.py
+++ b/fittrackee/users/export_data.py
@@ -58,6 +58,11 @@ def get_user_comments_data(self) -> List[Dict]:
                     'created_at': comment.created_at,
                     'id': comment.short_id,
                     'modification_date': comment.modification_date,
+                    'reply_to': (
+                        comment.parent_comment.short_id
+                        if comment.reply_to
+                        else None
+                    ),
                     'text': comment.text,
                     'text_visibility': comment.text_visibility.value,
                     'workout_id': (
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 01a7f654a..1eccb33d2 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -53,6 +53,7 @@
 NOTIFICATION_TYPES = [
     'account_creation',
     'comment_like',
+    'comment_reply',
     'comment_suspension',
     'comment_unsuspension',
     'follow',
@@ -1194,6 +1195,7 @@ def serialize(self) -> Dict:
 
         if self.event_type in [
             "comment_like",
+            "comment_reply",
             "mention",
             "workout_comment",
         ]:
diff --git a/fittrackee/users/notifications.py b/fittrackee/users/notifications.py
index c2f88d3d3..5267e34e1 100644
--- a/fittrackee/users/notifications.py
+++ b/fittrackee/users/notifications.py
@@ -154,11 +154,16 @@ def get_auth_user_notifications(auth_user: User) -> Dict:
                         and_(
                             (
                                 or_(
-                                    Notification.event_type
-                                    != "workout_comment",
+                                    Notification.event_type.not_in(
+                                        ['workout_comment', 'comment_reply']
+                                    ),
                                     and_(
-                                        Notification.event_type
-                                        == "workout_comment",
+                                        Notification.event_type.in_(
+                                            [
+                                                'workout_comment',
+                                                'comment_reply',
+                                            ]
+                                        ),
                                         Notification.from_user_id.not_in(
                                             blocked_by_users
                                         ),
@@ -366,11 +371,16 @@ def get_status(auth_user: User) -> Dict:
                         and_(
                             (
                                 or_(
-                                    Notification.event_type
-                                    != "workout_comment",
+                                    Notification.event_type.not_in(
+                                        ['workout_comment', 'comment_reply']
+                                    ),
                                     and_(
-                                        Notification.event_type
-                                        == "workout_comment",
+                                        Notification.event_type.in_(
+                                            [
+                                                'workout_comment',
+                                                'comment_reply',
+                                            ]
+                                        ),
                                         Notification.from_user_id.not_in(
                                             auth_user.get_blocked_by_user_ids()
                                         ),
diff --git a/fittrackee_client/src/components/Comment/Comment.vue b/fittrackee_client/src/components/Comment/Comment.vue
index 8080f75e6..427ebcd7e 100644
--- a/fittrackee_client/src/components/Comment/Comment.vue
+++ b/fittrackee_client/src/components/Comment/Comment.vue
@@ -103,6 +103,14 @@
             {{ comment.likes_count }}
           </span>
         </button>
+        <button
+          v-if="displayCommentIcon()"
+          class="transparent icon-button"
+          @click="() => displayCommentEdition('add')"
+          :title="$t('workouts.COMMENTS.ADD')"
+        >
+          <i class="fa fa-comment-o" aria-hidden="true" />
+        </button>
         <button
           v-if="displayReportButton"
           class="transparent icon-button"
@@ -179,6 +187,17 @@
           :authUser="authUser"
           :mentions="comment.mentions"
         />
+        <Comment
+          v-for="reply in comment.replies"
+          :key="reply.id"
+          :comment="reply"
+          :workout="workout"
+          :authUser="authUser"
+          :comments-loading="commentsLoading"
+          :current-comment-edition="currentCommentEdition"
+          :action="reply.suspension"
+          @deleteComment="deleteComment(reply)"
+        />
       </template>
     </div>
   </div>
@@ -309,6 +328,14 @@
       currentCommentEdition.value?.comment?.id === comment.value.id
     )
   }
+  function displayCommentIcon() {
+    return (
+      authUser.value.username &&
+      !comment.value.suspended &&
+      comment.value.workout_id &&
+      !forNotification.value
+    )
+  }
   function deleteComment(commentToDelete: IComment) {
     store.commit(WORKOUTS_STORE.MUTATIONS.SET_CURRENT_COMMENT_EDITION, {
       type: 'delete',
diff --git a/fittrackee_client/src/components/Comment/CommentEdition.vue b/fittrackee_client/src/components/Comment/CommentEdition.vue
index 1a30e5c12..37df868ea 100644
--- a/fittrackee_client/src/components/Comment/CommentEdition.vue
+++ b/fittrackee_client/src/components/Comment/CommentEdition.vue
@@ -16,8 +16,8 @@
               v-for="user in matchingUsers"
               :key="user.username"
               tabindex="0"
-              @click="(e) => selectUser(e, user, comment)"
-              @keydown.enter="(e) => selectUser(e, user, comment)"
+              @click="(e) => selectUser(e, user, comment, replyTo)"
+              @keydown.enter="(e) => selectUser(e, user, comment, replyTo)"
             >
               <UserPicture :user="user" />
               <span>{{ user.username }}</span>
@@ -101,16 +101,25 @@
     commentsLoading: string | null
     authUser: IAuthUserProfile
     comment?: IComment | null
+    replyTo?: IComment | null
     name?: string | null
     mentions?: IUserLightProfile[]
   }
   const props = withDefaults(defineProps<Props>(), {
     comment: null,
+    replyTo: null,
     name: 'text',
     mentions: () => [],
   })
-  const { authUser, comment, commentsLoading, mentions, name, workout } =
-    toRefs(props)
+  const {
+    authUser,
+    comment,
+    commentsLoading,
+    mentions,
+    name,
+    replyTo,
+    workout,
+  } = toRefs(props)
 
   const store = useStore()
 
@@ -122,13 +131,16 @@
   const commentTextVisibility: Ref<TVisibilityLevels | undefined> = ref(
     comment?.value
       ? comment.value.text_visibility
-      : workout.value?.workout_visibility
+      : replyTo.value
+        ? replyTo.value.text_visibility
+        : workout.value?.workout_visibility
   )
 
   const isLoading: ComputedRef<boolean> = computed(() =>
     comment.value
       ? comment.value.id === commentsLoading.value
-      : commentsLoading.value === 'new'
+      : commentsLoading.value ===
+        `new${replyTo.value ? `_${replyTo.value}` : ''}`
   )
   const matchingUsers: ComputedRef<IUserProfile[]> = computed(
     () => store.getters[USERS_STORE.GETTERS.USERS]
@@ -144,12 +156,25 @@
       const filteredMentions = mentions.value.filter(
         (m) => m.username !== authUser.value.username
       )
+      if (
+        replyTo.value &&
+        replyTo.value.user.username !== authUser.value.username
+      ) {
+        filteredMentions.push(replyTo.value.user)
+      }
       if (filteredMentions.length > 0) {
         return filteredMentions.map((m) => `@${m.username}`).join(' ') + ' '
       }
     }
+    if (
+      replyTo.value &&
+      replyTo.value.user.username !== authUser.value.username
+    ) {
+      return `@${replyTo.value.user.username} `
+    }
     // add workout owner as mention
     if (
+      !replyTo.value &&
       workout.value?.user &&
       workout.value?.user.username !== authUser.value.username
     ) {
@@ -176,11 +201,14 @@
   function selectUser(
     event: Event,
     user: IUserProfile,
-    comment: IComment | null
+    comment: IComment | null,
+    replyTo: IComment | null
   ) {
     event.preventDefault()
     event.stopPropagation()
-    const textAreaId = `text${comment ? `-${comment.id}` : ''}`
+    const textAreaId = `text${
+      comment ? `-${comment.id}` : replyTo ? `-${replyTo.id}` : ''
+    }`
     if (suggestion.position !== null && suggestion.usernameQuery) {
       const updatedText = replaceUsername(
         commentText.value,
@@ -217,6 +245,9 @@
           text_visibility: commentTextVisibility.value,
           workout_id: workout.value.id,
         }
+        if (replyTo?.value) {
+          payload.reply_to = replyTo.value.id
+        }
         store.dispatch(WORKOUTS_STORE.ACTIONS.ADD_COMMENT, payload)
         updateText({ value: '', selectionStart: 0 })
       }
diff --git a/fittrackee_client/src/components/Comment/Comments.vue b/fittrackee_client/src/components/Comment/Comments.vue
index 183d2ac7c..e18809564 100644
--- a/fittrackee_client/src/components/Comment/Comments.vue
+++ b/fittrackee_client/src/components/Comment/Comments.vue
@@ -73,18 +73,19 @@
   interface Props {
     workoutData: IWorkoutData
     authUser: IAuthUserProfile
+    withParent?: boolean
   }
-  const props = defineProps<Props>()
-  const { workoutData } = toRefs(props)
+  const props = withDefaults(defineProps<Props>(), {
+    withParent: false,
+  })
+  const { workoutData, withParent } = toRefs(props)
 
   const route = useRoute()
   const store = useStore()
 
   const timer: Ref<number | undefined> = ref()
 
-  const comments: ComputedRef<IComment[]> = computed(
-    () => workoutData.value.comments
-  )
+  const comments: ComputedRef<IComment[]> = computed(() => getComments())
   const commentToDelete: ComputedRef<boolean> = computed(
     () => workoutData.value.currentCommentEdition.type === 'delete'
   )
@@ -101,6 +102,25 @@
     () => route.params.commentId as string
   )
 
+  function getComments(): IComment[] {
+    store.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, 'all')
+    let allComments: IComment[] = []
+    if (!withParent.value || !workoutData.value.comments[0].reply_to) {
+      allComments = workoutData.value.comments
+    } else {
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      const replyToComment: IComment = Object.assign(
+        {},
+        workoutData.value.comments[0].reply_to
+      )
+      replyToComment.replies = workoutData.value.comments
+      allComments = [replyToComment]
+    }
+    store.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, null)
+    return allComments
+  }
+
   function deleteComment() {
     const commentToDelete: IComment | undefined =
       workoutData.value.currentCommentEdition.comment
diff --git a/fittrackee_client/src/components/Notifications/NotificationDetail.vue b/fittrackee_client/src/components/Notifications/NotificationDetail.vue
index 6d78558d3..7165462c9 100644
--- a/fittrackee_client/src/components/Notifications/NotificationDetail.vue
+++ b/fittrackee_client/src/components/Notifications/NotificationDetail.vue
@@ -172,6 +172,7 @@
     return (
       [
         'comment_like',
+        'comment_reply',
         'comment_suspension',
         'comment_unsuspension',
         'mention',
@@ -192,6 +193,8 @@
         return 'notifications.SIGN_UP'
       case 'comment_like':
         return 'notifications.LIKED_YOUR_COMMENT'
+      case 'comment_reply':
+        return 'notifications.REPLIED_YOUR_COMMENT'
       case 'comment_suspension':
         return 'notifications.YOUR_COMMENT_HAS_BEEN_SUSPENDED'
       case 'comment_unsuspension':
diff --git a/fittrackee_client/src/components/Notifications/NotificationsFilters.vue b/fittrackee_client/src/components/Notifications/NotificationsFilters.vue
index c1c9bdcad..d4938f465 100644
--- a/fittrackee_client/src/components/Notifications/NotificationsFilters.vue
+++ b/fittrackee_client/src/components/Notifications/NotificationsFilters.vue
@@ -72,6 +72,7 @@
 
   const notificationTypes: TNotificationType[] = [
     'comment_like',
+    'comment_reply',
     'comment_suspension',
     'comment_unsuspension',
     'follow',
diff --git a/fittrackee_client/src/locales/en/notifications.json b/fittrackee_client/src/locales/en/notifications.json
index df0737f95..0def648e2 100644
--- a/fittrackee_client/src/locales/en/notifications.json
+++ b/fittrackee_client/src/locales/en/notifications.json
@@ -22,6 +22,7 @@
     "LABEL": "Type",
     "ALL": "all",
     "comment_like": "likes on comments",
+    "comment_reply": "comments replies",
     "comment_suspension": "comment suspensions",
     "comment_unsuspension": "comment re-activations",
     "follow": "follow",
diff --git a/fittrackee_client/src/locales/fr/notifications.json b/fittrackee_client/src/locales/fr/notifications.json
index f4b021a51..63858a5a7 100644
--- a/fittrackee_client/src/locales/fr/notifications.json
+++ b/fittrackee_client/src/locales/fr/notifications.json
@@ -22,6 +22,7 @@
     "LABEL": "Type",
     "ALL": "toutes",
     "comment_like": "likes sur un commentaire",
+    "comment_reply": "réponses à un commentaire",
     "comment_suspension": "commentaires suspendus",
     "comment_unsuspension": "commentaires ré-activés",
     "follow": "abonnements",
diff --git a/fittrackee_client/src/store/modules/workouts/actions.ts b/fittrackee_client/src/store/modules/workouts/actions.ts
index 83faaf379..68d008abf 100644
--- a/fittrackee_client/src/store/modules/workouts/actions.ts
+++ b/fittrackee_client/src/store/modules/workouts/actions.ts
@@ -336,10 +336,14 @@ export const actions: ActionTree<IWorkoutsState, IRootState> &
     context: ActionContext<IWorkoutsState, IRootState>,
     payload: ICommentForm
   ): void {
-    context.commit(WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING, 'new')
+    context.commit(
+      WORKOUTS_STORE.MUTATIONS.SET_COMMENT_LOADING,
+      `new${payload.reply_to ? `_${payload.reply_to}` : ''}`
+    )
     const data = {
       text: payload.text,
       text_visibility: payload.text_visibility,
+      reply_to: payload.reply_to,
     }
     context.commit(ROOT_STORE.MUTATIONS.EMPTY_ERROR_MESSAGES)
     authApi
diff --git a/fittrackee_client/src/types/notifications.ts b/fittrackee_client/src/types/notifications.ts
index 85b861515..128ac1150 100644
--- a/fittrackee_client/src/types/notifications.ts
+++ b/fittrackee_client/src/types/notifications.ts
@@ -5,6 +5,7 @@ import type { IComment, IWorkout } from '@/types/workouts'
 export type TNotificationType =
   | 'account_creation'
   | 'comment_like'
+  | 'comment_reply'
   | 'comment_suspension'
   | 'comment_unsuspension'
   | 'follow'
diff --git a/fittrackee_client/src/types/workouts.ts b/fittrackee_client/src/types/workouts.ts
index 6e6e58b54..69df8df25 100644
--- a/fittrackee_client/src/types/workouts.ts
+++ b/fittrackee_client/src/types/workouts.ts
@@ -234,6 +234,8 @@ export interface IComment {
   likes_count: number
   mentions: IUserProfile[]
   modification_date: string | null
+  replies: IComment[]
+  reply_to: string | null
   suspended?: boolean
   suspended_at?: string | null
   suspension?: IUserReportAction
@@ -246,6 +248,7 @@ export interface IComment {
 
 export interface ICommentForm {
   id?: string
+  reply_to?: string
   text: string
   text_visibility?: TVisibilityLevels
   workout_id: string

From 8f8d372819bffb3675fd9eb482fb79253f49b292 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 8 Dec 2024 20:07:05 +0100
Subject: [PATCH 235/238] Client - revert "remove code about reply"

---
 .../src/components/Comment/Comment.vue        | 21 +++++++++++++++++++
 .../src/components/Comment/CommentEdition.vue |  4 ++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/fittrackee_client/src/components/Comment/Comment.vue b/fittrackee_client/src/components/Comment/Comment.vue
index 6985045c8..c855867ba 100644
--- a/fittrackee_client/src/components/Comment/Comment.vue
+++ b/fittrackee_client/src/components/Comment/Comment.vue
@@ -176,6 +176,18 @@
           </span>
         </div>
       </div>
+      <template v-if="!forNotification">
+        <CommentEdition
+          v-if="isNewReply()"
+          class="add-comment-reply"
+          :workout="workout"
+          :reply-to="comment"
+          :comments-loading="commentsLoading"
+          :name="`text-${comment.id}`"
+          :authUser="authUser"
+          :mentions="comment.mentions"
+        />
+      </template>
     </div>
   </div>
 </template>
@@ -299,6 +311,12 @@
       currentCommentEdition.value?.comment?.id === comment.value.id
     )
   }
+  function isNewReply() {
+    return (
+      currentCommentEdition.value?.type === 'add' &&
+      currentCommentEdition.value?.comment?.id === comment.value.id
+    )
+  }
   function displayCommentIcon() {
     return (
       authUser.value.username &&
@@ -454,6 +472,9 @@
         margin-top: $default-padding;
       }
 
+      .add-comment-reply {
+        margin: 0 0 40px;
+      }
       .likes {
         .likes-count {
           padding-left: $default-padding * 0.3;
diff --git a/fittrackee_client/src/components/Comment/CommentEdition.vue b/fittrackee_client/src/components/Comment/CommentEdition.vue
index fb6891ce1..322fd4a72 100644
--- a/fittrackee_client/src/components/Comment/CommentEdition.vue
+++ b/fittrackee_client/src/components/Comment/CommentEdition.vue
@@ -155,7 +155,7 @@
     if (comment?.value) {
       return comment.value.text || ''
     }
-    // comment w/ mention
+    // reply w/ mention
     if (mentions.value.length > 0) {
       const filteredMentions = mentions.value.filter(
         (m) => m.username !== authUser.value.username
@@ -184,7 +184,7 @@
     ) {
       return `@${workout.value?.user.username} `
     }
-    // no mentions in comment
+    // no mentions in reply
     return ''
   }
   function searchUsers(usernameQuery: string) {

From c6cecc24314011b89f7497cbde2ce65b99760a42 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 26 Jan 2025 17:15:30 +0100
Subject: [PATCH 236/238] API - fix missing db.DateTime

---
 fittrackee/federation/models.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index e2c49fab9..140f97897 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -9,6 +9,7 @@
 from sqlalchemy.types import Enum
 
 from fittrackee import VERSION, BaseModel, db
+from fittrackee.database import TZDateTime
 
 from .constants import AP_CTX
 from .enums import ActorType
@@ -27,7 +28,7 @@ class Domain(BaseModel):
     __tablename__ = 'domains'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
     name = db.Column(db.String(1000), unique=True, nullable=False)
-    created_at = db.Column(db.DateTime, nullable=False)
+    created_at = db.Column(TZDateTime, nullable=False)
     is_allowed = db.Column(db.Boolean, default=True, nullable=False)
     software_name = db.Column(db.String(255), nullable=True)
     software_version = db.Column(db.String(255), nullable=True)
@@ -97,8 +98,8 @@ class Actor(BaseModel):
     followers_url = db.Column(db.String(255), nullable=False)
     following_url = db.Column(db.String(255), nullable=False)
     shared_inbox_url = db.Column(db.String(255), nullable=False)
-    created_at = db.Column(db.DateTime, nullable=False)
-    last_fetch_date = db.Column(db.DateTime, nullable=True)
+    created_at = db.Column(TZDateTime, nullable=False)
+    last_fetch_date = db.Column(TZDateTime, nullable=True)
 
     domain = db.relationship('Domain', back_populates='actors')
     user = db.relationship('User', uselist=False, back_populates='actor')

From 6caa15c9aad0daf0f1057fc8d911b8ecdfd887d1 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sat, 1 Feb 2025 13:00:06 +0100
Subject: [PATCH 237/238] API - fix after SQLAlchemy update

---
 fittrackee/comments/models.py                 |  20 ++-
 .../federation/activities/activities.py       |   4 +-
 fittrackee/federation/models.py               |  14 +-
 fittrackee/federation/objects/base_object.py  |  12 +-
 fittrackee/federation/objects/comment.py      |   6 +
 fittrackee/federation/objects/exceptions.py   |   2 +
 fittrackee/federation/objects/like.py         |   7 +-
 fittrackee/federation/objects/tombstone.py    |  25 ++--
 fittrackee/federation/objects/workout.py      |  11 +-
 fittrackee/federation/signature.py            |   2 +
 fittrackee/federation/tasks/remote_server.py  |   2 +-
 fittrackee/federation/utils/user.py           |   4 +-
 fittrackee/tests/comments/mixins.py           |  13 +-
 .../tests/comments/test_comments_models.py    |  38 ++++++
 .../tests/equipments/test_equipments_api.py   |   4 +-
 .../application/test_app_config_model.py      |  12 +-
 .../federation/comments/test_comments_api.py  |  53 +++++++-
 .../comments/test_comments_likes_api_post.py  |  10 +-
 .../comments/test_comments_models.py          |  20 ++-
 .../comments/test_mentions_models.py          |   7 +
 .../tests/federation/comments/test_utils.py   |   2 +-
 .../test_federation_activities_activities.py  | 126 +++++++++---------
 .../federation/test_federation_models.py      |  26 ++--
 .../test_federation_objects_comment.py        |  67 +++++++++-
 .../test_federation_objects_like.py           |  20 +++
 .../test_federation_objects_tombstone.py      |  23 ++--
 .../test_federation_objects_workout.py        |  85 ++++++++++--
 .../federation/test_federation_signature.py   |  21 ++-
 .../tests/federation/users/test_auth_api.py   |   4 +-
 .../users/test_users_follow_request_api.py    |   4 +-
 .../workouts/test_workouts_api_patch.py       |   4 +
 .../workouts/test_workouts_api_post.py        |   4 +-
 .../workouts/test_workouts_likes_api_post.py  |   4 +-
 .../workouts/test_workouts_models.py          |  17 ++-
 .../tests/fixtures/fixtures_federation.py     |   2 +-
 fittrackee/tests/mixins.py                    |   4 +-
 fittrackee/tests/users/test_auth_api.py       |   8 +-
 fittrackee/tests/users/test_users_api.py      |   8 +-
 fittrackee/tests/users/test_users_commands.py |   4 +-
 .../users/test_users_notifications_model.py   |   4 +-
 fittrackee/tests/users/test_users_service.py  |   2 +-
 .../tests/workouts/test_workouts_model.py     |  24 ++++
 fittrackee/users/models.py                    |  10 +-
 fittrackee/users/users.py                     |   4 +-
 fittrackee/workouts/models.py                 |   8 ++
 fittrackee/workouts/workouts.py               |   6 +-
 46 files changed, 550 insertions(+), 207 deletions(-)
 create mode 100644 fittrackee/federation/objects/exceptions.py

diff --git a/fittrackee/comments/models.py b/fittrackee/comments/models.py
index b64e59592..d41c8b1c4 100644
--- a/fittrackee/comments/models.py
+++ b/fittrackee/comments/models.py
@@ -219,6 +219,20 @@ def __init__(
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
 
+    def get_ap_id(self) -> str:
+        return (
+            f'{self.user.actor.activitypub_id}/'
+            f'workouts/{self.workout.short_id}/'
+            f'comments/{self.short_id}'
+        )
+
+    def get_remote_url(self) -> str:
+        return (
+            f'https://{self.user.actor.domain.name}/'
+            f'workouts/{self.workout.short_id}/'
+            f'comments/{self.short_id}'
+        )
+
     @property
     def suspension_action(self) -> Optional['ReportAction']:
         if self.suspended_at is None:
@@ -399,7 +413,7 @@ def serialize(
                         reply_to=self.id,
                     )
                 ]
-                if with_replies and not for_report
+                if with_replies and self.workout_id and not for_report
                 else []
             ),
             'likes_count': self.likes.count() if display_content else 0,
@@ -475,12 +489,10 @@ def receive_after_flush(session: Session, context: Connection) -> None:
         if not workout:
             return
 
-        to_user_id = workout.user_id
-
         if new_comment.reply_to is None:
             to_user_id = workout.user_id
         else:
-            comment = Comment.query.filter_by(id=new_comment.reply_to).first()
+            comment = Comment.query.filter_by(id=new_comment.reply_to).one()
             to_user_id = comment.user_id
 
         if new_comment.user_id == to_user_id:
diff --git a/fittrackee/federation/activities/activities.py b/fittrackee/federation/activities/activities.py
index 9ee74341d..60ebc5a28 100644
--- a/fittrackee/federation/activities/activities.py
+++ b/fittrackee/federation/activities/activities.py
@@ -1,6 +1,6 @@
 from abc import ABC, abstractmethod
 from datetime import datetime, timedelta, timezone
-from typing import Dict, Tuple
+from typing import Dict, Tuple, Union
 
 from fittrackee import appLog, db
 from fittrackee.comments.models import Comment, CommentLike
@@ -396,7 +396,7 @@ def process_activity(self) -> None:
 
 class LikeActivity(AbstractActivity):
     def process_activity(self) -> None:
-        like = None
+        like: Union[None, WorkoutLike, CommentLike] = None
         actor = self.get_actor(create_remote_actor=True)
         object_ap_id = self.activity["object"]
 
diff --git a/fittrackee/federation/models.py b/fittrackee/federation/models.py
index 4d21a8cb2..ec95c9bfd 100644
--- a/fittrackee/federation/models.py
+++ b/fittrackee/federation/models.py
@@ -36,10 +36,10 @@ class Domain(BaseModel):
     )
     created_at: Mapped[datetime] = mapped_column(TZDateTime, nullable=False)
     is_allowed: Mapped[bool] = mapped_column(default=True, nullable=False)
-    software_name: Mapped[datetime] = mapped_column(
+    software_name: Mapped[Optional[str]] = mapped_column(
         db.String(255), nullable=True
     )
-    software_version: Mapped[datetime] = mapped_column(
+    software_version: Mapped[Optional[str]] = mapped_column(
         db.String(255), nullable=True
     )
 
@@ -104,8 +104,12 @@ class Actor(BaseModel):
     preferred_username: Mapped[str] = mapped_column(
         db.String(255), nullable=False
     )
-    public_key: Mapped[str] = mapped_column(db.String(5000), nullable=True)
-    private_key: Mapped[str] = mapped_column(db.String(5000), nullable=True)
+    public_key: Mapped[Optional[str]] = mapped_column(
+        db.String(5000), nullable=True
+    )
+    private_key: Mapped[Optional[str]] = mapped_column(
+        db.String(5000), nullable=True
+    )
     profile_url: Mapped[str] = mapped_column(db.String(255), nullable=False)
     inbox_url: Mapped[str] = mapped_column(db.String(255), nullable=False)
     outbox_url: Mapped[str] = mapped_column(db.String(255), nullable=False)
@@ -160,7 +164,7 @@ def __init__(
     def generate_stats_if_remote(
         cls, actor_id: int, domain_id: int, session: Session
     ) -> None:
-        domain = Domain.query.filter_by(id=domain_id).first()
+        domain = Domain.query.filter_by(id=domain_id).one()
         if domain.name != current_app.config['AP_DOMAIN']:
             stats = RemoteActorStats(actor_id=actor_id)
             session.add(stats)
diff --git a/fittrackee/federation/objects/base_object.py b/fittrackee/federation/objects/base_object.py
index a86829f63..ff7058d40 100644
--- a/fittrackee/federation/objects/base_object.py
+++ b/fittrackee/federation/objects/base_object.py
@@ -1,6 +1,6 @@
 from abc import ABC, abstractmethod
 from datetime import datetime
-from typing import TYPE_CHECKING, Dict, Union
+from typing import TYPE_CHECKING, Dict, Optional, Union
 
 from fittrackee.visibility_levels import VisibilityLevel
 
@@ -24,7 +24,7 @@ class BaseObject(ABC):
     published: str
 
     def _init_activity_dict(self) -> Dict:
-        activity = {
+        activity: Dict = {
             '@context': AP_CTX,
             'type': self.type.value,
             'id': f"{self.activity_id}/{self.type.value.lower()}",
@@ -56,8 +56,12 @@ def _get_published_date(object_date: datetime) -> str:
     @staticmethod
     def _get_modification_date(
         activity_object: Union['Workout', 'Comment'],
-    ) -> str:
-        return activity_object.modification_date.strftime(DATE_FORMAT)
+    ) -> Optional[str]:
+        return (
+            activity_object.modification_date.strftime(DATE_FORMAT)
+            if activity_object.modification_date
+            else None
+        )
 
     @abstractmethod
     def get_activity(self) -> Dict:
diff --git a/fittrackee/federation/objects/comment.py b/fittrackee/federation/objects/comment.py
index e806408f2..c77299842 100644
--- a/fittrackee/federation/objects/comment.py
+++ b/fittrackee/federation/objects/comment.py
@@ -5,6 +5,7 @@
 
 from ..enums import ActivityType
 from .base_object import BaseObject
+from .exceptions import InvalidObjectException
 
 if TYPE_CHECKING:
     from fittrackee.comments.models import Comment
@@ -24,6 +25,11 @@ def __init__(self, comment: 'Comment', activity_type: str) -> None:
         """
         self._check_visibility(comment, activity_type)
         self.comment = comment
+        if not self.comment.ap_id or not self.comment.remote_url:
+            raise InvalidObjectException(
+                "Invalid comment, missing 'ap_id' or 'remote_url'"
+            )
+
         self.visibility = comment.text_visibility
         self.workout = comment.workout
         self.type = ActivityType(activity_type)
diff --git a/fittrackee/federation/objects/exceptions.py b/fittrackee/federation/objects/exceptions.py
new file mode 100644
index 000000000..b0c63bf9e
--- /dev/null
+++ b/fittrackee/federation/objects/exceptions.py
@@ -0,0 +1,2 @@
+class InvalidObjectException(Exception):
+    pass
diff --git a/fittrackee/federation/objects/like.py b/fittrackee/federation/objects/like.py
index d2084d1cc..c31491bf2 100644
--- a/fittrackee/federation/objects/like.py
+++ b/fittrackee/federation/objects/like.py
@@ -1,18 +1,21 @@
-from typing import Dict, List, Union
+from typing import Dict, List, Optional, Union
 
 from ..constants import AP_CTX
 from ..enums import ActivityType
 from .base_object import BaseObject
+from .exceptions import InvalidObjectException
 
 
 class LikeObject(BaseObject):
     def __init__(
         self,
-        target_object_ap_id: str,
+        target_object_ap_id: Optional[str],
         like_id: int,
         actor_ap_id: str,
         is_undo: bool = False,
     ) -> None:
+        if not target_object_ap_id:
+            raise InvalidObjectException("Invalid object, missing 'ap_id'")
         self.is_undo = is_undo
         self.target_object_ap_id = target_object_ap_id
         self.like_id = like_id
diff --git a/fittrackee/federation/objects/tombstone.py b/fittrackee/federation/objects/tombstone.py
index 60606ee7a..08ed24812 100644
--- a/fittrackee/federation/objects/tombstone.py
+++ b/fittrackee/federation/objects/tombstone.py
@@ -29,7 +29,7 @@ def __init__(self, object_to_delete: Union['Workout', 'Comment']) -> None:
             self.object_to_delete_type != 'Comment'
             or (
                 self.object_to_delete_type == 'Comment'
-                and not self.object_to_delete.has_remote_mentions
+                and not self.object_to_delete.has_remote_mentions  # type: ignore
             )
         ):
             raise InvalidVisibilityException(
@@ -38,8 +38,8 @@ def __init__(self, object_to_delete: Union['Workout', 'Comment']) -> None:
 
     def _get_object_visibility(self) -> VisibilityLevel:
         if self.object_to_delete_type == 'Comment':
-            return self.object_to_delete.text_visibility
-        return self.object_to_delete.workout_visibility
+            return self.object_to_delete.text_visibility  # type: ignore
+        return self.object_to_delete.workout_visibility  # type: ignore
 
     def get_activity(self) -> Dict:
         delete_activity = {
@@ -61,14 +61,17 @@ def get_activity(self) -> Dict:
             VisibilityLevel.FOLLOWERS,
         ]:
             # for comments w/ mentions
-            _, mentioned_users = self.object_to_delete.handle_mentions()
-            mentions = [
-                user.actor.activitypub_id
-                for user in mentioned_users["local"].union(
-                    mentioned_users["remote"]
-                )
-            ]
-            delete_activity['to'] = mentions
+            if hasattr(self.object_to_delete, "handle_mentions"):
+                _, mentioned_users = self.object_to_delete.handle_mentions()
+                mentions = [
+                    user.actor.activitypub_id
+                    for user in mentioned_users["local"].union(
+                        mentioned_users["remote"]
+                    )
+                ]
+                delete_activity['to'] = mentions
+            else:
+                delete_activity['to'] = []
             delete_activity['cc'] = []
         else:
             delete_activity['to'] = [self.actor.followers_url]
diff --git a/fittrackee/federation/objects/workout.py b/fittrackee/federation/objects/workout.py
index 854b2e896..c716df9b4 100644
--- a/fittrackee/federation/objects/workout.py
+++ b/fittrackee/federation/objects/workout.py
@@ -7,6 +7,7 @@
 from ..enums import ActivityType
 from ..exceptions import InvalidWorkoutException
 from .base_object import BaseObject
+from .exceptions import InvalidObjectException
 from .templates.workout_note import WORKOUT_NOTE
 
 if TYPE_CHECKING:
@@ -19,6 +20,10 @@ class WorkoutObject(BaseObject):
     def __init__(self, workout: 'Workout', activity_type: str) -> None:
         self._check_visibility(workout.workout_visibility)
         self.workout = workout
+        if not self.workout.ap_id or not self.workout.remote_url:
+            raise InvalidObjectException(
+                "Invalid workout, missing 'ap_id' or 'remote_url'"
+            )
         self.visibility = workout.workout_visibility
         self.type = ActivityType(activity_type)
         self.actor = self.workout.user.actor
@@ -63,10 +68,10 @@ def get_activity(self, is_note: bool = False) -> Dict:
                 **activity['object'],
                 **{
                     'type': 'Workout',
-                    'ave_speed': float(self.workout.ave_speed),
-                    'distance': float(self.workout.distance),
+                    'ave_speed': self.workout.ave_speed,
+                    'distance': self.workout.distance,
                     'duration': str(self.workout.duration),
-                    'max_speed': float(self.workout.max_speed),
+                    'max_speed': self.workout.max_speed,
                     'moving': str(self.workout.moving),
                     'sport_id': self.workout.sport_id,
                     'title': self.workout.title,
diff --git a/fittrackee/federation/signature.py b/fittrackee/federation/signature.py
index 8cd432c9d..c1e3f4cb3 100644
--- a/fittrackee/federation/signature.py
+++ b/fittrackee/federation/signature.py
@@ -53,6 +53,8 @@ def generate_signature(private_key: str, signed_string: str) -> bytes:
 def generate_signature_header(
     host: str, path: str, date_str: str, actor: Actor, digest: str
 ) -> str:
+    if actor.private_key is None:
+        raise InvalidSignatureException('Invalid private key for actor')
     signed_string = (
         f'(request-target): post {path}\nhost: {host}\ndate: {date_str}\n'
         f'digest: {digest}'
diff --git a/fittrackee/federation/tasks/remote_server.py b/fittrackee/federation/tasks/remote_server.py
index bde58e2c9..eeedad48c 100644
--- a/fittrackee/federation/tasks/remote_server.py
+++ b/fittrackee/federation/tasks/remote_server.py
@@ -12,7 +12,7 @@ def update_remote_server(domain_name: str) -> None:
         node_info_url = get_remote_server_node_info_url(domain_name)
         node_info_data = get_remote_server_node_info_data(node_info_url)
 
-        domain = Domain.query.filter_by(name=domain_name).first()
+        domain = Domain.query.filter_by(name=domain_name).one()
         domain.software_name = node_info_data.get('software', {}).get('name')
         domain.software_version = node_info_data.get('software', {}).get(
             'version'
diff --git a/fittrackee/federation/utils/user.py b/fittrackee/federation/utils/user.py
index 9b5b6546b..a75b29447 100644
--- a/fittrackee/federation/utils/user.py
+++ b/fittrackee/federation/utils/user.py
@@ -193,9 +193,11 @@ def update_remote_user(actor: Actor) -> None:
 
 
 def get_user_from_username(
-    user_name: str,
+    user_name: Optional[str],
     with_action: Optional[str] = None,  # create or refresh remote actor
 ) -> User:
+    if not user_name:
+        raise Exception("Invalid user name")
     name, domain_name = get_username_and_domain(user_name)
     if domain_name is None:  # local actor
         user = User.query.filter(
diff --git a/fittrackee/tests/comments/mixins.py b/fittrackee/tests/comments/mixins.py
index fbb1bff54..5881f0eaf 100644
--- a/fittrackee/tests/comments/mixins.py
+++ b/fittrackee/tests/comments/mixins.py
@@ -22,6 +22,7 @@ def create_comment(
         created_at: Optional[datetime] = None,
         parent_comment: Optional[Comment] = None,
         with_mentions: bool = True,
+        with_federation: bool = False,
     ) -> Comment:
         text = self.random_string() if text is None else text
         comment = Comment(
@@ -37,14 +38,8 @@ def create_comment(
         if with_mentions:
             with patch('fittrackee.federation.utils.user.update_remote_user'):
                 comment.create_mentions()
-        actor = comment.user.actor
-        comment.ap_id = (
-            f'{actor.activitypub_id}/workouts/{workout.short_id}'
-            f'/comments/{comment.short_id}'
-        )
-        comment.remote_url = (
-            f'https://{actor.domain.name}/workouts/{workout.short_id}'
-            f'/comments/{comment.short_id}'
-        )
+        if with_federation:
+            comment.ap_id = comment.get_ap_id()
+            comment.remote_url = comment.get_remote_url()
         db.session.commit()
         return comment
diff --git a/fittrackee/tests/comments/test_comments_models.py b/fittrackee/tests/comments/test_comments_models.py
index b3c6afe59..540c47066 100644
--- a/fittrackee/tests/comments/test_comments_models.py
+++ b/fittrackee/tests/comments/test_comments_models.py
@@ -186,6 +186,44 @@ def test_suspension_action_is_none_when_comment_is_unsuspended(
 
         assert comment.suspension_action is None
 
+    def test_it_gets_comment_ap_id(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2, workout_cycling_user_1, text=self.random_string()
+        )
+
+        assert comment.get_ap_id() == (
+            f'{user_2.actor.activitypub_id}/'
+            f'workouts/{workout_cycling_user_1.short_id}/'
+            f'comments/{comment.short_id}'
+        )
+
+    def test_it_gets_comment_remote_url(
+        self,
+        app: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2, workout_cycling_user_1, text=self.random_string()
+        )
+
+        assert comment.get_remote_url() == (
+            f'https://{user_2.actor.domain.name}/'
+            f'workouts/{workout_cycling_user_1.short_id}/'
+            f'comments/{comment.short_id}'
+        )
+
 
 class TestWorkoutCommentModelSerializeForCommentOwner(
     ReportMixin, CommentMixin
diff --git a/fittrackee/tests/equipments/test_equipments_api.py b/fittrackee/tests/equipments/test_equipments_api.py
index 5aaf3a56a..376830e87 100644
--- a/fittrackee/tests/equipments/test_equipments_api.py
+++ b/fittrackee/tests/equipments/test_equipments_api.py
@@ -632,7 +632,7 @@ def test_it_adds_an_equipment_with_default_sports(
         }
         equipment = Equipment.query.filter_by(
             uuid=decode_short_id(equipment['id'])
-        ).first()
+        ).one()
         assert user_1_sport_1_preference.default_equipments.all() == [
             equipment
         ]
@@ -703,7 +703,7 @@ def test_it_replaces_existing_default_equipment_on_creation(
         assert equipment['default_for_sport_ids'] == [sport_2_running.id]
         equipment = Equipment.query.filter_by(
             uuid=decode_short_id(equipment['id'])
-        ).first()
+        ).one()
         assert user_1_sport_2_preference.default_equipments.all() == [
             equipment
         ]
diff --git a/fittrackee/tests/federation/application/test_app_config_model.py b/fittrackee/tests/federation/application/test_app_config_model.py
index 6f589da07..5b1502560 100644
--- a/fittrackee/tests/federation/application/test_app_config_model.py
+++ b/fittrackee/tests/federation/application/test_app_config_model.py
@@ -8,15 +8,15 @@ class TestConfigModelWithRemoteUsers:
     def test_it_returns_registration_is_enabled(
         self, app_with_federation: Flask, user_1: User, remote_user: User
     ) -> None:
-        app_config = AppConfig.query.first()
-        app_config.max_users = 2
+        config = AppConfig.query.one()
+        config.max_users = 2
 
-        assert app_config.is_registration_enabled
+        assert config.is_registration_enabled
 
     def test_it_returns_registration_is_disabled(
         self, app_with_federation: Flask, user_1: User, remote_user: User
     ) -> None:
-        app_config = AppConfig.query.first()
-        app_config.max_users = 1
+        config = AppConfig.query.one()
+        config.max_users = 1
 
-        assert app_config.is_registration_enabled is False
+        assert config.is_registration_enabled is False
diff --git a/fittrackee/tests/federation/comments/test_comments_api.py b/fittrackee/tests/federation/comments/test_comments_api.py
index da382090b..7ab26cc43 100644
--- a/fittrackee/tests/federation/comments/test_comments_api.py
+++ b/fittrackee/tests/federation/comments/test_comments_api.py
@@ -137,7 +137,7 @@ def test_it_returns_201_when_comment_is_created(
         data = json.loads(response.data.decode())
         new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=remote_cycling_workout.id
-        ).first()
+        ).one()
         assert data['comment'] == jsonify_dict(new_comment.serialize(user_1))
         assert new_comment.ap_id == (
             f'{user_1.actor.activitypub_id}/'
@@ -166,6 +166,7 @@ def test_it_returns_201_when_user_replies_to_a_remote_comment(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -302,7 +303,7 @@ def test_it_calls_sent_to_inbox_if_comment_has_mention(  # noqa
             ),
         )
 
-        note_activity = Comment.query.first().get_activity(
+        note_activity = Comment.query.one().get_activity(
             activity_type='Create'
         )
         send_to_remote_inbox_mock.send.assert_called_once_with(
@@ -348,7 +349,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
             ),
         )
 
-        note_activity = Comment.query.first().get_activity(
+        note_activity = Comment.query.one().get_activity(
             activity_type='Create'
         )
         send_to_remote_inbox_mock.send.assert_called_once_with(
@@ -394,7 +395,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             ),
         )
 
-        note_activity = Comment.query.first().get_activity(
+        note_activity = Comment.query.one().get_activity(
             activity_type='Create'
         )
         send_to_remote_inbox_mock.send.assert_called_once_with(
@@ -435,7 +436,7 @@ def test_it_creates_mention(
 
         new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
-        ).first()
+        ).one()
         assert (
             Mention.query.filter_by(
                 comment_id=new_comment.id, user_id=remote_user.id
@@ -461,6 +462,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
             user_3,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -499,6 +501,7 @@ def test_it_returns_comment_when_visibility_allows_access(
             user_3,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -537,6 +540,7 @@ def test_it_returns_comment_when_visibility_allows_access(
             remote_user,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -572,6 +576,7 @@ def test_it_returns_comment_when_visibility_allows_access(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -609,6 +614,7 @@ def test_it_returns_404_when_comment_visibility_does_not_allow_access(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client = app_with_federation.test_client()
 
@@ -638,12 +644,14 @@ def test_it_gets_reply(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         reply = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
             parent_comment=comment,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -678,6 +686,7 @@ def test_it_does_not_return_comment_when_for_followers_and_remote(
             user_3,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -713,6 +722,7 @@ def test_it_does_not_return_comment_when_visibility_does_not_allow_it(
             user_3,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.PRIVATE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -753,6 +763,7 @@ def test_it_returns_comment_when_visibility_allows_access(
             user_3,
             workout_cycling_user_2,
             text_visibility=input_text_visibility,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -788,6 +799,7 @@ def test_it_returns_comment_when_for_followers_and_remote(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -823,6 +835,7 @@ def test_it_does_not_return_comment_when_for_followers_and_remote(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client = app_with_federation.test_client()
 
@@ -857,6 +870,7 @@ def test_it_returns_only_comments_user_can_access(
                 remote_user_2,
                 workout_cycling_user_2,
                 text_visibility=VisibilityLevel.PUBLIC,
+                with_federation=True,
             )
         ]
 
@@ -870,6 +884,7 @@ def test_it_returns_only_comments_user_can_access(
                 remote_user_2,
                 workout_cycling_user_2,
                 text_visibility=privacy_levels,
+                with_federation=True,
             )
 
         for privacy_levels in [
@@ -884,6 +899,7 @@ def test_it_returns_only_comments_user_can_access(
                     workout_cycling_user_2,
                     text=f"@{user_1.username}",
                     text_visibility=privacy_levels,
+                    with_federation=True,
                 )
             )
 
@@ -897,12 +913,14 @@ def test_it_returns_only_comments_user_can_access(
                     remote_user,
                     workout_cycling_user_2,
                     text_visibility=privacy_levels,
+                    with_federation=True,
                 )
             )
         self.create_comment(
             remote_user,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.PRIVATE,
+            with_federation=True,
         )
         # user 3
         visible_comments.append(
@@ -910,6 +928,7 @@ def test_it_returns_only_comments_user_can_access(
                 user_3,
                 workout_cycling_user_2,
                 text_visibility=VisibilityLevel.PUBLIC,
+                with_federation=True,
             )
         )
         for privacy_levels in [
@@ -921,6 +940,7 @@ def test_it_returns_only_comments_user_can_access(
                 user_3,
                 workout_cycling_user_2,
                 text_visibility=privacy_levels,
+                with_federation=True,
             )
         # user 2 followed by user 1
         for privacy_levels in [
@@ -933,12 +953,14 @@ def test_it_returns_only_comments_user_can_access(
                     user_2,
                     workout_cycling_user_2,
                     text_visibility=privacy_levels,
+                    with_federation=True,
                 )
             )
         self.create_comment(
             user_2,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.PRIVATE,
+            with_federation=True,
         )
         # user 1
         for privacy_levels in [
@@ -952,6 +974,7 @@ def test_it_returns_only_comments_user_can_access(
                     user_1,
                     workout_cycling_user_2,
                     text_visibility=privacy_levels,
+                    with_federation=True,
                 )
             )
         client, auth_token = self.get_test_client_and_auth_token(
@@ -997,6 +1020,7 @@ def test_user_can_access_comment_when_mentioned(
             workout_cycling_user_2,
             text=f"@{user_1.username} {self.random_string()}",
             text_visibility=input_workout_visibility,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1031,12 +1055,14 @@ def test_it_gets_reply(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         reply = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
             parent_comment=comment,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1076,6 +1102,7 @@ def test_it_returns_404_if_comment_is_not_visible_to_user(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1111,6 +1138,7 @@ def test_it_does_not_call_sent_to_inbox_if_privacy_is_local_followers_only(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1141,6 +1169,7 @@ def test_it_does_not_call_sent_to_inbox_if_user_has_no_remote_followers(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1175,6 +1204,7 @@ def test_it_calls_sent_to_inbox_if_comment_has_mention(  # noqa
             workout_cycling_user_2,
             text=f"@{remote_user.fullname} {self.random_string()}",
             text_visibility=input_visibility,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1215,6 +1245,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1255,6 +1286,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_other_instance(
             user_1,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1291,6 +1323,7 @@ def test_it_deletes_mentions(
             workout_cycling_user_2,
             text=f"@{remote_user.fullname}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         comment_id = comment.id
         client, auth_token = self.get_test_client_and_auth_token(
@@ -1326,6 +1359,7 @@ def test_it_does_not_call_sent_to_inbox_when_comment_is_local_with_no_mentions(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1367,6 +1401,7 @@ def test_it_calls_sent_to_inbox_with_update_when_comment_has_mention(
             workout_cycling_user_2,
             text=f"@{remote_user.fullname} foo",
             text_visibility=input_visibility,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1413,6 +1448,7 @@ def test_it_calls_sent_to_inbox_with_update_when_mention_is_removed(
             workout_cycling_user_2,
             text=f"@{remote_user.fullname} foo",
             text_visibility=input_visibility,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1456,6 +1492,7 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_instance(
             user_1,
             workout_cycling_user_1,
             text_visibility=text_visibility,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1498,6 +1535,7 @@ def test_it_updates_mentions_to_remove_mention(
             workout_cycling_user_2,
             text=f"@{remote_user.fullname} @{remote_user_2.fullname}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1512,7 +1550,7 @@ def test_it_updates_mentions_to_remove_mention(
 
         new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
-        ).first()
+        ).one()
         mentions = Mention.query.filter_by(comment_id=new_comment.id).all()
         assert len(mentions) == 1
         assert mentions[0] == (
@@ -1543,6 +1581,7 @@ def test_it_updates_mentions_to_add_mention(
             workout_cycling_user_2,
             text=f"@{remote_user.fullname}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -1559,6 +1598,6 @@ def test_it_updates_mentions_to_add_mention(
 
         new_comment = Comment.query.filter_by(
             user_id=user_1.id, workout_id=workout_cycling_user_2.id
-        ).first()
+        ).one()
         mentions = Mention.query.filter_by(comment_id=new_comment.id).all()
         assert len(mentions) == 2
diff --git a/fittrackee/tests/federation/comments/test_comments_likes_api_post.py b/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
index 1c295ffae..713131f75 100644
--- a/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
+++ b/fittrackee/tests/federation/comments/test_comments_likes_api_post.py
@@ -36,6 +36,7 @@ def test_it_creates_workout_like(
             remote_user,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -73,6 +74,7 @@ def test_it_does_not_call_sent_to_inbox_if_comment_is_local(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -100,6 +102,7 @@ def test_it_calls_sent_to_inbox_if_comment_is_remote(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
@@ -110,7 +113,7 @@ def test_it_calls_sent_to_inbox_if_comment_is_remote(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        like_activity = CommentLike.query.first().get_activity()
+        like_activity = CommentLike.query.one().get_activity()
         send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=like_activity,
@@ -144,6 +147,7 @@ def test_it_removes_comment_like(
             remote_user,
             workout_cycling_user_2,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         like = CommentLike(user_id=user_1.id, comment_id=comment.id)
         db.session.add(like)
@@ -181,6 +185,7 @@ def test_it_does_not_call_sent_to_inbox_if_comment_is_local(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like = CommentLike(user_id=user_1.id, comment_id=comment.id)
         db.session.add(like)
@@ -211,6 +216,7 @@ def test_it_calls_sent_to_inbox_if_like_is_remote(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like = CommentLike(user_id=user_1.id, comment_id=comment.id)
         db.session.add(like)
@@ -218,7 +224,7 @@ def test_it_calls_sent_to_inbox_if_like_is_remote(
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
         )
-        undo_activity = CommentLike.query.first().get_activity(is_undo=True)
+        undo_activity = CommentLike.query.one().get_activity(is_undo=True)
 
         client.post(
             self.route.format(comment_uuid=comment.short_id),
diff --git a/fittrackee/tests/federation/comments/test_comments_models.py b/fittrackee/tests/federation/comments/test_comments_models.py
index 73a3e4810..6b32bb3e3 100644
--- a/fittrackee/tests/federation/comments/test_comments_models.py
+++ b/fittrackee/tests/federation/comments/test_comments_models.py
@@ -31,6 +31,7 @@ def test_it_serializes_owner_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
 
         serialized_comment = comment.serialize(user_1)
@@ -69,6 +70,7 @@ def test_it_raises_error_when_user_does_not_follow_comment_user(
             remote_user,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
 
         with pytest.raises(CommentForbiddenException):
@@ -91,6 +93,7 @@ def test_it_raises_error_when_privacy_does_not_allows_it(
             remote_user,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.FOLLOWERS,
+            with_federation=True,
         )
 
         with pytest.raises(CommentForbiddenException):
@@ -116,6 +119,7 @@ def test_it_serializes_comment_for_follower_when_privacy_allows_it(
             remote_user,
             remote_cycling_workout,
             text_visibility=input_visibility,
+            with_federation=True,
         )
 
         serialized_comment = comment.serialize(user_1)
@@ -151,6 +155,7 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
             remote_user,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
 
         with pytest.raises(CommentForbiddenException):
@@ -171,6 +176,7 @@ def test_it_raises_error_when_comment_is_visible_to_remote_follower(
             user_1,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
 
         with pytest.raises(CommentForbiddenException):
@@ -199,6 +205,7 @@ def test_it_raises_error_if_visibility_is_invalid(
             user_1,
             remote_cycling_workout,
             text_visibility=input_visibility,
+            with_federation=True,
         )
         with pytest.raises(InvalidVisibilityException):
             comment.get_activity(activity_type=self.activity_type)
@@ -221,6 +228,7 @@ def test_it_returns_activities_when_visibility_is_valid(
             user_1,
             remote_cycling_workout,
             text_visibility=input_visibility,
+            with_federation=True,
         )
 
         note_activity = comment.get_activity(activity_type=self.activity_type)
@@ -256,11 +264,12 @@ def test_it_creates_mentions_when_mentioned_user_exists(
             text=f"@{remote_user.fullname} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
             with_mentions=False,
+            with_federation=True,
         )
 
         comment.create_mentions()
 
-        mention = Mention.query.first()
+        mention = Mention.query.one()
         assert mention.comment_id == comment.id
         assert mention.user_id == remote_user.id
 
@@ -281,6 +290,7 @@ def test_it_creates_mentions_when_mentioned_user_does_not_exist(
             text=f"@{random_actor.fullname} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
             with_mentions=False,
+            with_federation=True,
         )
 
         with (
@@ -295,8 +305,8 @@ def test_it_creates_mentions_when_mentioned_user_does_not_exist(
         ):
             comment.create_mentions()
 
-        remote_user = User.query.filter_by(username=random_actor.name).first()
-        mention = Mention.query.first()
+        remote_user = User.query.filter_by(username=random_actor.name).one()
+        mention = Mention.query.one()
         assert mention.comment_id == comment.id
         assert mention.user_id == remote_user.id
 
@@ -318,6 +328,7 @@ def test_it_returns_mentioned_user(
             text=f"{mention} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
             with_mentions=False,
+            with_federation=True,
         )
 
         _, mentioned_users = comment.create_mentions()
@@ -343,6 +354,7 @@ def test_it_serializes_comment_with_mentions_as_link(
             workout_cycling_user_1,
             text=f"@{remote_user.fullname} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
 
         serialized_comment = comment.serialize(user_1)
@@ -365,6 +377,7 @@ def test_it_returns_like_activity(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like = CommentLike(user_id=user_1.id, comment_id=comment.id)
         db.session.add(like)
@@ -394,6 +407,7 @@ def test_it_returns_undo_like_activity(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like = CommentLike(user_id=user_1.id, comment_id=comment.id)
         db.session.add(like)
diff --git a/fittrackee/tests/federation/comments/test_mentions_models.py b/fittrackee/tests/federation/comments/test_mentions_models.py
index 74ec9f832..ac2f08c8d 100644
--- a/fittrackee/tests/federation/comments/test_mentions_models.py
+++ b/fittrackee/tests/federation/comments/test_mentions_models.py
@@ -29,6 +29,7 @@ def test_public_comment_is_visible_to_all_users(
             workout_cycling_user_1,
             text=f"@{user_2.username} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
 
         comment.serialize(user_1)  # author
@@ -67,6 +68,7 @@ def test_comment_for_followers_is_visible_to_followers_and_mentioned_users(
                 f"{self.random_string()}"
             ),
             text_visibility=text_visibility,
+            with_federation=True,
         )
 
         assert comment.serialize(user_1)  # author
@@ -97,6 +99,7 @@ def test_private_comment_is_only_visible_to_author_and_mentioned_user(
             workout_cycling_user_1,
             text=f"@{user_3.username} {self.random_string()}",
             text_visibility=VisibilityLevel.FOLLOWERS,
+            with_federation=True,
         )
 
         assert comment.serialize(user_1)  # author
@@ -128,6 +131,7 @@ def test_private_comment_with_remote_mention_is_only_visible_to_author(
             workout_cycling_user_1,
             text=f"@{remote_user.fullname} {self.random_string()}",
             text_visibility=VisibilityLevel.PRIVATE,
+            with_federation=True,
         )
 
         assert comment.serialize(user_1)  # author
@@ -157,6 +161,7 @@ def test_it_gets_remote_followers_count(
                 f"@{remote_user.fullname}"
             ),
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
 
         assert comment.remote_mentions.count() == 1
@@ -176,6 +181,7 @@ def test_has_remote_mentions_returns_false_when_no_remote_mentions(
             workout_cycling_user_1,
             text=f"@{user_3.username} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
 
         assert comment.has_remote_mentions is False
@@ -195,6 +201,7 @@ def test_has_remote_mentions_returns_true_when_remote_mentions(
             workout_cycling_user_1,
             text=f"@{remote_user.fullname} {self.random_string()}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
 
         assert comment.has_remote_mentions is True
diff --git a/fittrackee/tests/federation/comments/test_utils.py b/fittrackee/tests/federation/comments/test_utils.py
index fec3a75ff..96cb3c9f9 100644
--- a/fittrackee/tests/federation/comments/test_utils.py
+++ b/fittrackee/tests/federation/comments/test_utils.py
@@ -66,7 +66,7 @@ def test_it_creates_remote_user(
         ):
             _, mentioned_users = handle_mentions(text)
 
-        remote_user = User.query.filter_by(username=random_actor.name).first()
+        remote_user = User.query.filter_by(username=random_actor.name).one()
         assert mentioned_users == {"local": set(), "remote": {remote_user}}
 
     def test_it_returns_text_with_link_when_remote_user_found(
diff --git a/fittrackee/tests/federation/federation/test_federation_activities_activities.py b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
index 11fcc4baa..0dc27e0d5 100644
--- a/fittrackee/tests/federation/federation/test_federation_activities_activities.py
+++ b/fittrackee/tests/federation/federation/test_federation_activities_activities.py
@@ -195,7 +195,7 @@ def test_it_creates_follow_request_with_existing_remote_user(
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=remote_user.id,
             followed_user_id=user_1.id,
-        ).first()
+        ).one()
         assert follow_request is not None
 
     def test_it_creates_remote_user_and_follow_request(
@@ -227,7 +227,7 @@ def test_it_creates_remote_user_and_follow_request(
 
         follow_request = FollowRequest.query.filter_by(
             followed_user_id=user_1.id,
-        ).first()
+        ).one()
         assert follow_request.from_user.fullname == random_actor.fullname
 
     def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
@@ -250,7 +250,7 @@ def test_it_does_not_raise_error_if_pending_follow_request_already_exist(
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=remote_user.id,
             followed_user_id=user_1.id,
-        ).first()
+        ).one()
         assert follow_request.updated_at is None
 
 
@@ -340,7 +340,7 @@ def test_it_accepts_follow_request(
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=user_1.id,
             followed_user_id=remote_user.id,
-        ).first()
+        ).one()
 
         assert follow_request.is_approved
         assert follow_request.updated_at is not None
@@ -432,7 +432,7 @@ def test_it_rejects_follow_request(
         follow_request = FollowRequest.query.filter_by(
             follower_user_id=user_1.id,
             followed_user_id=remote_user.id,
-        ).first()
+        ).one()
 
         assert follow_request.is_approved is False
         assert follow_request.updated_at is not None
@@ -591,7 +591,7 @@ def generate_workout_update_activity(
         workout: Optional[Workout] = None,
         updates: Optional[Dict] = None,
     ) -> Dict:
-        activity = {}
+        activity: Dict = {}
         if not updates:
             updates = {}
         if workout:
@@ -734,7 +734,7 @@ def test_it_creates_remote_workout_without_gpx_with_public_visibility(
 
         remote_workout = Workout.query.filter_by(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
-        ).first()
+        ).one()
         assert remote_workout.ap_id == workout_activity['object']['id']
         assert remote_workout.remote_url == workout_activity['object']['url']
         assert (
@@ -761,7 +761,7 @@ def test_it_creates_remote_workout_without_gpx_with_followers_visibility(
 
         remote_workout = Workout.query.filter_by(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
-        ).first()
+        ).one()
         assert (
             remote_workout.workout_visibility
             == VisibilityLevel.FOLLOWERS_AND_REMOTE
@@ -786,7 +786,7 @@ def test_serializer_returns_remote_url(
 
         remote_workout = Workout.query.filter_by(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
-        ).first()
+        ).one()
         assert (
             remote_workout.serialize(user=remote_user, light=False)[
                 'remote_url'
@@ -811,7 +811,7 @@ def test_it_does_not_create_records_for_remote_workout(
 
         remote_workout = Workout.query.filter_by(
             user_id=remote_user.id, sport_id=sport_1_cycling.id
-        ).first()
+        ).one()
         assert remote_workout.records == []
 
 
@@ -837,7 +837,7 @@ def test_it_raises_error_if_remote_workout_does_not_exist(
     def test_it_raises_error_if_workout_actor_does_not_exist(
         self,
         app_with_federation: Flask,
-        random_actor: Actor,
+        random_actor: RandomActor,
     ) -> None:
         delete_activity = self.generate_workout_delete_activity(
             remote_actor=random_actor
@@ -923,7 +923,7 @@ def test_it_raises_error_if_remote_workout_does_not_exist(
     def test_it_raises_error_if_workout_actor_does_not_exist(
         self,
         app_with_federation: Flask,
-        random_actor: Actor,
+        random_actor: RandomActor,
         sport_1_cycling: Sport,
     ) -> None:
         update_activity = self.generate_workout_update_activity(
@@ -966,7 +966,7 @@ def test_it_raises_error_when_activity_actor_is_not_workout_actor(
         ):
             activity.process_activity()
 
-        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).one()
         assert workout.serialize(user=remote_user) == serialize_workout
 
     @pytest.mark.parametrize(
@@ -1003,7 +1003,7 @@ def test_it_updates_remote_workout(
 
         activity.process_activity()
 
-        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).one()
         assert workout.__getattribute__(input_key) == input_new_value
 
     @pytest.mark.parametrize(
@@ -1033,7 +1033,7 @@ def test_it_updates_remote_workout_durations(
 
         activity.process_activity()
 
-        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).one()
         assert workout.__getattribute__(input_key) == timedelta(
             seconds=convert_duration_string_to_seconds(input_new_value)
         )
@@ -1057,7 +1057,7 @@ def test_it_updates_remote_workout_date(
 
         activity.process_activity()
 
-        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).one()
         assert workout.workout_date == datetime.strptime(
             new_workout_date, WORKOUT_DATE_FORMAT
         ).replace(tzinfo=timezone.utc)
@@ -1080,7 +1080,7 @@ def test_it_updates_remote_workout_modification_date(
 
         activity.process_activity()
 
-        workout = Workout.query.filter_by(id=remote_cycling_workout.id).first()
+        workout = Workout.query.filter_by(id=remote_cycling_workout.id).one()
         assert workout.modification_date is not None
 
     def test_it_raises_exception_when_activity_is_invalid(
@@ -1132,7 +1132,7 @@ def generate_random_object(
                 f'workouts/{workout_short_id}'
             )
         else:
-            workout_api_id = workout.ap_id
+            workout_api_id = workout.ap_id  # type: ignore
 
         comment_short_id = self.random_short_id()
         comment_ap_id = (
@@ -1251,7 +1251,7 @@ def test_it_creates_remote_comment_when_no_related_workout_found(
 
         activity.process_activity()
 
-        remote_comment = Comment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().one()
         assert remote_comment.ap_id == comment_activity['object']['id']
 
     def test_it_creates_remote_workout_comment_when_remote_user_does_not_exist(
@@ -1263,10 +1263,7 @@ def test_it_creates_remote_workout_comment_when_remote_user_does_not_exist(
         random_actor: RandomActor,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=random_actor,
             workout=workout_cycling_user_1,
@@ -1290,7 +1287,7 @@ def test_it_creates_remote_workout_comment_when_remote_user_does_not_exist(
         ):
             activity.process_activity()
 
-        remote_comment = Comment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().one()
         assert remote_comment.ap_id == comment_activity['object']['id']
         assert (
             User.query.filter_by(username=random_actor.name).first()
@@ -1307,10 +1304,7 @@ def test_it_creates_mentioned_users_when_comment_has_mention(
         random_actor: RandomActor,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=random_actor,
             workout=workout_cycling_user_1,
@@ -1339,9 +1333,9 @@ def test_it_creates_mentioned_users_when_comment_has_mention(
         ):
             activity.process_activity()
 
-        remote_comment = Comment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().one()
         assert remote_comment.ap_id == comment_activity['object']['id']
-        new_user = User.query.filter_by(username=random_actor.name).first()
+        new_user = User.query.filter_by(username=random_actor.name).one()
         assert new_user is not None
         assert (
             Mention.query.filter_by(
@@ -1368,10 +1362,7 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         input_visibility: VisibilityLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_visibility
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=remote_user.actor,
             workout=workout_cycling_user_1,
@@ -1383,9 +1374,7 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
 
         activity.process_activity()
 
-        remote_comment = Comment.query.filter_by(
-            user_id=remote_user.id
-        ).first()
+        remote_comment = Comment.query.filter_by(user_id=remote_user.id).one()
         assert remote_comment.ap_id == comment_activity['object']['id']
         assert remote_comment.remote_url == comment_activity['object']['url']
         assert remote_comment.text == comment_activity['object']['content']
@@ -1405,10 +1394,7 @@ def test_it_creates_comment_when_parent_comment_does_not_exist(
         remote_user: User,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=remote_user.actor,
             workout=workout_cycling_user_1,
@@ -1424,9 +1410,7 @@ def test_it_creates_comment_when_parent_comment_does_not_exist(
 
         activity.process_activity()
 
-        remote_comment = Comment.query.filter_by(
-            user_id=remote_user.id
-        ).first()
+        remote_comment = Comment.query.filter_by(user_id=remote_user.id).one()
         assert remote_comment.ap_id == comment_activity['object']['id']
         assert remote_comment.remote_url == comment_activity['object']['url']
         assert remote_comment.text == comment_activity['object']['content']
@@ -1451,20 +1435,14 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
         input_visibility: VisibilityLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         parent_comment = self.create_comment(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
-        parent_comment.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}/comments/'
-            + parent_comment.short_id
-        )
+        parent_comment.ap_id = parent_comment.get_ap_id()
         comment_activity = self.generate_workout_comment_create_activity(
             remote_actor=remote_user.actor,
             workout=workout_cycling_user_1,
@@ -1477,9 +1455,7 @@ def test_it_creates_remote_workout_comment_with_expected_visibility(
 
         activity.process_activity()
 
-        remote_comment = Comment.query.filter_by(
-            user_id=remote_user.id
-        ).first()
+        remote_comment = Comment.query.filter_by(user_id=remote_user.id).one()
         assert remote_comment.ap_id == comment_activity['object']['id']
         assert remote_comment.remote_url == comment_activity['object']['url']
         assert remote_comment.text == comment_activity['object']['content']
@@ -1494,7 +1470,7 @@ def test_it_creates_comment_when_workout_actor_does_not_exist(
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
-        random_actor: Actor,
+        random_actor: RandomActor,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment_activity = self.generate_workout_comment_update_activity(
@@ -1518,9 +1494,9 @@ def test_it_creates_comment_when_workout_actor_does_not_exist(
         ):
             activity.process_activity()
 
-        remote_comment = Comment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().one()
         assert remote_comment.ap_id == comment_activity['object']['id']
-        new_user = User.query.filter_by(username=random_actor.name).first()
+        new_user = User.query.filter_by(username=random_actor.name).one()
         assert new_user is not None
 
     def test_it_creates_comment_when_original_comment_does_not_exist(
@@ -1529,7 +1505,7 @@ def test_it_creates_comment_when_original_comment_does_not_exist(
         user_1: User,
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
-        random_actor: Actor,
+        random_actor: RandomActor,
     ) -> None:
         # case of a comment edited to add a mention to a user (not-followers)
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
@@ -1554,7 +1530,7 @@ def test_it_creates_comment_when_original_comment_does_not_exist(
         ):
             activity.process_activity()
 
-        remote_comment = Comment.query.filter_by().first()
+        remote_comment = Comment.query.filter_by().one()
         assert remote_comment.ap_id == comment_activity['object']['id']
         assert (
             User.query.filter_by(username=random_actor.name).first()
@@ -1581,6 +1557,7 @@ def test_it_raises_error_when_activity_actor_is_not_comment_actor(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         remote_comment.modification_date = datetime.now(timezone.utc)
         comment_activity = {
@@ -1614,6 +1591,7 @@ def test_it_updates_remote_workout_comment_text(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         remote_comment.modification_date = datetime.now(timezone.utc)
         comment_activity = remote_comment.get_activity("Update")
@@ -1643,6 +1621,7 @@ def test_it_updates_mentioned_users_when_comment_has_mention(
                 workout_cycling_user_1,
                 text=f"@{remote_user.fullname}",
                 text_visibility=VisibilityLevel.PUBLIC,
+                with_federation=True,
             )
             remote_comment.modification_date = datetime.now(timezone.utc)
             comment_activity = remote_comment.get_activity("Update")
@@ -1669,7 +1648,7 @@ def test_it_updates_mentioned_users_when_comment_has_mention(
         ):
             activity.process_activity()
 
-        new_user = User.query.filter_by(username=random_actor.name).first()
+        new_user = User.query.filter_by(username=random_actor.name).one()
         assert new_user is not None
         mentions = Mention.query.filter_by(comment_id=remote_comment.id).all()
         assert len(mentions) == 1
@@ -1693,6 +1672,7 @@ def test_it_updates_remote_workout_modification_date(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         remote_comment.modification_date = datetime.now(timezone.utc)
         comment_activity = remote_comment.get_activity("Update")
@@ -1717,6 +1697,7 @@ def test_it_updates_remote_workout_visibility(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         remote_comment.modification_date = datetime.now(timezone.utc)
         comment_activity = remote_comment.get_activity("Update")
@@ -1748,6 +1729,7 @@ def test_it_raises_exception_when_activity_is_invalid(
             remote_user,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         remote_comment.modification_date = datetime.now(timezone.utc)
         comment_activity = remote_comment.get_activity("Update")
@@ -1790,7 +1772,7 @@ def test_it_raises_error_if_remote_workout_does_not_exist(
     def test_it_raises_error_if_workout_actor_does_not_exist(
         self,
         app_with_federation: Flask,
-        random_actor: Actor,
+        random_actor: RandomActor,
     ) -> None:
         delete_activity = self.generate_workout_comment_delete_activity(
             remote_actor=random_actor
@@ -1818,6 +1800,7 @@ def test_it_raises_error_when_activity_actor_is_not_comment_actor(
             remote_user,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         delete_activity = self.generate_workout_comment_delete_activity(
             remote_actor=remote_user_2.actor,
@@ -1852,6 +1835,7 @@ def test_it_deletes_remote_workout(
             remote_cycling_workout,
             text=f"@{user_1.fullname}",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         delete_activity = self.generate_workout_comment_delete_activity(
             remote_actor=remote_user.actor,
@@ -1880,12 +1864,14 @@ def test_it_deletes_remote_workout_with_reply(
             remote_user,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         reply = self.create_comment(
             user_1,
             remote_cycling_workout,
             text_visibility=VisibilityLevel.PUBLIC,
             parent_comment=remote_comment,
+            with_federation=True,
         )
         delete_activity = self.generate_workout_comment_delete_activity(
             remote_actor=remote_user.actor,
@@ -1930,6 +1916,7 @@ def test_it_creates_like_when_workout_exists(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         like_activity = LikeObject(
             target_object_ap_id=workout_cycling_user_1.ap_id,
             actor_ap_id=remote_user.actor.activitypub_id,
@@ -1956,6 +1943,7 @@ def test_it_creates_like_when_workout_exists_and_remote_actor_does_not_exist(  #
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         like_activity = LikeObject(
             target_object_ap_id=workout_cycling_user_1.ap_id,
             actor_ap_id=random_actor.activitypub_id,
@@ -1971,7 +1959,7 @@ def test_it_creates_like_when_workout_exists_and_remote_actor_does_not_exist(  #
         ):
             activity.process_activity()
 
-        remote_user = User.query.filter_by(username=random_actor.name).first()
+        remote_user = User.query.filter_by(username=random_actor.name).one()
         assert (
             WorkoutLike.query.filter_by(
                 user_id=remote_user.id, workout_id=workout_cycling_user_1.id
@@ -1993,6 +1981,7 @@ def test_it_creates_like_when_workout_exists(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like_activity = LikeObject(
             target_object_ap_id=comment.ap_id,
@@ -2024,6 +2013,7 @@ def test_it_creates_like_when_comment_exists_and_remote_actor_does_not_exist(  #
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like_activity = LikeObject(
             target_object_ap_id=comment.ap_id,
@@ -2040,7 +2030,7 @@ def test_it_creates_like_when_comment_exists_and_remote_actor_does_not_exist(  #
         ):
             activity.process_activity()
 
-        remote_user = User.query.filter_by(username=random_actor.name).first()
+        remote_user = User.query.filter_by(username=random_actor.name).one()
         assert (
             CommentLike.query.filter_by(
                 user_id=remote_user.id, comment_id=comment.id
@@ -2078,6 +2068,7 @@ def test_it_deletes_existing_like(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         like = WorkoutLike(
             user_id=remote_user.id, workout_id=workout_cycling_user_1.id
         )
@@ -2110,6 +2101,7 @@ def test_it_does_not_raise_error_if_like_does_not_exist(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         like_activity = LikeObject(
             target_object_ap_id=workout_cycling_user_1.ap_id,
             actor_ap_id=remote_user.actor.activitypub_id,
@@ -2129,6 +2121,7 @@ def test_it_does_not_raise_error_if_actor_does_not_exist(
         sport_1_cycling: Sport,
         workout_cycling_user_1: Workout,
     ) -> None:
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         like_activity = LikeObject(
             target_object_ap_id=workout_cycling_user_1.ap_id,
             actor_ap_id=random_actor.activitypub_id,
@@ -2158,6 +2151,7 @@ def test_it_deletes_existing_like(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like = CommentLike(user_id=remote_user.id, comment_id=comment.id)
         db.session.add(like)
@@ -2193,6 +2187,7 @@ def test_it_does_not_raise_error_if_like_does_not_exist(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like_activity = LikeObject(
             target_object_ap_id=comment.ap_id,
@@ -2217,6 +2212,7 @@ def test_it_does_not_raise_error_if_actor_does_not_exist(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         like_activity = LikeObject(
             target_object_ap_id=comment.ap_id,
diff --git a/fittrackee/tests/federation/federation/test_federation_models.py b/fittrackee/tests/federation/federation/test_federation_models.py
index 75d58fd4a..781bbe028 100644
--- a/fittrackee/tests/federation/federation/test_federation_models.py
+++ b/fittrackee/tests/federation/federation/test_federation_models.py
@@ -69,7 +69,7 @@ def test_it_returns_string_representation(
     ) -> None:
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
-        ).first()
+        ).one()
 
         assert f"<Domain '{app_with_federation.config['AP_DOMAIN']}'>" == str(
             local_domain
@@ -78,7 +78,7 @@ def test_it_returns_string_representation(
     def test_app_domain_is_local(self, app_with_federation: Flask) -> None:
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
-        ).first()
+        ).one()
 
         assert not local_domain.is_remote
 
@@ -92,7 +92,7 @@ def test_it_returns_current_version_when_local(
     ) -> None:
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
-        ).first()
+        ).one()
 
         assert local_domain.software_version is None
         assert local_domain.software_current_version == VERSION
@@ -119,7 +119,7 @@ def test_it_returns_serialized_object(
     ) -> None:
         local_domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
-        ).first()
+        ).one()
 
         serialized_domain = local_domain.serialize()
 
@@ -222,7 +222,11 @@ def test_generated_key_is_valid(
         actor_1 = user_1.actor
         actor_1.generate_keys()
 
-        signer = pkcs1_15.new(RSA.import_key(actor_1.private_key))
+        signer = pkcs1_15.new(
+            RSA.import_key(
+                actor_1.private_key  # type: ignore
+            )
+        )
         hashed_message = SHA256.new('test message'.encode())
         # it raises ValueError if signature is invalid
         signer.verify(hashed_message, signer.sign(hashed_message))
@@ -230,10 +234,10 @@ def test_generated_key_is_valid(
     def test_it_does_not_create_remote_actor_stats(
         self, app_with_federation: Flask, user_1: User
     ) -> None:
-        stats = RemoteActorStats.query.filter_by(
-            actor_id=user_1.actor_id
-        ).first()
-        assert stats is None
+        assert (
+            RemoteActorStats.query.filter_by(actor_id=user_1.actor_id).first()
+            is None
+        )
 
 
 class TestActivityPubRemotePersonActorModel:
@@ -304,7 +308,7 @@ def test_it_creates_remote_actor_stats(
     ) -> None:
         stats = RemoteActorStats.query.filter_by(
             actor_id=remote_user.actor_id
-        ).first()
+        ).one()
 
         assert stats.items == 0
         assert stats.followers == 0
@@ -317,6 +321,6 @@ def test_it_returns_actor_empty_name(
     ) -> None:
         domain = Domain.query.filter_by(
             name=app_with_federation.config['AP_DOMAIN']
-        ).first()
+        ).one()
         actor = Actor(preferred_username=uuid4().hex, domain_id=domain.id)
         assert actor.name is None
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_comment.py b/fittrackee/tests/federation/federation/test_federation_objects_comment.py
index 1b8d1a469..928f1cefc 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_comment.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_comment.py
@@ -7,6 +7,7 @@
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.federation.objects.comment import CommentObject
+from fittrackee.federation.objects.exceptions import InvalidObjectException
 from fittrackee.users.models import User
 from fittrackee.visibility_levels import VisibilityLevel
 from fittrackee.workouts.models import Sport, Workout
@@ -31,7 +32,10 @@ def test_it_raises_error_when_visibility_is_invalid(
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         # no mentioned users
         comment = self.create_comment(
-            user_2, workout_cycling_user_1, text_visibility=input_visibility
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=input_visibility,
+            with_federation=True,
         )
         with pytest.raises(
             InvalidVisibilityException,
@@ -39,6 +43,48 @@ def test_it_raises_error_when_visibility_is_invalid(
         ):
             CommentObject(comment, 'Create')
 
+    def test_it_raises_error_when_comment_has_no_ap_id(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment.remote_url = comment.get_remote_url()
+        with pytest.raises(
+            InvalidObjectException,
+            match="Invalid comment, missing 'ap_id' or 'remote_url'",
+        ):
+            CommentObject(comment, 'Create')
+
+    def test_it_raises_error_when_comment_has_no_remote_url(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        user_2: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        comment = self.create_comment(
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=VisibilityLevel.PUBLIC,
+        )
+        comment.ap_id = comment.get_ap_id()
+        with pytest.raises(
+            InvalidObjectException,
+            match="Invalid comment, missing 'ap_id' or 'remote_url'",
+        ):
+            CommentObject(comment, 'Create')
+
     def test_it_raises_error_when_activity_type_is_invalid(
         self,
         app_with_federation: Flask,
@@ -52,6 +98,7 @@ def test_it_raises_error_when_activity_type_is_invalid(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         invalid_activity_type = self.random_string()
         with pytest.raises(
@@ -74,6 +121,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         published = comment.created_at.strftime(DATE_FORMAT)
         comment_object = CommentObject(comment, 'Create')
@@ -115,6 +163,7 @@ def test_it_generates_activity_when_visibility_is_public(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         published = comment.created_at.strftime(DATE_FORMAT)
         comment_object = CommentObject(comment, 'Create')
@@ -157,12 +206,14 @@ def test_it_generates_activity_when_comment_has_parent_comment(
             user_3,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         comment = self.create_comment(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
             parent_comment=parent_comment,
+            with_federation=True,
         )
         published = comment.created_at.strftime(DATE_FORMAT)
         comment_object = CommentObject(comment, 'Create')
@@ -211,6 +262,7 @@ def test_it_generates_activity_for_public_comment(
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         comment_object = CommentObject(comment, 'Create')
 
@@ -252,6 +304,7 @@ def test_it_generates_activity_with_followers_and_remote_visibility(
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         comment_object = CommentObject(comment, 'Create')
 
@@ -294,6 +347,7 @@ def test_it_generates_activity_with_mentioned_users(
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=input_visibility,
+            with_federation=True,
         )
         comment_object = CommentObject(comment, 'Create')
 
@@ -326,6 +380,7 @@ def test_it_raises_error_when_activity_type_is_invalid(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         invalid_activity_type = self.random_string()
         with pytest.raises(
@@ -351,7 +406,10 @@ def test_it_generates_activity_when_visibility_is_private_or_for_local_followers
         workout_cycling_user_1.ap_id = self.random_string()
         # case of mention removed
         comment = self.create_comment(
-            user_2, workout_cycling_user_1, text_visibility=input_visibility
+            user_2,
+            workout_cycling_user_1,
+            text_visibility=input_visibility,
+            with_federation=True,
         )
         comment.modification_date = datetime.now(timezone.utc)
         published = comment.created_at.strftime(DATE_FORMAT)
@@ -395,6 +453,7 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         comment.modification_date = datetime.now(timezone.utc)
         published = comment.created_at.strftime(DATE_FORMAT)
@@ -438,6 +497,7 @@ def test_it_generates_activity_when_visibility_is_public(
             user_2,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         comment.modification_date = datetime.now(timezone.utc)
         published = comment.created_at.strftime(DATE_FORMAT)
@@ -488,6 +548,7 @@ def test_it_generates_activity_for_public_comment(
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         comment.modification_date = datetime.now(timezone.utc)
         comment_object = CommentObject(comment, 'Update')
@@ -530,6 +591,7 @@ def test_it_generates_activity_with_followers_and_remote_visibility(
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         comment.modification_date = datetime.now(timezone.utc)
         comment_object = CommentObject(comment, 'Update')
@@ -573,6 +635,7 @@ def test_it_generates_activity_for_private_comment_with_mentioned_users(
             workout_cycling_user_1,
             text=f"@{user_3.username} @{remote_user.fullname} great!",
             text_visibility=VisibilityLevel.PRIVATE,
+            with_federation=True,
         )
         comment.modification_date = datetime.now(timezone.utc)
         comment_object = CommentObject(comment, 'Update')
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_like.py b/fittrackee/tests/federation/federation/test_federation_objects_like.py
index 4d3738586..70a49261d 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_like.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_like.py
@@ -1,13 +1,33 @@
+import pytest
 from flask import Flask
 
 from fittrackee.federation.constants import AP_CTX
+from fittrackee.federation.objects.exceptions import InvalidObjectException
 from fittrackee.federation.objects.like import LikeObject
 from fittrackee.users.models import User
+from fittrackee.workouts.models import Sport, Workout
 
 from ...comments.mixins import CommentMixin
 
 
 class TestLikeObject(CommentMixin):
+    def test_it_raises_error_when_object_has_no_ap_id(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        with pytest.raises(
+            InvalidObjectException,
+            match="Invalid object, missing 'ap_id'",
+        ):
+            LikeObject(
+                target_object_ap_id=workout_cycling_user_1.ap_id,
+                like_id=self.random_int(),
+                actor_ap_id=user_1.actor.activitypub_id,
+            )
+
     def test_it_generates_like_activity(
         self,
         app_with_federation: Flask,
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
index 66728b46b..132ade5bd 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_tombstone.py
@@ -27,10 +27,7 @@ def test_it_raises_error_when_visibility_is_private(
         input_visibility: VisibilityLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = input_visibility
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts'
-            f'/{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         with pytest.raises(
             InvalidVisibilityException,
             match=f"object visibility is: '{input_visibility.value}'",
@@ -45,10 +42,7 @@ def test_it_generates_delete_activity_for_workout_with_public_visibility(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts'
-            f'/{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         tombstone = TombstoneObject(workout_cycling_user_1)
 
         delete_activity = tombstone.get_activity()
@@ -76,10 +70,7 @@ def test_it_generates_delete_activity_for_workout_with_follower_visibility(
         workout_cycling_user_1.workout_visibility = (
             VisibilityLevel.FOLLOWERS_AND_REMOTE
         )
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts'
-            f'/{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
         tombstone = TombstoneObject(workout_cycling_user_1)
 
         delete_activity = tombstone.get_activity()
@@ -113,7 +104,10 @@ def test_it_raises_error_when_comment_has_no_mention(
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
         comment = self.create_comment(
-            user_1, workout_cycling_user_1, text_visibility=input_visibility
+            user_1,
+            workout_cycling_user_1,
+            text_visibility=input_visibility,
+            with_federation=True,
         )
         with pytest.raises(
             InvalidVisibilityException,
@@ -133,6 +127,7 @@ def test_it_generates_delete_activity_for_comment_with_public_visibility(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.PUBLIC,
+            with_federation=True,
         )
         tombstone = TombstoneObject(comment)
 
@@ -171,6 +166,7 @@ def test_it_generates_delete_activity_for_comment_with_follower_visibility(
             user_1,
             workout_cycling_user_1,
             text_visibility=VisibilityLevel.FOLLOWERS_AND_REMOTE,
+            with_federation=True,
         )
         tombstone = TombstoneObject(comment)
 
@@ -218,6 +214,7 @@ def test_it_generates_delete_activity_for_comment_with_private_or_local_follower
             workout_cycling_user_1,
             text=f"@{remote_user.fullname}",
             text_visibility=input_visibility,
+            with_federation=True,
         )
         tombstone = TombstoneObject(comment)
 
diff --git a/fittrackee/tests/federation/federation/test_federation_objects_workout.py b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
index 484afec89..0620bd46c 100644
--- a/fittrackee/tests/federation/federation/test_federation_objects_workout.py
+++ b/fittrackee/tests/federation/federation/test_federation_objects_workout.py
@@ -7,6 +7,7 @@
 from fittrackee.exceptions import InvalidVisibilityException
 from fittrackee.federation.constants import AP_CTX, DATE_FORMAT
 from fittrackee.federation.exceptions import InvalidWorkoutException
+from fittrackee.federation.objects.exceptions import InvalidObjectException
 from fittrackee.federation.objects.workout import (
     WorkoutObject,
     convert_duration_string_to_seconds,
@@ -24,7 +25,7 @@ class WorkoutObjectTestCase(RandomMixin):
     def get_updated(workout: Workout, activity_type: str) -> Dict:
         return (
             {'updated': workout.modification_date.strftime(DATE_FORMAT)}
-            if activity_type == 'Update'
+            if activity_type == 'Update' and workout.modification_date
             else {}
         )
 
@@ -58,12 +59,48 @@ def test_it_raises_error_when_activity_type_is_invalid(
     ) -> None:
         invalid_activity_type = self.random_string()
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         with pytest.raises(
             ValueError,
             match=f"'{invalid_activity_type}' is not a valid ActivityType",
         ):
             WorkoutObject(workout_cycling_user_1, invalid_activity_type)
 
+    def test_it_raises_error_when_workout_has_no_ap_id(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
+        with pytest.raises(
+            InvalidObjectException,
+            match="Invalid workout, missing 'ap_id' or 'remote_url'",
+        ):
+            WorkoutObject(workout_cycling_user_1, 'Create')
+
+    def test_it_raises_error_when_workout_has_no_remote_url(
+        self,
+        app_with_federation: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        with pytest.raises(
+            InvalidObjectException,
+            match="Invalid workout, missing 'ap_id' or 'remote_url'",
+        ):
+            WorkoutObject(workout_cycling_user_1, 'Create')
+
     @pytest.mark.parametrize('input_activity_type', ['Create', 'Update'])
     def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  # noqa
         self,
@@ -82,6 +119,10 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
             if input_activity_type == "Update"
             else None
         )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         updated = self.get_updated(workout_cycling_user_1, input_activity_type)
         workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
@@ -106,10 +147,10 @@ def test_it_generates_activity_when_visibility_is_followers_and_remote_only(  #
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': [user_1.actor.followers_url],
                 'cc': [],
-                'ave_speed': float(workout_cycling_user_1.ave_speed),
-                'distance': float(workout_cycling_user_1.distance),
+                'ave_speed': workout_cycling_user_1.ave_speed,
+                'distance': workout_cycling_user_1.distance,
                 'duration': str(workout_cycling_user_1.duration),
-                'max_speed': float(workout_cycling_user_1.max_speed),
+                'max_speed': workout_cycling_user_1.max_speed,
                 'moving': str(workout_cycling_user_1.moving),
                 'sport_id': workout_cycling_user_1.sport_id,
                 'title': workout_cycling_user_1.title,
@@ -136,6 +177,14 @@ def test_it_generates_create_activity_when_visibility_is_public(
             if input_activity_type == "Update"
             else None
         )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         updated = self.get_updated(workout_cycling_user_1, input_activity_type)
         workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
@@ -160,10 +209,10 @@ def test_it_generates_create_activity_when_visibility_is_public(
                 'attributedTo': user_1.actor.activitypub_id,
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
-                'ave_speed': float(workout_cycling_user_1.ave_speed),
-                'distance': float(workout_cycling_user_1.distance),
+                'ave_speed': workout_cycling_user_1.ave_speed,
+                'distance': workout_cycling_user_1.distance,
                 'duration': str(workout_cycling_user_1.duration),
-                'max_speed': float(workout_cycling_user_1.max_speed),
+                'max_speed': workout_cycling_user_1.max_speed,
                 'moving': str(workout_cycling_user_1.moving),
                 'sport_id': workout_cycling_user_1.sport_id,
                 'title': workout_cycling_user_1.title,
@@ -202,6 +251,10 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
             if input_activity_type == "Update"
             else None
         )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         updated = self.get_updated(workout_cycling_user_1, input_activity_type)
         workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
@@ -226,7 +279,8 @@ def test_it_returns_note_activity_when_visibility_is_followers_only(
                 'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'content': self.expected_workout_note(
-                    workout_cycling_user_1, workout_cycling_user_1.remote_url
+                    workout_cycling_user_1,
+                    workout_cycling_user_1.remote_url,  # type: ignore
                 ),
                 'to': [user_1.actor.followers_url],
                 'cc': [],
@@ -250,6 +304,10 @@ def test_it_returns_note_activity_when_visibility_is_public(
             if input_activity_type == "Update"
             else None
         )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         published = workout_cycling_user_1.creation_date.strftime(DATE_FORMAT)
         updated = self.get_updated(workout_cycling_user_1, input_activity_type)
         workout = WorkoutObject(workout_cycling_user_1, input_activity_type)
@@ -274,7 +332,8 @@ def test_it_returns_note_activity_when_visibility_is_public(
                 'url': workout_cycling_user_1.remote_url,
                 'attributedTo': user_1.actor.activitypub_id,
                 'content': self.expected_workout_note(
-                    workout_cycling_user_1, workout_cycling_user_1.remote_url
+                    workout_cycling_user_1,
+                    workout_cycling_user_1.remote_url,  # type: ignore
                 ),
                 'to': ['https://www.w3.org/ns/activitystreams#Public'],
                 'cc': [user_1.actor.followers_url],
@@ -335,10 +394,10 @@ def test_it_convert_workout_data_from_activity(
             'attributedTo': user_1.actor.activitypub_id,
             'to': [user_1.actor.followers_url],
             'cc': [],
-            'ave_speed': float(workout_cycling_user_1.ave_speed),
-            'distance': float(workout_cycling_user_1.distance),
+            'ave_speed': workout_cycling_user_1.ave_speed,
+            'distance': workout_cycling_user_1.distance,
             'duration': str(workout_cycling_user_1.duration),
-            'max_speed': float(workout_cycling_user_1.max_speed),
+            'max_speed': workout_cycling_user_1.max_speed,
             'moving': str(workout_cycling_user_1.moving),
             'sport_id': workout_cycling_user_1.sport_id,
             'title': workout_cycling_user_1.title,
@@ -351,5 +410,5 @@ def test_it_convert_workout_data_from_activity(
         assert convert_workout_activity(workout_activity_object) == {
             **workout_activity_object,
             'duration': workout_cycling_user_1.duration.seconds,
-            'moving': workout_cycling_user_1.moving.seconds,
+            'moving': workout_cycling_user_1.moving.seconds,  # type: ignore
         }
diff --git a/fittrackee/tests/federation/federation/test_federation_signature.py b/fittrackee/tests/federation/federation/test_federation_signature.py
index dda3b0170..7096ece30 100644
--- a/fittrackee/tests/federation/federation/test_federation_signature.py
+++ b/fittrackee/tests/federation/federation/test_federation_signature.py
@@ -42,6 +42,22 @@ def test_it_returns_digest_with_given_algorithm(self) -> None:
         )
 
 
+class TestGenerateSignatureHeader:
+    def test_it_raises_error_when_actor_has_no_private_key(
+        self, app_with_federation: Flask, remote_user: User
+    ) -> None:
+        with pytest.raises(
+            InvalidSignatureException, match='Invalid private key for actor'
+        ):
+            generate_signature_header(
+                random_string(),
+                '/inbox',
+                'Sat, 01 Feb 2025 11:55:28 GMT',
+                remote_user.actor,
+                random_string(),
+            )
+
+
 class SignatureVerificationTestCase:
     @staticmethod
     def random_signature() -> str:
@@ -116,7 +132,10 @@ def _generate_signature_header_without_digest(
         signed_string = (
             f'(request-target): post {path}\nhost: {host}\ndate: {date_str}'
         )
-        signature = generate_signature(actor.private_key, signed_string)
+        signature = generate_signature(
+            actor.private_key,  # type: ignore
+            signed_string,
+        )
         return (
             f'keyId="{actor.activitypub_id}#main-key",'
             'headers="(request-target) host date",'
diff --git a/fittrackee/tests/federation/users/test_auth_api.py b/fittrackee/tests/federation/users/test_auth_api.py
index 5a41f3dbb..a0e360bcd 100644
--- a/fittrackee/tests/federation/users/test_auth_api.py
+++ b/fittrackee/tests/federation/users/test_auth_api.py
@@ -26,7 +26,7 @@ def assert_actor_is_created(app: Flask) -> None:
         content_type='application/json',
     )
 
-    user = User.query.filter_by(username=username).first()
+    user = User.query.filter_by(username=username).one()
     assert user.actor.preferred_username == username
     assert user.actor.public_key is not None
     assert user.actor.private_key is not None
@@ -61,7 +61,7 @@ def test_local_user_can_register_if_remote_user_exists_with_same_username(
         created_user = User.query.filter(
             User.username == remote_user.username,
             User.is_remote == False,  # noqa
-        ).first()
+        ).one()
         assert created_user.id != remote_user.id
 
 
diff --git a/fittrackee/tests/federation/users/test_users_follow_request_api.py b/fittrackee/tests/federation/users/test_users_follow_request_api.py
index 9864c3a37..3193562b6 100644
--- a/fittrackee/tests/federation/users/test_users_follow_request_api.py
+++ b/fittrackee/tests/federation/users/test_users_follow_request_api.py
@@ -163,7 +163,7 @@ def test_it_accepts_follow_request(
         self.assert_it_returns_follow_request_processed(
             client,
             auth_token,
-            remote_user.fullname,
+            remote_user.fullname,  # type: ignore
             'accept',
         )
 
@@ -300,7 +300,7 @@ def test_it_accepts_follow_request(
         self.assert_it_returns_follow_request_processed(
             client,
             auth_token,
-            remote_user.fullname,
+            remote_user.fullname,  # type: ignore
             'reject',
         )
 
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_patch.py b/fittrackee/tests/federation/workouts/test_workouts_api_patch.py
index 4b0775f4b..141fdef18 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_patch.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_patch.py
@@ -63,6 +63,10 @@ def test_it_calls_sent_to_inbox_if_user_has_follower_from_remote_fittrackee_inst
     ) -> None:
         user_1.approves_follow_request_from(remote_user)
         workout_cycling_user_1.workout_visibility = workout_visibility
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
         )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
index 14621a893..cd069466b 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_api_post.py
@@ -232,7 +232,7 @@ def test_workout_ap_id_and_remote_url_are_saved_when_activity_is_sent(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        workout = Workout.query.first()
+        workout = Workout.query.one()
         assert workout.ap_id == (
             f'{user_1.actor.activitypub_id}/workouts/{workout.short_id}'
         )
@@ -456,7 +456,7 @@ def test_workout_ap_id_and_remote_url_are_saved_when_activity_is_sent(
             ),
         )
 
-        workout = Workout.query.first()
+        workout = Workout.query.one()
         assert workout.ap_id == (
             f'{user_1.actor.activitypub_id}/workouts/{workout.short_id}'
         )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py b/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
index 81fe74908..85897d51f 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_likes_api_post.py
@@ -98,7 +98,7 @@ def test_it_calls_sent_to_inbox_if_comment_is_remote(
             headers=dict(Authorization=f'Bearer {auth_token}'),
         )
 
-        like_activity = WorkoutLike.query.first().get_activity()
+        like_activity = WorkoutLike.query.one().get_activity()
         send_to_remote_inbox_mock.send.assert_called_once_with(
             sender_id=user_1.actor.id,
             activity=like_activity,
@@ -199,7 +199,7 @@ def test_it_calls_sent_to_inbox_if_like_is_remote(
         )
         db.session.add(like)
         db.session.commit()
-        undo_activity = WorkoutLike.query.first().get_activity(is_undo=True)
+        undo_activity = WorkoutLike.query.one().get_activity(is_undo=True)
         client, auth_token = self.get_test_client_and_auth_token(
             app_with_federation, user_1.email
         )
diff --git a/fittrackee/tests/federation/workouts/test_workouts_models.py b/fittrackee/tests/federation/workouts/test_workouts_models.py
index 37efc0df8..347f12f57 100644
--- a/fittrackee/tests/federation/workouts/test_workouts_models.py
+++ b/fittrackee/tests/federation/workouts/test_workouts_models.py
@@ -183,6 +183,10 @@ def test_it_returns_activities_when_visibility_is_valid(
         workout_visibility: VisibilityLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = workout_visibility
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
 
         create_workout, create_note = workout_cycling_user_1.get_activities(
             activity_type=self.activity_type
@@ -230,10 +234,7 @@ def test_it_returns_activities_when_visibility_is_valid(
         workout_visibility: VisibilityLevel,
     ) -> None:
         workout_cycling_user_1.workout_visibility = workout_visibility
-        workout_cycling_user_1.ap_id = (
-            f'{user_1.actor.activitypub_id}/workouts/'
-            f'{workout_cycling_user_1.short_id}'
-        )
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
 
         delete_workout, _ = workout_cycling_user_1.get_activities(
             activity_type='Delete'
@@ -254,6 +255,10 @@ def test_it_returns_like_activity(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         like = WorkoutLike(
             user_id=user_1.id, workout_id=workout_cycling_user_1.id
         )
@@ -280,6 +285,10 @@ def test_it_returns_undo_like_activity(
         workout_cycling_user_1: Workout,
     ) -> None:
         workout_cycling_user_1.workout_visibility = VisibilityLevel.PUBLIC
+        workout_cycling_user_1.ap_id = workout_cycling_user_1.get_ap_id()
+        workout_cycling_user_1.remote_url = (
+            workout_cycling_user_1.get_remote_url()
+        )
         like = WorkoutLike(
             user_id=user_1.id, workout_id=workout_cycling_user_1.id
         )
diff --git a/fittrackee/tests/fixtures/fixtures_federation.py b/fittrackee/tests/fixtures/fixtures_federation.py
index 210651929..3480cedfc 100644
--- a/fittrackee/tests/fixtures/fixtures_federation.py
+++ b/fittrackee/tests/fixtures/fixtures_federation.py
@@ -9,7 +9,7 @@
 
 @pytest.fixture()
 def app_actor(app: Flask) -> Actor:
-    domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).first()
+    domain = Domain.query.filter_by(name=app.config['AP_DOMAIN']).one()
     actor = Actor(preferred_username='test', domain_id=domain.id)
     db.session.add(actor)
     db.session.commit()
diff --git a/fittrackee/tests/mixins.py b/fittrackee/tests/mixins.py
index b50fba3ca..a7287894c 100644
--- a/fittrackee/tests/mixins.py
+++ b/fittrackee/tests/mixins.py
@@ -141,8 +141,10 @@ def create_oauth2_token(
 class ApiTestCaseMixin(OAuth2Mixin, RandomMixin):
     @staticmethod
     def get_test_client_and_auth_token(
-        app: Flask, user_email: str
+        app: Flask, user_email: Optional[str]
     ) -> Tuple[FlaskClient, str]:
+        if not user_email:
+            raise Exception('Invalid user email')
         client = app.test_client()
         resp_login = client.post(
             '/api/auth/login',
diff --git a/fittrackee/tests/users/test_auth_api.py b/fittrackee/tests/users/test_auth_api.py
index 1741d631a..463676ce2 100644
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@@ -474,9 +474,9 @@ def test_it_does_not_return_error_if_a_user_already_exists_with_same_email(
                 dict(
                     username=self.random_string(),
                     email=(
-                        user_1.email.upper()
+                        user_1.email.upper()  # type: ignore
                         if text_transformation == 'upper'
-                        else user_1.email.lower()
+                        else user_1.email.lower()  # type: ignore
                     ),
                     password=self.random_string(),
                     accepted_policy=True,
@@ -650,9 +650,9 @@ def test_user_can_login_regardless_username_case(
             data=json.dumps(
                 dict(
                     email=(
-                        user_1.email.upper()
+                        user_1.email.upper()  # type: ignore
                         if text_transformation == 'upper'
-                        else user_1.email.lower()
+                        else user_1.email.lower()  # type: ignore
                     ),
                     password='12345678',
                 )
diff --git a/fittrackee/tests/users/test_users_api.py b/fittrackee/tests/users/test_users_api.py
index 598c0d14b..3dce585af 100644
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@@ -2261,7 +2261,7 @@ def test_it_updates_user_email_to_confirm_when_email_sending_is_enabled(
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1_admin.email
         )
-        new_email = 'new.' + user_2.email
+        new_email = f'new.{user_2.email}'
         user_2_email = user_2.email
         user_2_confirmation_token = user_2.confirmation_token
 
@@ -2283,7 +2283,7 @@ def test_it_updates_user_email_when_email_sending_is_disabled(
         client, auth_token = self.get_test_client_and_auth_token(
             app_wo_email_activation, user_1_admin.email
         )
-        new_email = 'new.' + user_2.email
+        new_email = f'new.{user_2.email}'
 
         response = client.patch(
             f'/api/users/{user_2.username}',
@@ -2307,7 +2307,7 @@ def test_it_calls_email_updated_to_new_address_when_password_reset_is_successful
         client, auth_token = self.get_test_client_and_auth_token(
             app, user_1_admin.email
         )
-        new_email = 'new.' + user_2.email
+        new_email = f'new.{user_2.email}'
         expected_token = self.random_string()
 
         with patch('secrets.token_urlsafe', return_value=expected_token):
@@ -2344,7 +2344,7 @@ def test_it_does_not_call_email_updated_to_new_address_when_email_sending_is_dis
         client, auth_token = self.get_test_client_and_auth_token(
             app_wo_email_activation, user_1_admin.email
         )
-        new_email = 'new.' + user_2.email
+        new_email = f'new.{user_2.email}'
 
         response = client.patch(
             f'/api/users/{user_2.username}',
diff --git a/fittrackee/tests/users/test_users_commands.py b/fittrackee/tests/users/test_users_commands.py
index e39743ae0..ef1174f47 100644
--- a/fittrackee/tests/users/test_users_commands.py
+++ b/fittrackee/tests/users/test_users_commands.py
@@ -50,7 +50,7 @@ def test_it_displays_error_when_user_exists_with_same_email(
                 "create",
                 random_string(),
                 "--email",
-                user_1.email,
+                user_1.email,  # type: ignore
                 "--password",
                 random_string(),
             ],
@@ -218,7 +218,7 @@ def test_it_displays_error_when_role_is_invalid(
                 "create",
                 random_string(),
                 "--email",
-                user_1.email,
+                user_1.email,  # type: ignore
                 "--role",
                 'invalid',
             ],
diff --git a/fittrackee/tests/users/test_users_notifications_model.py b/fittrackee/tests/users/test_users_notifications_model.py
index 7cbe37b02..9d719b30e 100644
--- a/fittrackee/tests/users/test_users_notifications_model.py
+++ b/fittrackee/tests/users/test_users_notifications_model.py
@@ -953,7 +953,7 @@ def test_it_creates_notification_on_comment_reply(
             from_user_id=reply.user_id,
             to_user_id=comment.user_id,
             event_object_id=reply.id,
-        ).first()
+        ).one()
         assert notification.created_at == reply.created_at
         assert notification.marked_as_read is False
         assert notification.event_type == 'comment_reply'
@@ -1064,7 +1064,7 @@ def test_it_serializes_comment_reply_notification(
         notification = Notification.query.filter_by(
             event_object_id=reply.id,
             event_type='comment_reply',
-        ).first()
+        ).one()
 
         serialized_notification = notification.serialize()
 
diff --git a/fittrackee/tests/users/test_users_service.py b/fittrackee/tests/users/test_users_service.py
index c52b58202..9439eab26 100644
--- a/fittrackee/tests/users/test_users_service.py
+++ b/fittrackee/tests/users/test_users_service.py
@@ -726,7 +726,7 @@ def test_it_raises_exception_if_a_user_exists_with_same_email(
             UserCreationException,
             match='This user already exists. No action done.',
         ):
-            user_manager_service.create(email=user_1.email)
+            user_manager_service.create(email=user_1.email)  # type: ignore
 
     def test_it_creates_user_with_provided_password(self, app: Flask) -> None:
         username = random_string()
diff --git a/fittrackee/tests/workouts/test_workouts_model.py b/fittrackee/tests/workouts/test_workouts_model.py
index 63a0b052e..8f6369f38 100644
--- a/fittrackee/tests/workouts/test_workouts_model.py
+++ b/fittrackee/tests/workouts/test_workouts_model.py
@@ -855,6 +855,30 @@ def test_it_returns_if_workout_is_liked_by_user(
 
         assert serialized_workout['liked'] is True
 
+    def test_it_gets_workout_ap_id(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        assert workout_cycling_user_1.get_ap_id() == (
+            f'{user_1.actor.activitypub_id}/'
+            f'workouts/{workout_cycling_user_1.short_id}'
+        )
+
+    def test_it_gets_workout_remote_url(
+        self,
+        app: Flask,
+        user_1: User,
+        sport_1_cycling: Sport,
+        workout_cycling_user_1: Workout,
+    ) -> None:
+        assert workout_cycling_user_1.get_remote_url() == (
+            f'https://{user_1.actor.domain.name}/'
+            f'workouts/{workout_cycling_user_1.short_id}'
+        )
+
 
 class TestWorkoutModelAsFollower(CommentMixin, WorkoutModelTestCase):
     def test_it_raises_exception_when_workout_visibility_is_private(
diff --git a/fittrackee/users/models.py b/fittrackee/users/models.py
index 24635e184..dea6c46ab 100644
--- a/fittrackee/users/models.py
+++ b/fittrackee/users/models.py
@@ -285,9 +285,7 @@ class User(BaseModel):
         db.ForeignKey('actors.id'), unique=True, nullable=True
     )
     id: Mapped[int] = mapped_column(primary_key=True, autoincrement=True)
-    username: Mapped[str] = mapped_column(
-        db.String(255), nullable=False
-    )
+    username: Mapped[str] = mapped_column(db.String(255), nullable=False)
     # Note: Null values are not considered equal
     # source: https://www.postgresql.org/docs/current/indexes-unique.html
     email: Mapped[Optional[str]] = mapped_column(
@@ -453,7 +451,7 @@ class User(BaseModel):
         lazy='dynamic',
         viewonly=True,
     )
-    actor = db.relationship(Actor, back_populates='user')
+    actor: Mapped['Actor'] = relationship(Actor, back_populates='user')
 
     def __repr__(self) -> str:
         return f'<User {self.username!r}>'
@@ -732,7 +730,7 @@ def get_user_url(self) -> str:
     def create_actor(self) -> None:
         app_domain = Domain.query.filter_by(
             name=current_app.config['AP_DOMAIN']
-        ).first()
+        ).one()
         actor = Actor(
             preferred_username=self.username, domain_id=app_domain.id
         )
@@ -742,7 +740,7 @@ def create_actor(self) -> None:
         db.session.commit()
 
     @property
-    def fullname(self) -> str:
+    def fullname(self) -> Optional[str]:
         return self.actor.fullname
 
     def linkify_mention(self, with_domain: bool) -> str:
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index bdd7dcb9b..2e6f5ad02 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -94,7 +94,7 @@ def get_users_list(auth_user: User, remote: bool = False) -> Dict:
             appLog.error(f"Error when searching user '{query}': {e}")
             return EMPTY_USERS_RESPONSE
         if user:
-            if not user.is_active and not auth_user.admin:
+            if not user.is_active and not auth_user.has_admin_rights:
                 return EMPTY_USERS_RESPONSE
             return {
                 'status': 'success',
@@ -995,7 +995,7 @@ def delete_user(
         db.session.delete(user.actor)
         db.session.commit()
         if user_picture:
-            picture_path = get_absolute_file_path(user.picture)
+            picture_path = get_absolute_file_path(user_picture)
             if os.path.isfile(picture_path):
                 os.remove(picture_path)
         shutil.rmtree(
diff --git a/fittrackee/workouts/models.py b/fittrackee/workouts/models.py
index e566f8cd0..b7ec1df8d 100644
--- a/fittrackee/workouts/models.py
+++ b/fittrackee/workouts/models.py
@@ -375,6 +375,14 @@ def __init__(
     def short_id(self) -> str:
         return encode_uuid(self.uuid)
 
+    def get_ap_id(self) -> str:
+        return f'{self.user.actor.activitypub_id}/workouts/{self.short_id}'
+
+    def get_remote_url(self) -> str:
+        return (
+            f'https://{self.user.actor.domain.name}/workouts/{self.short_id}'
+        )
+
     @property
     def calculated_analysis_visibility(self) -> VisibilityLevel:
         return get_calculated_visibility(
diff --git a/fittrackee/workouts/workouts.py b/fittrackee/workouts/workouts.py
index 03bbe91d4..26b2440fa 100644
--- a/fittrackee/workouts/workouts.py
+++ b/fittrackee/workouts/workouts.py
@@ -77,10 +77,8 @@
 def handle_workout_activities(workout: Workout, activity_type: str) -> None:
     actor = workout.user.actor
     if activity_type == 'Create':
-        workout.ap_id = f'{actor.activitypub_id}/workouts/{workout.short_id}'
-        workout.remote_url = (
-            f'https://{actor.domain.name}/workouts/{workout.short_id}'
-        )
+        workout.ap_id = workout.get_ap_id()
+        workout.remote_url = workout.get_remote_url()
         db.session.commit()
     workout_activity, note_activity = workout.get_activities(
         activity_type=activity_type

From bbf9e0191f9a85057308d484cd16344a9764edc2 Mon Sep 17 00:00:00 2001
From: Sam <sam@samr1.net>
Date: Sun, 2 Feb 2025 20:11:07 +0100
Subject: [PATCH 238/238] Client - fixes after merge

- getting visibility for equipment edition
- migration renaming
---
 ..._init_federation.py => 49_8842c351a2d8_init_federation.py} | 2 +-
 .../src/components/User/UserEquipments/EquipmentEdition.vue   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename fittrackee/migrations/versions/{48_8842c351a2d8_init_federation.py => 49_8842c351a2d8_init_federation.py} (99%)

diff --git a/fittrackee/migrations/versions/48_8842c351a2d8_init_federation.py b/fittrackee/migrations/versions/49_8842c351a2d8_init_federation.py
similarity index 99%
rename from fittrackee/migrations/versions/48_8842c351a2d8_init_federation.py
rename to fittrackee/migrations/versions/49_8842c351a2d8_init_federation.py
index 904b6381b..9348bab4b 100644
--- a/fittrackee/migrations/versions/48_8842c351a2d8_init_federation.py
+++ b/fittrackee/migrations/versions/49_8842c351a2d8_init_federation.py
@@ -20,7 +20,7 @@
 
 # revision identifiers, used by Alembic.
 revision = '8842c351a2d8'
-down_revision = '070bd31919c3'
+down_revision = 'ce68b3914ff7'
 branch_labels = None
 depends_on = None
 
diff --git a/fittrackee_client/src/components/User/UserEquipments/EquipmentEdition.vue b/fittrackee_client/src/components/User/UserEquipments/EquipmentEdition.vue
index 616415f0c..103f345ee 100644
--- a/fittrackee_client/src/components/User/UserEquipments/EquipmentEdition.vue
+++ b/fittrackee_client/src/components/User/UserEquipments/EquipmentEdition.vue
@@ -185,7 +185,7 @@
   const route = useRoute()
   const { t } = useI18n()
 
-  const { errorMessages } = useApp()
+  const { appConfig, errorMessages } = useApp()
   const { equipment } = useEquipments()
 
   const equipmentForm = reactive({
@@ -224,7 +224,7 @@
       )
     )
   const visibilityLevels: ComputedRef<TVisibilityLevels[]> = computed(() =>
-    getAllVisibilityLevels()
+    getAllVisibilityLevels(appConfig.value.federation_enabled)
   )
 
   function setEquipmentSports(equipment: IEquipment) {